locked
Adding third party vendor in our SPF records RRS feed

  • Question

  • Hello All,

    We have a requirement for adding a third vendor in our SPF records. Basically, the third party vendor will send approval request via their environment to our environment. So they do not want their emails to be picked as Spoofed. I am not really sure whether this should be encouraged. Currently we do not have any issues as the requests are mostly sent from our internal user address, moving forward the request will come from external users via the vendor environment. If there are any alternative options instead of adding their domain to our SPF, please do let me know. Thanks!

    Wednesday, May 30, 2018 7:10 PM

Answers

  • Hello All,

    We have a requirement for adding a third vendor in our SPF records. Basically, the third party vendor will send approval request via their environment to our environment. So they do not want their emails to be picked as Spoofed. I am not really sure whether this should be encouraged. Currently we do not have any issues as the requests are mostly sent from our internal user address, moving forward the request will come from external users via the vendor environment. If there are any alternative options instead of adding their domain to our SPF, please do let me know. Thanks!

    Thats very normal, and alot of 3rd party vendors do this since they since are sending as you. ( I assume they are sending as your domain) You could also use DKIM, but its the same issue. There is really no reason to be concerned about it unless you dont trust them.

    Ensure that once you add their records to your SPF, it doesnt exceed 10 lookups. Check at mxtoolbox.com or the testing site of your choice.

    Now having said that, if they are ONLY sending to your internal users and not to other external recipients as your domain, then their is no need to add their IPs to your SPF. Instead, simply whitelist their sending IPs at your anti-spam gateway.


    • Edited by Andy DavidMVP Wednesday, May 30, 2018 7:58 PM
    • Marked as answer by syedamd91 Wednesday, May 30, 2018 8:28 PM
    Wednesday, May 30, 2018 7:56 PM
  • Thanks Andy!

    If I whitelist their IP address at our email gayeway, will it eliminate the need of adding the vendor in SPF records. We are currently not facing any issues as the sender and recipient are internal but sent from vendors tool from a different environment. Moving forward the requests will to and fro from a an external domain will we acquired recently. Will this cause any issues. 

    • Marked as answer by syedamd91 Wednesday, May 30, 2018 8:28 PM
    • Unmarked as answer by syedamd91 Wednesday, May 30, 2018 8:28 PM
    • Marked as answer by syedamd91 Wednesday, May 30, 2018 8:28 PM
    Wednesday, May 30, 2018 8:12 PM
  • Thanks Andy!

    If I whitelist their IP address at our email gayeway, will it eliminate the need of adding the vendor in SPF records. We are currently not facing any issues as the sender and recipient are internal but sent from vendors tool from a different environment. Moving forward the requests will to and fro from a an external domain will we acquired recently. Will this cause any issues. 

    If the messages are only being sent to your internal users, then no need to add to your SPF, just whitelist them at the gateway so they arent marked as spam. SHouldnt be any issues as long as that remains true.
    • Marked as answer by syedamd91 Wednesday, May 30, 2018 8:28 PM
    Wednesday, May 30, 2018 8:21 PM

All replies

  • Hello All,

    We have a requirement for adding a third vendor in our SPF records. Basically, the third party vendor will send approval request via their environment to our environment. So they do not want their emails to be picked as Spoofed. I am not really sure whether this should be encouraged. Currently we do not have any issues as the requests are mostly sent from our internal user address, moving forward the request will come from external users via the vendor environment. If there are any alternative options instead of adding their domain to our SPF, please do let me know. Thanks!

    Thats very normal, and alot of 3rd party vendors do this since they since are sending as you. ( I assume they are sending as your domain) You could also use DKIM, but its the same issue. There is really no reason to be concerned about it unless you dont trust them.

    Ensure that once you add their records to your SPF, it doesnt exceed 10 lookups. Check at mxtoolbox.com or the testing site of your choice.

    Now having said that, if they are ONLY sending to your internal users and not to other external recipients as your domain, then their is no need to add their IPs to your SPF. Instead, simply whitelist their sending IPs at your anti-spam gateway.


    • Edited by Andy DavidMVP Wednesday, May 30, 2018 7:58 PM
    • Marked as answer by syedamd91 Wednesday, May 30, 2018 8:28 PM
    Wednesday, May 30, 2018 7:56 PM
  • Thanks Andy!

    If I whitelist their IP address at our email gayeway, will it eliminate the need of adding the vendor in SPF records. We are currently not facing any issues as the sender and recipient are internal but sent from vendors tool from a different environment. Moving forward the requests will to and fro from a an external domain will we acquired recently. Will this cause any issues. 

    • Marked as answer by syedamd91 Wednesday, May 30, 2018 8:28 PM
    • Unmarked as answer by syedamd91 Wednesday, May 30, 2018 8:28 PM
    • Marked as answer by syedamd91 Wednesday, May 30, 2018 8:28 PM
    Wednesday, May 30, 2018 8:12 PM
  • Thanks Andy!

    If I whitelist their IP address at our email gayeway, will it eliminate the need of adding the vendor in SPF records. We are currently not facing any issues as the sender and recipient are internal but sent from vendors tool from a different environment. Moving forward the requests will to and fro from a an external domain will we acquired recently. Will this cause any issues. 

    If the messages are only being sent to your internal users, then no need to add to your SPF, just whitelist them at the gateway so they arent marked as spam. SHouldnt be any issues as long as that remains true.
    • Marked as answer by syedamd91 Wednesday, May 30, 2018 8:28 PM
    Wednesday, May 30, 2018 8:21 PM
  • Thanks Andy!

    Can you please give a scenario where adding vendor in SPF records would be recommended.

    Wednesday, May 30, 2018 8:42 PM
  • Thanks Andy!

    Can you please give a scenario where adding vendor in SPF records would be recommended.

    If the vendor was sending as your domain to external recipients. 
    Thursday, May 31, 2018 11:07 AM