It is possible to authorize third-party servers to send mail on behalf of your domain, and we have security measures in place to prevent unauthorized servers from using your domain.
Spammers are always on the lookout for exploitable domain names and email addresses to use as the "sender" in their spam campaigns.
Without the proper security protocols in place, a spammer can send a mass email to hundreds of thousands of people using your email address as the sender. Imagine the devastation to your business reputation if all of those spam message recipients saw your company or your name/email address as the sender on a malicious email. Not only would it potentially scandalize or devalue your brand and identity online, it can have lasting detrimental effects on the success of future email delivery to senders who marked those unsolicited messages as spam or blocked your address/domain name on their system as a result.
There are 3 primary mechanisms in place with Entrvst DNS security protocols that will prevent this from happening to you:
1. SPF: Entrvst email routing requires this DNS record be in place, which will tell other mail servers that if they receive an email from your domain name, it must come from Entrvst servers only. If they receive email from your domain name and it does not originate from an Entrvst server, any server that respects basic SPF measures will be instructed to reject it upon receipt.
2. DKIM: This is a message integrity function, added via a TXT DNS record for all domains using Entrvst for email hosting, which will tell other mail servers that the email they received authentically came from its original server. Having this protection in place is not only essential by our standards - this is also a HIPAA requirement.
3. DMARC: This is the latest and greatest tool against spam exploitation. DMARC combines authentification requirements of both SPF and DKIM. In order for an email message to be accepted anywhere in the world, the conditions laid out by both SPF and DKIM must be met.
By default, we have enabled these protections for your domain name, whether you host your DNS with us (as advised) or externally. If other mail servers see a message from your domain name, and the email came from an unauthorized sending server, the recipient server will reject the message as the result of an SPF error or DMARC error.
Authorizing third-party services/servers to send on behalf of your domain:
Recommended: If you are using a third-party application and need to authorize external email servers to send email on behalf of your domain name, you must obtain the IP address and mail server names of all the sending servers and add them to your SPF record with proper syntax.
Not Recommended: If you don't want to deal with modifying your SPF records to authorize external sending servers (and you are not concerned about your domain name being abused) you can request that we disable the SPF protection of your domain name so that you can send email using third-party servers. Of course, this will increase your risk of malicious spoofing. This is not the advised course of action and will increase your liability in the event of malicious mail delivery on behalf of your domain name.