Allow vendor to send mail as client domain.

Hi Experts,

One of my client has below requirement.

1) User send an email to client domain. Say mail address is user@xyz.com.
2) Client is using EOP. When mail hit EOP, I created a rule to forward, that mail to another domain (Client vendor domain). Example Domain name is: vendor@abc.com
3) Once vendor receives that mail, vendor replies to that mail, as vendor@xyz.com. So, user can see that mail, as it is coming from xyz.com not from abc.com
4) As vendor is spoofing client address, mails are getting blocked or going to spam.

In short, requirement is to allow vendor to send mail as client.

If anyone performed, such task in their environment. I am open for all options. Even creating new domain for client. If more info needed, let me know.
LVL 46
AmitIT ArchitectAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Kent WSr. Network / Systems AdminCommented:
You can accomplish this with an SPF record from the SMTP server of abc.com.
Whatever their SMTP servers IP is, add it to an SPF record (Usually TXT),  in the DNS server for xyz.com.
Make sure to add the ip4 and ip6 if the SMTP server has both.
This "allows" the abc.com's SMTP server to send mail on behalf of xyz.com.

http://www.openspf.org/SPF_Record_Syntax
0
AmitIT ArchitectAuthor Commented:
Thanks for the reply @Kent W

Do you have any document or url, which can give more details.
0
Kent WSr. Network / Systems AdminCommented:
Yes, the url I included would be a great place to start, but an example SPF record would be - (make sure to include the quotes if entering as a TXT record:

"v=spf1 ip4:192.168.1.10 ip6:2607:f0d0:1002:51::4 ~all"


The ip6 is only needed if their SMTP server also has ip 6 address.
Of course, change the IP address('s) above to reflect their actual ip4 / ip6 addresses of abc.com's SMTP server. If they have more than one server, you can add it with another ip4: statement or just do a range (ip4:192.168.1.0/24). It's safer to name them individually, though.

I suggest using the ~all (soft fail) at the end as opposed to -all (hard fail), especially while testing, so mail will make it through if there is another technical issue.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

AmitIT ArchitectAuthor Commented:
Thanks Kent. Enjoy your weekend.
0
Kent WSr. Network / Systems AdminCommented:
You too Amit. Hope it works for you.
0
Jamie McKillopIT ManagerCommented:
If the emails are getting blocked because of SPF, the xyz.com domain already has an SPF record. Be careful that you modify it correctly to include the new permitted sender IPs and not disturb the list of IPs and/or hostnames already in the record. If the domain abc.com also already has an SPF record, the easiest way to modify the record for xyz.com is to use the include parameter. You would add include:abc.com to the record. This allows all systems in the abc.com SPF record to send as the xyz.com domain. This makes management easier if the sending servers in the abc.com domain change. They only need to be updated in the abc,com SPF record instead of both records.
0
AmitIT ArchitectAuthor Commented:
thanks James, i am planning to create a new domain altogether for vendor. As client don't want to make any changes in parent domain.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.