Allow vendor to send mail as client domain.

Amit
Amit used Ask the Experts™
on
Hi Experts,

One of my client has below requirement.

1) User send an email to client domain. Say mail address is user@xyz.com.
2) Client is using EOP. When mail hit EOP, I created a rule to forward, that mail to another domain (Client vendor domain). Example Domain name is: vendor@abc.com
3) Once vendor receives that mail, vendor replies to that mail, as vendor@xyz.com. So, user can see that mail, as it is coming from xyz.com not from abc.com
4) As vendor is spoofing client address, mails are getting blocked or going to spam.

In short, requirement is to allow vendor to send mail as client.

If anyone performed, such task in their environment. I am open for all options. Even creating new domain for client. If more info needed, let me know.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Kent WSr. Network / Systems Admin

Commented:
You can accomplish this with an SPF record from the SMTP server of abc.com.
Whatever their SMTP servers IP is, add it to an SPF record (Usually TXT),  in the DNS server for xyz.com.
Make sure to add the ip4 and ip6 if the SMTP server has both.
This "allows" the abc.com's SMTP server to send mail on behalf of xyz.com.

http://www.openspf.org/SPF_Record_Syntax
AmitIT Architect
Distinguished Expert 2017

Author

Commented:
Thanks for the reply @Kent W

Do you have any document or url, which can give more details.
Sr. Network / Systems Admin
Commented:
Yes, the url I included would be a great place to start, but an example SPF record would be - (make sure to include the quotes if entering as a TXT record:

"v=spf1 ip4:192.168.1.10 ip6:2607:f0d0:1002:51::4 ~all"


The ip6 is only needed if their SMTP server also has ip 6 address.
Of course, change the IP address('s) above to reflect their actual ip4 / ip6 addresses of abc.com's SMTP server. If they have more than one server, you can add it with another ip4: statement or just do a range (ip4:192.168.1.0/24). It's safer to name them individually, though.

I suggest using the ~all (soft fail) at the end as opposed to -all (hard fail), especially while testing, so mail will make it through if there is another technical issue.
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

AmitIT Architect
Distinguished Expert 2017

Author

Commented:
Thanks Kent. Enjoy your weekend.
Kent WSr. Network / Systems Admin

Commented:
You too Amit. Hope it works for you.
If the emails are getting blocked because of SPF, the xyz.com domain already has an SPF record. Be careful that you modify it correctly to include the new permitted sender IPs and not disturb the list of IPs and/or hostnames already in the record. If the domain abc.com also already has an SPF record, the easiest way to modify the record for xyz.com is to use the include parameter. You would add include:abc.com to the record. This allows all systems in the abc.com SPF record to send as the xyz.com domain. This makes management easier if the sending servers in the abc.com domain change. They only need to be updated in the abc,com SPF record instead of both records.
AmitIT Architect
Distinguished Expert 2017

Author

Commented:
thanks James, i am planning to create a new domain altogether for vendor. As client don't want to make any changes in parent domain.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial