Transactional E-mails - Any Real Risk in Using the Same Domain as Corporate E-mails?

  • Our web design firm wants to setup transnational e-mails with (related to Mailchimp).

    Is there anything to be concerned with when using the same domains as we do for corporate e-mails? I already employ SPF records for my domains for corporate e-mail services. Mandrill would require SPF and DKIM. I know I can modify the SPF record to allow multiple sources but am less familiar with DKIM. Would DKIM require me to set it up for my on-premise Exchange server/Barracuda SVF300 in addition to how Mandrill does it?

    Although, this would not be for bulk e-mail campaigns, one concern would be black-listing. Is that just my paranoia?

    Thanks in advance!

    delivering mail

  • Other than getting blacklisted, what concern do you have? There is no security concern.

  • Can I have your domain now so I can begin the black-listing process....


  • I am not really concerned with the security aspect. I am more concerned with the potential interference of the DKIM for two origins, one of which i will not have any control over and the blacklisting. Should I just use similar domain names for this purpose?

  • It's pretty standard for email to originate from multiple places.

  • @scottalanmiller Right, but in terms of administration and not having access to one side of things. I just don't want to have something get screwed up on their end and affect the corporate mail.

  • Mandrill and MS Hosted Exchange are coexisting pretty peacefully over here with DKIM set up.

    One time Mandrill decided to cut off our access while they investigated whether or not we were secretly using their service for spam - Hosted Exchange emails continued to flow despite that.

    On that note, in my experience you're more likely to trip Mandrill's internal spam filter than get blacklisted elsewhere, but that's only happened to me once in a few years of using it so far.

  • Can't you give Mandrill your DKIM private key? Of course that's probably not wise. In which case I'd setup a sister domainname for this purpose.

    DKIMs seem interesting. Though without Secure DNS I'm not sure what good it really does, the Public Key listed in non Secure DNS can be spoofed by a MITM attack - though I'm not sure how much of a real concern that is.