Trust is a very important part of the web and a big trust-crusher is when you receive an email from a business, but it uses an unknown domain name or with “via” in the return address. See the email below from WhichTestWon, a A/B testing mailing list I’m signed up for, but hesitate because there is “via aweber.com” after it. What does this mean? Is it safe to read? Will you get a virus clicking on a link?
It is more of a problem than you think…
Out of curiosity I did a quick run through of the email mailing lists that I am signed up for. The first group of five have non-branded domains in their email, definitely a no-no. If this is you, immediately perform the fixes at the bottom of this article.
- creativeLive: email@example.com via mail49.wdc03.rsgsv.net
- WhichTestWon: has: firstname.lastname@example.org via aweber.com
- Michael Port: email@example.com via infusionmail.com
Syracuse Sports Association: firstname.lastname@example.org via syracusesportsassociation.com
- Google Analytics Tip of the das: email@example.com via mail73.atl11.rsgsv.net
While looking for the above emails I found another category that I thought I would include. These do not have the “via” problems, but do utilize different domains in the email address from the main site. From a technology point of view this can make sense it makes things easier for a marketing company, since it allows different servers for employee email and bulk-mail email, but usually this is not usually necessary for small to mid-sized businesses. Examples include:
- TheLadders – firstname.lastname@example.org
- This is a different domain name, a tactic used by email scammers.
UPS Communications <email@example.com>
- The first time I received email from this address I though it was a scam. It did not contain any personal information of mine, except my account number. I didn’t know I had an account, so I dismissed it. Turns out ebay signed me up for an account and this was a legitimate email.
- Gander Mountain <firstname.lastname@example.org>
- Breaking both rules here, this is a subdomain and a non-branded domain.
The above are some major players in email-marketing, so is anyone doing this right? Yes. Examples of good configurations included:
- Web Analytics Professionals Group Members <email@example.com>
- eBay <firstname.lastname@example.org>
- West Marine <email@example.com>
- This is a subdomain. Fully branded, but can confuse people who are not use to emails with subdomains. This can pass if there is a necessary reason for separating employee and bulk-mail servers. For large corporations this makes sense, but if you have fewer than 10,000 email addresses on your list, this does not mean you. About 50% of large corporations used this method, which is a necessary evil for them.
How to fix your issues:
There are really two issues here:
- Emails from non-branded URLs (eg. mail49.wdc03.rsgsv.net)
- Emails from unrecognized senders (eg. the “via” or “on behalf of” issue)
Let’s discuss each in turn.
Fixing non-branded email addresses
This one is easy, stop using the non-branded domain name! Set up another email address, as if it were another employee (for small list-sizes), and send all mail from this email address. If you use an external email marketing provided, the should be a way to utilize your own email. If not, find a new company.
If you are a big corporation, with a list in the 100,000s of thousands, you should probably setup another email service utilizing a sub-domain. This will make sure your bulk-mail sending does not impact your day-to-day emails, particularly if you were to get gray- or black-listed.
Fixing the “via” problem
Let’s first understand why this happens. An email address originates from a an email client (or bulk-mail program), is then sent to various middle-man SMTP servers before being delivered to the final destination SMTP server. One of the ways that hackers exploit people via email is to pretend to be “firstname.lastname@example.org”. After-all there is nothing is stopping you from typing it into your email marketing client and pretending to be the Google Admin.
One way to detect if an email is valid is if it originates from a “trusted” server. A trusted server here means a server with a known IP address or domain name. This is done via your DNS records by adding a Sender Policy Framework (SPF) record as a text or SPF (if supported) entry.
The Bottom line…
- Do not use non-branded domain names
- Make sure your bulk-email program is trusted, otherwise your emails will display “via” and your customers will be unnecessarily skeptical of your message and links within.