Email Security Blog

The Four Types of Senders: Third Party Senders

Agari November 20, 2014 DMARC
Fallback Featured Image

Series Introduction l Internal Infrastructure

Erika NJ Alperin, Brand Manager

Previous article in the series can be found here

Let’s go back to the cocktail party scenario I talked about last week. Imagine you are at a cocktail party and someone you don’t know hands you their business card and the card has your company logo on it. Maybe you work for a big company and don’t know all your coworkers, so you don’t think twice about it. You ask what department they work in, only to find out that, well, they don’t exactly work at your company, but they contract with your marketing department.

This is essentially what third party senders are doing on behalf of your brand every day. Although the marketing department is often the one singled-out in these examples, almost any department in a company can bring in third party senders.

When these senders are vetted through the IT department from the beginning, making sure everything is in compliance, then IT is aware that the vendor will be sending from a company domain. However, we all know that at companies both big and small, not everything gets run past IT first. I get it. I really do! Maybe you are part of an agile team that prides itself on thinking outside the box. You are moving fast and breaking things! Chances are that other departments in your organization are doing the same thing, and pretty soon no one is quite sure who is sending on behalf of the company.

To give you an idea on who might be sending email from your company’s domain, here is a short list of common, potential third party senders:

  • Marketo
  • Eloqua
  • Salesforce/Pardot
  • Mail Chimp
  • HubSpot
  • Google Apps
  • Survey Monkey
  • Zendesk
  • Constant Contact
  • AWeber
  • Dreamhost
  • Voltage SecureMail Network

A great thing that DMARC does is bring these unknown third party senders to the surface for you. Don’t worry that you have to go department to department, shaking down your coworkers and demanding they give up their third party vendors’ names & IP addresses. Put a DMARC monitor policy in place and pretty soon you will have a clear picture of who is sending from your domains. Once that is done, you can work with your vendors to implement DMARC so they can become authenticated senders of your company communications. Then, the next time the marketing department decides to go rogue, you will catch them in the act.

Check back next week when we continue our series on The Four Types of Senders and take a look at Forwarders.

Leave a Reply

Your email will not be published. All fields are required.

Agari Blog Image

April 17, 2019 Fareed Bukhari

The Time is Now: Underscoring the Importance of DMARC for State and Local Governments

Scammers know that impersonating a trusted government agency is an extremely effective way to trick…

Agari Blog Image

February 26, 2019 Armen Najarian

Retail Trails Other Sectors in Adopting DMARC for Phishing Prevention

Recent research by the Agari Cyber Intelligence Division finds that the retail industry is dead…

Person Looking at DMARC Protected Email

February 19, 2019 Fareed Bukhari

DMARC Adoption Up, But 85% of Fortune 500 Remains Vulnerable to Brand Hijacking

Adoption of Domain-based Message Authentication, Reporting, and Conformance (DMARC) has seen modest growth in recent…

Agari Blog Image

October 16, 2018 Fareed Bukhari

One Year Later: Federal Mandate for Email Authentication Huge Success

Responding to BOD 18-01, agencies rally to complete the fastest sector-wide adoption of DMARC One…

Agari Blog Image

October 16, 2018 Patrick Peterson

DMARC: A 12-Month Triumph for DHS—and the Nation

Today is the deadline set by the Department of Homeland Security for all executive branch…

mobile image