Here’s a piece of friendly advice from a mail server admin to companies that interact with subscribers and customers via email:

Pick one domain name for your business. Just one. Don’t use any other domains in your emails, even if you want to keep order confirmations separate from promotions. If you contract out for some other company to send out a newsletter or survey to your customers, insist that they send it out using your own domain name. If you’re using DomainKeys or SPF, make sure they’re authorized or send it yourself. And don’t even think of making the links through redirection scripts, even if you really want to track which subscribers are clicking.


Two words: Spam and fraud.

We, as email admins, want to separate the wheat from the chaff among the mail coming into our organization. Why, why do you insist on making your mailings look like chaff?

Banks—you know how rampant phishing is. You can make it easy for your customers to know whether a message came from you or from a fraud ring. If it comes from, and all the links are to, it’s legit. If it comes from anything else—even—it’s suspect. But when you can’t decide between,,,, and, how are we to know that when some phisherman sets up, it’s not you?

And when you contract out to some third-party promo list and it comes from, and the login links redirect through them instead of going straight to you, what the hell are we supposed to think? How are we supposed to know that yes, this really did come from you and not some scam artist in Uzbekistan?

And those of you who insist on doing all the cutesy graphical tricks with HTML mail. If we know about you, we can whitelist you. But it helps if you don’t make yourselves moving targets! Yes, Deep Discount DVD, I’m talking to you. I have you whitelisted at, so why on Earth would you take the risk of sending me mail as And why, why was this morning’s “Your order had shipped” message from DeepDiscountDVD[at] (OK, I figure that last bit was probably just misconfigured, and it was plain text, but still…) I know you have to keep your costs down, but you could at least hire a network consultant to make sure your mail servers are set up correctly!

2 thoughts on “Email advice: Pick a domain and stick with it!

  1. […] Assuming it’s legit, Symantec—a company that deals in internet security—is deliberately sending out offers via third-party domains, email and web servers. Depending on how security-conscious you are, they are either making their messages look suspicious or training users to ignore warning signs. […]

  2. I’ve never understood why companies will register, much less promote, domains like, when using a subdomain would make far more sense on several counts.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.