Summary
It is a common practice for service companies to send emails on behalf of actual vendors, driven by various motivations, including brand recognition, outsourced operations, and affiliate marketing. This is seen across multiple industries, especially in B2C financial services and co-branded campaigns. However, this practice presents risks, including potential reputational damage from questionable senders, increased vulnerability to compromised accounts, and deliverability challenges. Authentication protocols like SPF, DKIM, and DMARC are essential for ensuring compliance and preventing emails from being flagged as spam or phishing attempts. Transparency, careful vetting of third-party senders, and strict oversight of their practices are vital for maintaining trust and safeguarding sender reputation. Proper contracts and enforcement mechanisms are also critical, particularly in affiliate marketing scenarios. Additionally, this approach can serve as a workaround for DMARC challenges, but only with meticulous configuration and attention to security.
Key findings
- Prevalence: Sending emails on behalf of vendors is a widespread practice.
- Motivations: Drivers include brand recognition, outsourced operations, and affiliate marketing.
- Risks: Potential for reputational damage, compromised accounts, and deliverability issues.
- Authentication is Key: SPF, DKIM, and DMARC are critical for compliance and preventing emails from being flagged as spam.
- Transparency Matters: Transparency and oversight are vital for maintaining trust.
Key considerations
- Authentication Implementation: Ensure proper configuration of SPF, DKIM, and DMARC.
- Sender Vetting: Carefully vet and monitor third-party senders.
- Transparency with Recipients: Maintain clear communication and transparency with recipients.
- Contractual Safeguards: Establish proper contracts and enforcement mechanisms, especially for affiliate programs.
- Security Measures: Implement robust security measures to protect against compromised accounts.
What email marketers say
12 marketer opinions
It is a common practice for service companies to send emails on behalf of actual vendors, especially in B2C financial services, affiliate marketing, co-branded campaigns, and outsourced email marketing. This practice allows companies to maintain brand recognition, expand reach, focus on core operations, and leverage specialized expertise. However, it introduces risks related to sender reputation, deliverability, transparency, and potential liability. Proper authentication (SPF, DKIM, DMARC), strict oversight of third-party practices, clear disclosures, and relevant content are crucial to ensuring compliance and maintaining trust.
Key opinions
- Common Practice: Sending emails on behalf of vendors is widespread across various industries.
- Benefits: Allows brand recognition, expanded reach, specialized expertise, and focus on core operations.
- Risks: Increases risk of damaged sender reputation, deliverability issues, and potential liability.
- Authentication: Proper email authentication (SPF, DKIM, DMARC) is essential for legitimate sending.
Key considerations
- Transparency: Be transparent with recipients about who is sending the email and why.
- Oversight: Maintain strict oversight of third-party sending practices to ensure compliance and protect sender reputation.
- Authentication Setup: Ensure proper configuration of SPF, DKIM, and DMARC to authorize senders and prevent emails from being flagged as spam.
- Relevant Content: Ensure the email content is relevant and not misleading to maintain recipient trust.
- Liability: Consider the potential liability associated with allowing third parties to send emails on your behalf.
Marketer view
Email marketer from Neil Patel Digital explains that affiliate marketing often involves third-party vendors sending emails on behalf of the main company, especially for promotional offers. This is done to expand reach but should be transparent to maintain trust.
1 Apr 2022 - Neil Patel Digital
Marketer view
Email marketer from StackOverflow explains that to prevent emails from being flagged as spam when sending on behalf of another vendor, it is essential to use proper authentication methods like SPF, DKIM, and DMARC, and also to ensure the email content is relevant and not misleading.
21 Nov 2023 - StackOverflow
What the experts say
3 expert opinions
It is a common practice for service companies to send emails on behalf of actual vendors, often seen in scenarios such as outsourcing marketing or transactional emails and in affiliate marketing. This practice is sometimes a DMARC workaround to avoid giving authentication access to vendors. Experts emphasize the importance of vetting third-party services and maintaining oversight to protect sender reputation, as poor sending habits of these services can negatively impact deliverability. Monitoring affiliate practices closely and ensuring proper contracts and enforcement are also critical.
Key opinions
- Common Practice: Sending emails on behalf of vendors is a common practice in scenarios such as outsourcing marketing, transactional emails and affiliate marketing.
- DMARC Workaround: Using third parties to send emails is sometimes a DMARC workaround.
- Reputation at Risk: Poor sending habits of third parties can negatively affect brand's reputation and deliverability.
Key considerations
- Vetting Services: Carefully vet third-party services before engaging them.
- Maintaining Oversight: Maintain strict oversight of third-party practices to protect sender reputation.
- Monitoring Practices: Monitor affiliate practices closely.
- Enforcement: Ensure proper contracts and enforcement with third parties.
Expert view
Expert from Word to the Wise responds that many companies engage in affiliate marketing, where third parties send emails to promote products or services. They warn that it’s vital to monitor affiliate practices closely, as poor sending habits can negatively affect your brand’s reputation and deliverability. Proper contracts and enforcement are critical.
24 Jan 2022 - Word to the Wise
Expert view
Expert from Email Geeks explains that this practice sounds like what companies like PayPal and Intuit do. She also says it's a DMARC workaround because previously, they would have just used the main company in the from address, but DMARC made that non-viable, as companies don't want to give authentication access to their vendors.
16 Jan 2022 - Email Geeks
What the documentation says
5 technical articles
When service companies send emails on behalf of vendors, proper email authentication configuration is crucial. SPF records, as defined by RFC 4408, authorize these vendors to send emails using your domain and prevent spam flagging. DMARC policies also require careful setup to ensure emails are authenticated and not marked as phishing. Platforms like Office 365, Sendgrid, and Google Workspace provide mechanisms for authorizing third-party senders, emphasizing the importance of correct configurations for email delivery, security, compliance, and managing sender identities with DKIM and SPF.
Key findings
- SPF Importance: SPF records are crucial for authorizing third-party vendors to send emails using your domain.
- DMARC Configuration: DMARC policies need careful configuration to ensure emails are authenticated and not flagged as phishing.
- Platform Authorization: Platforms like Office 365, Sendgrid, and Google Workspace provide tools for authorizing third-party senders.
- Authentication Standards: Authentication with DKIM and SPF is vital for compliance and managing sender identities.
Key considerations
- SPF Setup: Properly configure SPF records to authorize legitimate third-party senders.
- DMARC Policies: Implement and carefully configure DMARC policies to authenticate emails and prevent phishing attempts.
- Platform Configuration: Utilize the authorization mechanisms provided by platforms like Office 365, Sendgrid, and Google Workspace.
- Authentication Protocols: Set up DKIM and SPF correctly to ensure deliverability, security, and compliance.
- Secure Delegation: Securely delegate email sending permissions to third-party services, adhering to email security standards.
Technical article
Documentation from DMARC.org explains that DMARC policies need careful configuration when using third-party senders. Properly setting up DMARC ensures that emails sent on your behalf are authenticated and don't get flagged as phishing attempts.
15 Mar 2022 - DMARC.org
Technical article
Documentation from RFC 4408 explains that using SPF records is crucial when third-party vendors send emails on your behalf. SPF records authorize these vendors to send emails using your domain, preventing them from being marked as spam.
21 Aug 2022 - RFC 4408
Can a trademark owner authorize a third party to use their logo for BIMI?
Can an ESP allow its users to use the ESP's physical address in marketing emails under CAN-SPAM?
How do I sign DKIM on a sender domain that isn't the primary domain while using Hubspot?
How does changing the From Name impact email deliverability when sending on behalf of clients?
How should I manage sender reputation when clients send emails through my platform?
Should ESPs force DKIM and DMARC on paid customers, and what are the implications and downsides?
