(Copied and lightly edited from a Facebook post)
It occurred to me as I was commenting elsewhere that there is a lot of confusion about domains / subdomains and where they’re used in emails.
I get confused when people talk about ‘domain reputation’ because I have at least 4 distinct places where domains show up in an email that heavily influence delivery. But a lot of other folks talk about domain reputation as a single thing. I can never work out which place they’re talking about and thus find it difficult to comment on the domain reputation.
- SPF domain
- DKIM domain
- Visible From domain
- URL / Image hosting domains
SPF is the Envelope From / Return Path / Bounce domain / 5321.from. The end user does not see this domain unless they go look for it. It is the domain that is checked by SPF and the one that must match the Visible From domain for DMARC to pass. It does not need to be a domain controlled by the sending entity.
DKIM domain is the value in the d= of the DKIM signature. The end user does not see this domain unless they go look for it. This is intended to be a ‘domain that takes responsibility for the email’. This is the one that must match the Visible From domain for DMARC to pass. It does not need to be a domain controlled by the sending entity.
Visible From domain is what most non-email-geek people think of as the From domain. This is what is visible to the end user when they read their mail (assuming their mail client doesn’t hide it like all too many of them do). This is what consumer filters use to help drive delivery to individual user inboxes. This is the domain that is verified by DMARC.
URL / Image hosting domains are in the body of the message. This includes any links to CSS files or outside images (fonts.googleapis.com comes to mind as the big ‘shared’ domain that so much marketing mail uses).
Each of these categories develops reputation individually and then the overall email reputation is determined, in part, by how these reputations interact.
In this case I use ‘domain’ to include disparate subdomains. So I might have an email with the following ‘domains’ in it:
- SPF Domain: bounce.wttwmail.com
- DKIM Domain: tr.wttwmail.com
- Visible From: domain: wordtothewise.com
- URL / Image domains: wttw.me, image.wttwmail.com, facebook.com, click.wttwmail.com, linkedin.com, font.googleapis.com
Every single one of those domains has their own reputation and the reputation is monitored both individually and in a group.
I would argue that *all* domains in the email play a role – including domains that may be part of the “received” chain, HELOs or the X- headers. As recent as two days ago I’ve seen a situation where a List-Unsubscribe header domain was landing junking mail at Gmail.
It’s important to make sure the senders actually unsderstand that *everything* in the mail has its’ own weight of “reputation”.