I’m writing this post mostly so I (and possibly you, fellow IT guy/gal) can refer to it as a best-practice.
For each vendor or service, create a mailbox for that new service. For example, mycompany-vendor-nameofvendor@mydomain.com
Let’s break that down, shall we?
mycompany: by putting the name of my company in here, it makes it nearly impossible for a spammer to guess this address. Without it, a spammer might guess at what’s left over: vendor-cisco@mydomain.com
vendor: it just makes clear why we created this email address. Maybe some day you’ll want to run a script against all of your vendor-specific email addresses/mailboxes.
nameofvendor: for why you’d use the name of the vendor, see #2, #3 and #4 below.
Vendor-specific addresses accomplish several things:
- As this email address has its own mailbox – as opposed to being an alias on a user’s personal mailbox – this mailbox can be made available to one or more people without exposing one’s personal email.
- Since there’s a one-to-one relationship between the mailbox and email address, mailbox access can be granted/rescinded without exposing/denying information about other services.
- Since you will have used mycompany-vendor-salesforce@domain.com for only Salesforce, you’ll know that they’re selling their customers’ email addresses if you get spam there.
- Mailboxes can be shared in Outlook without providing the mailboxes’ passwords. This way, when one leaves an organization, passwords on the mailboxes don’t need to be changed.
Nathan