Vendor-specific email addresses. Or, How to catch email address sellers red-handed

November 1, 2016

I’m writing this post mostly so I (and possibly you, fellow IT guy/gal) can refer to it as a best-practice.

For each vendor or service, create a mailbox for that new service. For example, mycompany-vendor-nameofvendor@mydomain.com

Let’s break that down, shall we?

mycompany: by putting the name of my company in here, it makes it nearly impossible for a spammer to guess this address. Without it, a spammer might guess at what’s left over: vendor-cisco@mydomain.com

vendor: it just makes clear why we created this email address. Maybe some day you’ll want to run a script against all of your vendor-specific email addresses/mailboxes.

nameofvendor: for why you’d use the name of the vendor, see #2, #3 and #4 below.

Vendor-specific addresses accomplish several things:

  1. As this email address has its own mailbox – as opposed to being an alias on a user’s personal mailbox – this mailbox can be made available to one or more people without exposing one’s personal email.
  1. Since there’s a one-to-one relationship between the mailbox and email address, mailbox access can be granted/rescinded without exposing/denying information about other services.
  1. Since you will have used mycompany-vendor-salesforce@domain.com for only Salesforce, you’ll know that they’re selling their customers’ email addresses if you get spam there.
  1. Mailboxes can be shared in Outlook without providing the mailboxes’ passwords. This way, when one leaves an organization, passwords on the mailboxes don’t need to be changed.

Nathan