SOLVED

Authentication for branding domain / links and images being blocked by MailScanner

Go to solution
Vivre
Level 2

Authentication for branding domain / links and images being blocked by MailScanner

Hello folks

We had a customer receive an email where almost all links were flagged by MailScanner as potential fraud. Images in the email were also not displayed.


The email displayed with the following where the link was placed:

"MailScanner has detected a possible fraud attempt from "branding.domain.co.nz" claiming to be [link]"

For further context, this is not the sending domain. So the email is from company@sending.domain.co.nz and images and tracking are using branding.domain.co.nz.

Will adding SPF & DKIM records to the branding domain help with this? Any other suggestions?

2 ACCEPTED SOLUTIONS

Accepted Solutions
SanfordWhiteman
Level 10 - Community Moderator

Re: Authentication for branding domain / links and images being blocked by MailScanner

You need to supply actual links & domains, not obfuscate. Obfuscation just means we have to guess instead of being able to test your actual setup.

 


Will adding SPF & DKIM records to the branding domain help with this? Any other suggestions?

Neither SPF nor DKIM is relevant to your branding (click tracking) domain. They are SMTP authentication measures, not web-related.

 

Images are loaded from your LP domain, not your branding domain. There too, neither SPF nor DKIM is relevant.

 

In addition, SPF has no relevance for a standard shared Marketo instance, even for your From: email domain.

 

DKIM-signing email with your From: email domain is certainly recommended and can give you a tiny bump in deliverability, but it cannot in any way override suspected phishing.

View solution in original post

SanfordWhiteman
Level 10 - Community Moderator

Re: Authentication for branding domain / links and images being blocked by MailScanner


Thanks Sanford, that's really helpful. It was Marketo support who told us to add SPF and DKIM to the branding domain, but that didnt sound right to me so main purpose here was seeking a second opinion.


Yep, that suggestion is dead wrong. Nice work doubting it!

 


is having link text that differs from the perceived link address.

Right, you can’t have URL-like link text that differs from the actual URL. (Any other friendly text is fine.)

View solution in original post

5 REPLIES 5
Katja_Keesom
Level 10 - Community Advisor + Adobe Champion

Re: Authentication for branding domain / links and images being blocked by MailScanner

As the tracking links are not an email sending domain, but a website subdomain, it is a CNAME record you need for it in your DNS settings (similar to your landing page domain). Typically you would have an SSL certificate on that subdomain too.

Tags (1)
Vivre
Level 2

Re: Authentication for branding domain / links and images being blocked by MailScanner

Thanks for your reply, we have that in place already

SanfordWhiteman
Level 10 - Community Moderator

Re: Authentication for branding domain / links and images being blocked by MailScanner

You need to supply actual links & domains, not obfuscate. Obfuscation just means we have to guess instead of being able to test your actual setup.

 


Will adding SPF & DKIM records to the branding domain help with this? Any other suggestions?

Neither SPF nor DKIM is relevant to your branding (click tracking) domain. They are SMTP authentication measures, not web-related.

 

Images are loaded from your LP domain, not your branding domain. There too, neither SPF nor DKIM is relevant.

 

In addition, SPF has no relevance for a standard shared Marketo instance, even for your From: email domain.

 

DKIM-signing email with your From: email domain is certainly recommended and can give you a tiny bump in deliverability, but it cannot in any way override suspected phishing.

Vivre
Level 2

Re: Authentication for branding domain / links and images being blocked by MailScanner

Thanks Sanford, that's really helpful. It was Marketo support who told us to add SPF and DKIM to the branding domain, but that didnt sound right to me so main purpose here was seeking a second opinion. I believe the main issue, and it seems to be isolated to MailScanner, is having link text that differs from the perceived link address.

SanfordWhiteman
Level 10 - Community Moderator

Re: Authentication for branding domain / links and images being blocked by MailScanner


Thanks Sanford, that's really helpful. It was Marketo support who told us to add SPF and DKIM to the branding domain, but that didnt sound right to me so main purpose here was seeking a second opinion.


Yep, that suggestion is dead wrong. Nice work doubting it!

 


is having link text that differs from the perceived link address.

Right, you can’t have URL-like link text that differs from the actual URL. (Any other friendly text is fine.)