What is an Infrastructure Service?
An Infrastructure Service is an email service provider that is known to provide email infrastructure capabilities for other email service providers. In simple terms, an Infrastructure Service is sometimes used as the delivery mechanism for other third party email services. Much like packages you receive from Amazon have the Amazon branding on the box, but they are sometimes delivered by "infrastructure services", such as the USPS. The USPS handles the actual delivery of your package, but Amazon claims it's from them.
Infrastructure services are commonly used by Email Service Providers due to the readily available resourcing, tried and true technology, and lack of overhead to develop their own email delivery solution. Why reinvent the wheel, right?
Well known infrastructure services are Sendgrid, Amazon SES and Mailgun (to name a few).
Why are Infrastructure Services categorized separately?
Valimail only indicates that an Email Service Provider is an infrastructure service if we are uncertain of the originating Email Service Provider (Amazon in our example above), but we do know the delivery service (the USPS). We call this out because it's still possible to authenticate email delivered by an infrastructure service with an unknown origin if it meets the following criteria:
- You approve the Infrastructure Service to be sending email on your domain's behalf
- You have access to that Infrastructure Service's configuration portal
- You are aware of an email service provider that you do business with that uses the Infrastructure Service to send. For example: An internal application development team that is using an Infrastructure Service to delivery application email
- You have access to configure or request authentication records from the "unknown" originating provider's Infrastructure Service instance.
If the above criteria are met, then there are actions you can take to authenticate the mail delivered by the service for DMARC
How do I configure an Infrastructure Service?
The steps are usually pretty straightforward, the only variables are
- Where you receive the authentication information from
- Whether the service supports aligned SPF, aligned DKIM, or both
- The method to retrieve needed information. No two email service providers are the same, and they all have different methods of obtaining relevant authentication records
- Approve the sender
- Check if SPF is aligned. If not, you'll need to configure DKIM
- Check if DKIM is supported. If not, you'll need to work with the service owner to get SPF aligned
- Configure DKIM (if available)
You can check out our configuration articles for popular email service providers here
Can you help me investigate further?
For sure! We only have access to your DMARC aggregate data and publicly available DNS records, but our team of experts is well-versed in investigating complex scenarios. We're just a click away