Suped

Why do security teams allow cousin domains for email marketing instead of subdomains?

7 Marketer opinions3 Expert opinions5 Technical articles4 Resources

Summary

Security teams may permit cousin domains for email marketing because they believe marketing will not adhere to security protocols and it keeps issues separate from their core responsibilities; however, experts view this as problematic as it leads to abuse by phishers/spammers. The consensus leans towards subdomains for email marketing as IT can maintain control, enhancing brand protection, enabling reputation isolation, and improving deliverability. Building sender reputation and following email authentication standards such as SPF, DKIM, and DMARC is also critical for preventing spoofing and improving deliverability. Monitoring domain reputation and addressing deliverability issues promptly helps maintain a positive sender reputation.

Key findings

  • Marketing Security Adherence: Security teams assume marketing won't adhere to security policies, leading to cousin domain usage.
  • Subdomain Control: IT can exercise better control over subdomains, ensuring security and brand continuity.
  • Brand Protection: Subdomains offer enhanced brand protection and mitigate phishing risks.
  • Reputation Isolation: Subdomains isolate reputation damage, preventing marketing email issues from affecting transactional emails.
  • Email Authentication: SPF, DKIM, and DMARC are crucial for preventing spoofing and improving deliverability for both domains and subdomains.
  • Spammer/Phisher Exploitation: Cousin domains are frequently abused by spammers and phishers.

Key considerations

  • Good List Hygiene: Good list hygiene and communication between IT and marketing is essential when using subdomains.
  • Authentication Implementation: Properly authenticate subdomains using SPF, DKIM, and DMARC.
  • Long Term Investment: Investing in proper subdomain setup and authentication is beneficial for long-term email deliverability and brand protection.
  • Reputation Monitoring: Regular monitoring of domain/subdomain reputation is critical.
  • Spoofing Prevention: Implement SPF records for all sending domains/subdomains to avoid spoofing issues.
  • Compliance Adherence: Marketing teams should be encouraged to adhere to security policies rather than relying on cousin domains

What email marketers say
7Marketer opinions

Security teams generally prefer subdomains over cousin domains for email marketing due to increased control, enhanced brand protection, and the ability to isolate reputation damage. Subdomains allow for consistent security policies, prevent phishing attacks, and maintain a positive sender reputation. Marketing teams can leverage subdomains for better tracking, management of different email types, and to ensure deliverability by separating marketing and transactional email streams.

Key opinions

  • Control: IT/Security can maintain stricter control over subdomains ensuring consistent security policies.
  • Brand Protection: Subdomains provide better long-term brand protection compared to cousin domains.
  • Reputation Isolation: Using subdomains allows for isolating reputation damage, preventing marketing email issues from affecting transactional emails.
  • Deliverability: Authenticating emails and building a strong sender reputation with subdomains are crucial for email deliverability.
  • Phishing Prevention: Security teams prefer subdomains to prevent phishing attacks by having stricter control.

Key considerations

  • List Hygiene: Good list hygiene is essential when using subdomains for email marketing to maintain a positive reputation.
  • Communication: Good communication and collaboration between IT/security and marketing teams are necessary for effective subdomain management.
  • Authentication: Properly authenticate subdomains using SPF, DKIM, and DMARC to establish trust with mailbox providers.
  • Long-Term Investment: Investing in proper subdomain setup and authentication is beneficial for long-term email deliverability and brand protection.
  • Tracking and Management: Separate email streams with subdomains for better tracking and management of different email types (e.g., marketing vs. transactional).
Marketer view

Email marketer from Email Geeks shares that IT should exercise control on setting up subdomains to maintain security control while allowing marketing brand continuity, assuming good list hygiene and communication between departments.

November 2024 - Email Geeks
Marketer view

Email marketer from Mailgun Blog recommends separating marketing and transactional email streams using subdomains. This practice helps isolate reputation damage and allows for better tracking and management of different email types.

November 2023 - Mailgun Blog
Marketer view

Email marketer from EmailonAcid explains that building a strong sender reputation is crucial for email deliverability. Using a consistent subdomain and properly authenticating emails are key steps in establishing trust with mailbox providers.

July 2023 - EmailonAcid
Marketer view

Email marketer from Email Geeks shares that IT should exercise control on setting up subdomains to maintain security control while allowing marketing brand continuity, assuming good list hygiene and communication between departments.

November 2024 - Email Geeks
Marketer view

Email marketer from SparkPost Blog suggests using a dedicated subdomain for marketing emails to protect the main domain's reputation. This way, if marketing emails encounter deliverability issues, it won't directly impact transactional emails sent from the primary domain.

March 2023 - SparkPost Blog
Marketer view

Email marketer from Reddit suggests that while cousin domains might seem like a quick fix, subdomains offer better long-term brand protection and control. They advise investing in proper subdomain setup and authentication.

October 2024 - Reddit
Marketer view

Email marketer from StackOverflow highlights the security risks associated with cousin domains. They state that security teams often prefer stricter control over subdomains to ensure consistent security policies and prevent phishing attacks.

April 2023 - StackOverflow

What the experts say
3Expert opinions

Security teams sometimes allow cousin domains for email marketing because they believe marketing teams will not adhere to security protocols. This approach is seen as a way to keep potential security issues separate from the core security responsibilities. However, this practice is problematic and leads to abuse by phishers and spammers who exploit the similarity to legitimate brand names to deceive recipients.

Key opinions

  • Marketing Non-Compliance: Security teams perceive that marketing teams are unlikely to comply with security policies.
  • Separation of Responsibility: Allowing cousin domains is viewed as a way to isolate potential security risks from core security operations.
  • Abuse Potential: Cousin domains are frequently exploited by phishers and spammers to mimic legitimate brands.
  • Deceptive Practices: Phishers and spammers use cousin domains to trick recipients into believing they are interacting with the real brand.

Key considerations

  • Security Risks: Cousin domains can pose significant security risks due to their potential for abuse.
  • Brand Reputation: Using cousin domains can damage brand reputation as they are often associated with phishing and spam.
  • Compliance: Marketing teams should be encouraged to adhere to security policies rather than relying on cousin domains.
  • Monitoring: Organizations should monitor for and actively combat the use of cousin domains to protect their brand.
Expert view

Expert from Word to the Wise responds that she has seen a lot of abuse of domains that are close, but not quite the same as the brand name. This is often done by phishers and spammers, who are trying to trick people into thinking that they are dealing with the real brand.

February 2024 - Word to the Wise
Expert view

Expert from Email Geeks explains security people know that marketing people are not going to listen to them. But they can at least keep the pain out of security’s area of responsibility. She agrees it’s a problem and has been yelling about the cousin domain problem for years

June 2021 - Email Geeks
Expert view

Expert from Email Geeks explains security people know that marketing people are not going to listen to them. But they can at least keep the pain out of security’s area of responsibility. She agrees it’s a problem and has been yelling about the cousin domain problem for years

June 2021 - Email Geeks

What the documentation says
5Technical articles

Email authentication standards such as SPF, DKIM, and DMARC are critical for preventing spoofing, improving email deliverability, and protecting against phishing. Correctly configuring these records for all sending domains and subdomains is essential. Monitoring domain reputation and addressing deliverability issues promptly are also important for maintaining a positive sender reputation and trust with mailbox providers.

Key findings

  • SPF: Sender Policy Framework (SPF) records help prevent email spoofing and improve deliverability.
  • DMARC: Domain-based Message Authentication, Reporting & Conformance (DMARC) policies protect against phishing and spoofing by aligning SPF and DKIM records.
  • DKIM: DomainKeys Identified Mail (DKIM) uses cryptographic signatures to verify the sender of an email and ensure message integrity.
  • Authentication Importance: Implementing SPF, DKIM, and DMARC improves email deliverability and establishes trust.
  • Reputation Monitoring: Monitoring domain reputation and promptly addressing deliverability issues are crucial for maintaining a positive sender reputation.

Key considerations

  • Configuration: Correctly configure SPF records for all sending domains and subdomains.
  • Alignment: Ensure SPF and DKIM records are aligned for DMARC compliance.
  • Regular Monitoring: Regularly monitor domain reputation and address any deliverability issues promptly.
  • Technical Guidelines: Refer to official RFC specifications for SPF implementation.
  • Tool Utilization: Utilize domain reputation monitoring tools to track deliverability metrics.
Technical article

Documentation from DMARC.org details how Domain-based Message Authentication, Reporting & Conformance (DMARC) policies help protect against email phishing and spoofing. It emphasizes the need to align SPF and DKIM records to ensure proper email authentication.

May 2023 - DMARC.org
Technical article

Documentation from ReturnPath explains how to monitor domain reputation using their tools. It highlights the importance of tracking deliverability metrics and addressing any issues promptly to maintain a positive sender reputation.

October 2023 - ReturnPath
Technical article

Documentation from Microsoft Learn explains how DomainKeys Identified Mail (DKIM) uses cryptographic signatures to verify the sender of an email and ensure the message hasn't been tampered with. Implementing DKIM helps improve email deliverability and trust.

December 2023 - Microsoft Learn
Technical article

Documentation from IETF details the official RFC specifications for Sender Policy Framework (SPF), providing technical guidelines for implementing and validating SPF records for domain authentication.

April 2021 - IETF
Technical article

Documentation from Google Workspace Admin Help explains that Sender Policy Framework (SPF) records help prevent spoofing and improve email deliverability. It highlights the importance of correctly configuring SPF records for all sending domains and subdomains.

February 2023 - Google Workspace Admin Help

Related resources
4Resources

Email Subdomain Best Practices: Subdomain vs. Sending Domain
Email Subdomain Best Practices: Subdomain vs. Sending Domain

Email deliverability experts share advice about selecting a sending domain & how the domain or subdomain you choose can impact email deliverability.

Kickbox Blog
The Beginner's Guide to Domain Use in Email Marketing - Validity
The Beginner's Guide to Domain Use in Email Marketing - Validity

Learn all about domain strategy in email marketing—including how to use your domain to boost email deliverability and how to keep it secure.

Validity
Classic Admin account - Set up a dedicated IP for your sub-accounts ...
Classic Admin account - Set up a dedicated IP for your sub-accounts ...

💡 Good to know Sub-accounts management is only available on an Enterprise plan. For more information, check our website or get in touch with our Sales team. If you send a high volume of emails and...

Home
Defending Yourself Against Cousin Domain Attacks - Abion
Defending Yourself Against Cousin Domain Attacks - Abion

Cousin domain attacks are a type of domain spoofing or impersonation attack that can deceive unsuspecting users and organisations, leading to potential data breaches, financial losses, and reputational damage.

Abion

Related questions