I was just playing around with the new interface for Google Analytics and decided to email myself a report. It’s a nice little feature, but there is a serious downside to their implementation.
Instead of sending the email from a Google domain (it’s not as if they have a shortage) they send it from your email address. While this may seem logical at face value it has serious implications for email security, as you are effectively allowing Google to send mail purporting to be from your domain. If you have been avoiding DKIM and SPF, then this probably won’t be a problem for you, but if you have actually implemented it using a relatively strict, and therefore useful policy, then you are going to run into problems.
Of course this isn’t the first instance of a Google implementation flying in the face of common sense.
Their Gmail service has been severely criticised in email filtering circles on may occassions since its introduction due to the lack of a vital part of the email header – the source IP. Whereas other services such as Yahoo! mail or Hotmail / MSN include the sender’s actual IP in the email header, Google decided not to.
If they’d stopped there it wouldn’t be too bad, but they’ve applied the same logic (or lack of it) to their Google Apps services, so you could easily end up discovering that your mails are being blocked due to abuse of the Google SMTP by others.
Michele Neylon :: Pensieri
Technology, Marketing, Domains, Thoughts
Footer
Site hosted in Ireland by Blacknight - Content copyright Michele Neylon
I think they may do it that way as a lot of admin’s are web developers / outsourced techies … and possibly charging for the analytics … so it’s a very basic type of white labelling.
Ed
If it’s white labelling it’s a terrible implementation.
How can you implement SPF properly with it?
Michele