How to deal with transactional xenforo email + official mailboxes off server? 1 bounce address?

[Alpha1]

I am banging my head on this problem.

To send out email for xenforo and to process bounces there are several possibilities:

1. use php mail from the server. Problem with this is that this can leak your server IP which carries the risk of DDoS.
2. run your own email server (doing that now)
3. send mail through a third party like amazon SES, sparkpost, elastic email.

To receive email for official communication ( admin@mydomain.com paypal@mydomain.com ) there are several possibilities:

1. use php mail on the server. Same problem with IP leaking.
2. run your own email server and manage the whole incoming email headache.
3. use a provider like mailbox.org, protonmail, etc.

It would seem obvious that the solution would be to use external providers for both transactional email as for official mailboxes.
The problem that I see is that you can set only 1 return email address to receive both bounces and incoming email.

So how can I resolve this?
Has anyone else setup external providers for both transactional as mailboxes?

 

[Jake B.]

Not 100% sure I follow what the issue is, you'd just setup your transactional service (SES, Sparkpost, etc) as you normally would and have the bounce notifications go to an address set on your incoming service (G Suite, Zoho, etc)

Most email services intended for incoming mail don't allow you to use them for large volume transactional emails, in fact G Suite has a rate limit explicitly to block this

 

[S Thomas]

Not sure either if I got your problem, but for outgoing emails via XF (no-reply) we've setup our own local email server and put a proxy in front of that. So only the proxy IP would leak, which is intended. Downside could be that anyone could lookup your MX records. So using an external service is better anyways.
For incoming and actual communication emails we are using an external service.

 

[Alpha1]

Lets say I have email for private correspondence: alfa1@mysite.com moderator1@mysite.com paypal@mysite.com etc.
For these I need inboxes from which to send and receive small amounts of email.
I can use an external provider for this like g suite, zoho, protonmail, mailbox.org for this.

For transactional email I am now using a separate server, but I can use amazon SES, sparkpost, etc. And use a different email address: transactionalmail@mysite.com

So far so good.

Then I need to setup DKIM, SPF, DMARC for my domain and add the return address to my DNS. And this is where the issue lies. You can only add 1 return address to your DNS to setup a proper DKIM.

 

[S Thomas]

You could use subdomains (transactional@mail.mysite.com) for that I guess?

 

[HWS]

Then I need to setup DKIM, SPF, DMARC for my domain and add the return address to my DNS. And this is where the issue lies. You can only add 1 return address to your DNS to setup a proper DKIM.

For example with SES you can use a subdomain as envelope sender which will be correctly DKIM signed by SES. The bounce address is a regular domain address which will get bounces in it's inbox to be handled by XenForo. You can setup DMARC to handle subdomains as well.

Our well-working setup is an own mail server which handles all our mailboxes, some outgoing and all incoming mail and all transactional and marketing mail is sent with SES. SPF, DKIM, DMARC works perfectly.

 

[tonmo]

For example with SES you can use a subdomain as envelope sender which will be correctly DKIM signed by SES. The bounce address is a regular domain address which will get bounces in it's inbox to be handled by XenForo.

If a user replies back to a transactional email (even though it should be presented as no-reply), does the response land in the inbox and get processed as a bounce, which then marks the user as having an invalid address in XF?