Multiple Logins for a Single Mailbox

Hi!

I have been reading mxroute tutorials and Q&A topics for days, but haven’t been able to find the answer for my use case. Sorry if I missed the obvious.

I’m looking to set up a mail service for my business (among multiple other one-user personal domains) with the idea of a general shared mailbox, e.g. business@business.com, and have all the employees be able to use its webmail/IMAP/POP, but each with their own unique username/password. The idea is if an employee leaves, I could just delete their credentials and leave others’ access unaffected.

Is it possible to set this up with mxroute?

While that would not be possible utilizing features specifically on our side, there are a number of software applications built around this idea. The most obvious would be support ticket systems that import email into tickets and then let team members log in individually. I’m pretty sure I’ve seen a more simplistic shared inbox system before as well, but can’t recall the name of it for the life of me.

Something like this looks interesting too: https://helpmonks.com

Thank you for the quick response. Ah, that is too bad, I was really hoping it would be possible.

A ticketing system would complicate things by adding an additional layer. Helpmonks looks good, but it’s too pricey for a small business.

Zoho seems to support this natively, possibly Gsuite too (but I want to avoid anything Google), but I would prefer to use Mxroute. I guess I could go with a crude option of just generating a new password for all each time there is a change of employees (fortunately not too often).

I have a bit of a different take on how to tackle this issue. Rather than 4 users utilizing one mailbox, I have the one email address forward to 4 users. Then each user will use an identity to send as business@business.com. I also configure those users mail client to bcc the business@business.com account - which then can be further placed into the sent mail folder with sieve filters.

Maybe something similar to this is helpful? @Nilif

Thank you, guys, this has been very helpful. I think I’ll proceed with the lifetime promo, seems like the best option for me. 10 GB is workable for now.

They would still need the business@business.com login credentials in this case, or am I mistaken?

No. The business@business.com email account’s credentials would not be shared. The business@business.com email account would be created as well as forwarders for business@business.com to employee1@business.com, employee2@business.com, employee3@business.com and employee4@business.com. Each ‘employee’ would then access their own account with their own password, yet would receive all of the emails addressed to business@business.com.

Using an ‘alias’ in the email client, the employee1@business.com can respond as business@business.com or as themself, whichever is preferred.

The main problem with this approach though is that it is not immediately apparent which emails have been replied to. :frowning: In an organization which is set up in this manner that I am involved with, we simply bcc the response to the business@business.com email account. Fortunately email subjects are varied enough, and volume is low enough that this works fine.

That’s an interesting workaround.

One thing I’m not sure of, though, because of which I assumed they would need the original account’s credentials. I thought they would use business@business.com user credentials for SMTP outgoing mail. I’m guessing they use their own credentials for the SMTP server instead?

If so, what checks does the server do to verify one can send mail with a chosen “From” mail? I’m getting a bit confused as to are there any limitations of “impersonating” another user?

Thank you for your help.

None but I occasionally lie on Twitter and say that I’m enforcing a restriction on that, because there’s one spammer always looking for a way into our platform to abuse it, and I’ve determined that they watch Twitter.

I apologize, not sure if you’re being sarcastic. It was an honest question.

Not at all, completely honest.

Does that mean there is no way to prevent one user impersonating another on the same domain? E.g. johnsupportATmydomain.com sending mail as lisabillingATmydomain.com?

Or between different domains…

More importantly, can the receiving end tell the difference?

There are no configured protections on our systems for this, we monitor for abuse of it and immediately terminate anyone who takes advantage for malicious purposes. It’s not really a problem we have, but we can always adapt to new problems as they arise.

Recipients often can’t tell, spoofed email is a problem all over the internet. There are things they can look for in the headers but most won’t. It’s important that you build expectations with your recipients that you won’t ask for certain things over email, etc, because most major email providers accept spoofed email unless you set your DMARC record to “reject” which carries it’s own set of implications (like emails from your domain can’t be forwarded to gmail). Though, admittedly, risk is minimal because if they spoof an email from you a reply still goes back to you, they can’t intercept that without not spoofing you. Most attacks of this nature involve shady links, and you can’t really protect customers from clicking shady links besides trying to teach them not to.

I cannot speak for MXroute’s setup, but the mail server(s) that I am familiar with the fact that there is an alias pointed to the mailbox allows that alias to send on behalf of that user.

Will be good to have you on board. Consider me your personal system administrator hired to make sure your email is taken care of, and feel free to reach out anytime at chat.mxroute.com.

When sending, there’s a header X-Sender that reveals the username/email address used to send, if I recall correctly. But I don’t think any email apps/programs exposes that unless you as for raw headers/show source.