I have been reading mxroute tutorials and Q&A topics for days, but haven’t been able to find the answer for my use case. Sorry if I missed the obvious.
I’m looking to set up a mail service for my business (among multiple other one-user personal domains) with the idea of a general shared mailbox, e.g. firstname.lastname@example.org, and have all the employees be able to use its webmail/IMAP/POP, but each with their own unique username/password. The idea is if an employee leaves, I could just delete their credentials and leave others’ access unaffected.
While that would not be possible utilizing features specifically on our side, there are a number of software applications built around this idea. The most obvious would be support ticket systems that import email into tickets and then let team members log in individually. I’m pretty sure I’ve seen a more simplistic shared inbox system before as well, but can’t recall the name of it for the life of me.
Thank you for the quick response. Ah, that is too bad, I was really hoping it would be possible.
A ticketing system would complicate things by adding an additional layer. Helpmonks looks good, but it’s too pricey for a small business.
Zoho seems to support this natively, possibly Gsuite too (but I want to avoid anything Google), but I would prefer to use Mxroute. I guess I could go with a crude option of just generating a new password for all each time there is a change of employees (fortunately not too often).
I have a bit of a different take on how to tackle this issue. Rather than 4 users utilizing one mailbox, I have the one email address forward to 4 users. Then each user will use an identity to send as email@example.com. I also configure those users mail client to bcc the firstname.lastname@example.org account - which then can be further placed into the sent mail folder with sieve filters.
Maybe something similar to this is helpful? @Nilif
The main problem with this approach though is that it is not immediately apparent which emails have been replied to. In an organization which is set up in this manner that I am involved with, we simply bcc the response to the email@example.com email account. Fortunately email subjects are varied enough, and volume is low enough that this works fine.
One thing I’m not sure of, though, because of which I assumed they would need the original account’s credentials. I thought they would use firstname.lastname@example.org user credentials for SMTP outgoing mail. I’m guessing they use their own credentials for the SMTP server instead?
If so, what checks does the server do to verify one can send mail with a chosen “From” mail? I’m getting a bit confused as to are there any limitations of “impersonating” another user?
None but I occasionally lie on Twitter and say that I’m enforcing a restriction on that, because there’s one spammer always looking for a way into our platform to abuse it, and I’ve determined that they watch Twitter.
There are no configured protections on our systems for this, we monitor for abuse of it and immediately terminate anyone who takes advantage for malicious purposes. It’s not really a problem we have, but we can always adapt to new problems as they arise.
Recipients often can’t tell, spoofed email is a problem all over the internet. There are things they can look for in the headers but most won’t. It’s important that you build expectations with your recipients that you won’t ask for certain things over email, etc, because most major email providers accept spoofed email unless you set your DMARC record to “reject” which carries it’s own set of implications (like emails from your domain can’t be forwarded to gmail). Though, admittedly, risk is minimal because if they spoof an email from you a reply still goes back to you, they can’t intercept that without not spoofing you. Most attacks of this nature involve shady links, and you can’t really protect customers from clicking shady links besides trying to teach them not to.
When sending, there’s a header X-Sender that reveals the username/email address used to send, if I recall correctly. But I don’t think any email apps/programs exposes that unless you as for raw headers/show source.