<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Apple Color Emoji";
panose-1:0 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style>
</head>
<body lang="EN-IE" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span lang="EN-GB">We’ve had some “interesting” issues with subdomains getting compromised and some vendors deciding to blacklist *.ourbrand.tld
<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">So based on our experience I’d avoid it </span>
<span lang="EN-GB" style="font-family:"Apple Color Emoji"">☺</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">Letting a 3<sup>rd</sup> party use a separate domain OR a subdomain of a secondary domain name makes more sense for us at least<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">Regards<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">Michele<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><span lang="EN-GB" style="color:black">--<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:black">Mr Michele Neylon<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:black">Blacknight Solutions<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:black">Hosting, Colocation & Domains<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:black">https://www.blacknight.com/<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:black">https://blacknight.blog/<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:black">Intl. +353 (0) 59 9183072<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:black">Direct Dial: +353 (0)59 9183090<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:black">Personal blog: https://michele.blog/<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:black">Some thoughts: https://ceo.hosting/
<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:black">-------------------------------<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="color:black">Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span lang="EN-GB" style="color:black">Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB"><o:p> </o:p></span></p>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span style="font-size:12.0pt;color:black">From: </span></b><span style="font-size:12.0pt;color:black">dns-operations <dns-operations-bounces@dns-oarc.net> on behalf of Sue Steffen <lilycrown@gmail.com><br>
<b>Date: </b>Tuesday 25 September 2018 at 19:33<br>
<b>To: </b>"dns-operations@lists.dns-oarc.net" <dns-operations@lists.dns-oarc.net><br>
<b>Subject: </b>[dns-operations] subzone delegation best practice<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<div>
<p class="MsoNormal"><span style="color:#741B47">I would like to get the opinions of this list concerning subzone delegations to 3rd parties.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="color:#741B47"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="color:#741B47">We have a very recognizable zone name,
<a href="http://xyz.com">xyz.com</a>, We have many publicly facing URL's and the usual email protection records DKIM, SPF, DMARC. We are very concerned about protecting our brand.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="color:#741B47"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="color:#741B47">We also have a multitude of 3rd party vendors providing various niche services. These vendors want to have subzones delegated to them so they can manage their own email-related records an such. Most of them
we have setup with their own domains to use on our behalf ( like <a href="http://xyz-them.com">
xyz-them.com</a>, <a href="http://xyz-those.com">xyz-those.com</a>, etc). We constantly get requests to use a subzone off of our main zone for these vendors (like
<a href="http://them.xyz.com">them.xyz.com</a>, <a href="http://those.xyz.com">those.xyz.com</a>).<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="color:#741B47"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="color:#741B47">Is it preferable to have 3rd parties use an entirely separate zone, thus protecting the reputation of our primary zone? I worry about a mistake by a vendor causing our main zone to be blacklisted.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="color:#741B47"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="color:#741B47">Or is it preferable to use subzones off of the main zone, thus giving the public comfort that they are clicking a link or receiving an email from a valid
<a href="http://xyz.com">xyz.com</a> site?<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="color:#741B47"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="color:#741B47">How does your firm handle 3rd party delegations?<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="color:#741B47"><o:p> </o:p></span></p>
</div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"><span style="color:#741B47">Thanks for your thoughts,<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Sue Steffen<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</body>
</html>