Sender Alias Domains

Let's just say, we created a dombox for amazon.in.

The dombox address would look like this

amazon.in@domkey.domboxmail.com

This dombox can accept mails only from amazon.in by default

To allow mail from jeff@amazon.com to amazon.in box, amazon.in should have the following SAD record in _sad.amazon.in

v=sad1 amazon.com -all

Note: We always check the SAD record in the "Dombox Domain". The "Dombox Domain" can be extracted from the dombox address. The entire "local-part" is "Dombox Domain".

amazon.in@domkey.domboxmail.com => amazon.in

SAD Configuration

A SAD record can have multiple domains and each domain can have a configuration.

{Domain}:{Relaxed or Strict}+{Envelope Mode or Message Mode or Both}

Mode	Description
Relaxed (r)	Exact domain and its subdomains are allowed (Default)
Strict (s)	Exact domain only allowed.
Envelope Mode (e)	Domain is allowed only in the "Envelope From"
Message Mode (m)	Domain is allowed only in the "Message From"
Both Mode (b)	Domain is allowed in "Envelope From" as well as "Message From" (Default)

So, "v=sad1 example.com -all" is equivalent to "v=sad1 example.com:r+b -all"

SAD Examples

ED = Envelope Domain, MD = Message Domain, DD = Dombox Domain

Box created for facebook.com (DD), mails are carried by third-party newsletter service mailchimp.com (ED) for the domain facebook.com (MD). In this case, add the following record in "Dombox Domain" DNS.

_sad.facebook.com => "v=sad1 mailchimp.com -all"

Box created for facebook.com (DD), mails are carried by facebook.com (ED) for one of their product instagram.com (MD). In this case, add the following record in "Dombox Domain" DNS.

_sad.facebook.com => "v=sad1 instagram.com:r+m -all"

Box created for facebook.com (DD), mails are carried by third-party newsletter service mailchimp.com (ED) for one of Facebook product instagram.com (MD). In this case, add the following record in "Dombox Domain" DNS.

_sad.facebook.com => "v=sad1 mailchimp.com instagram.com:r+m -all"

SAD Include

You can use "include" option to include third-party MAIL FROM domains. For example, mailchimp uses mcsv.net, mcdlv.net and rsgsv.net in the MAIL FROM. You may not familiar with that. Include option helps you in that case.

Your SAD:

SAD Path	SAD Record
_sad.example.com	"v=sad1 example.net include:_sad.mailchimp.com include:_sad.aws.com -all"

Mailchimp SAD:

SAD Path	SAD Record
_sad.mailchimp.com	"v=sad1 mcsv.net mcdlv.net rsgsv.net -all"

AWS SAD:

SAD Path	SAD Record
_sad.aws.com	"v=sad1 amazonses.com -all"

SAD Redirect

SAD Path	SAD Record
_sad.amazon.in	"v=sad1 amazon.com aws.com primevideo.com -all"
_sad.amazon.co.uk	"v=sad1 amazon.com aws.com primevideo.com -all"
_sad.amazon.ca	"v=sad1 amazon.com aws.com primevideo.com -all"

The same SAD record is duplicated in all three domains. If amazon would like to whitelist more domains, then they have to edit SAD records in all domains.

Redirect option helps us to avoid such duplicate SAD records. You maintain the SAD record in only one domain.

Main SAD:

SAD Path	SAD Record
_sad.amazon.com	"v=sad1 amazon.com aws.com primevideo.com -all"

Redirected SAD:

SAD Path	SAD Record
_sad.amazon.in	"v=sad1 redirect:_sad.amazon.com -all"
_sad.amazon.co.uk	"v=sad1 redirect:_sad.amazon.com -all"
_sad.amazon.ca	"v=sad1 redirect:_sad.amazon.com -all"

Notes For Bulk Mailers

The SAD record will be checked when you issue RCPT TO command.

When you issue multiple RCPT TO commands (i.e. multiple recipients) make sure they are all related to the same "Dombox Domain" for better results.

To prevent DDoS attacks, we allow up to 10 SAD record failures. The whole session will be terminated with an error message like "Too many SAD Failures" if there are more than 10 SAD record failures.

If the Alias Layer is Fail for a "Dombox Domain", then all consecutive RCPT TO commands related to that "Dombox Domain" will result in Failure too. So if you get a response like "Alias Layer Failure", then either terminate the session or move on to the next "Dombox Domain"

Avoid sending mails to more than 100 different "Dombox Domains" in a single session.

Note: The values 10 and 100 may get changed in the future. So make sure to check our official documentation instead of relying on this document.

Sample SAD Record Query

Note: The SAD record will be fetched from the Dombox Domain

Domain	Can be extracted from
Dombox Domain	RCPT TO:<amazon.in@domkey.domboxmail.com>

Record Path: _sad.domboxdomain.com

twitter.com connecting with its IP address [54.156.255.69]
220 mail.domboxmail.com Dombox SMTP Service Ready
HELO mail.twitter.com
250 Hello, nice to meet you, mail.twitter.com
MAIL FROM:<no-reply@twitter.com>
Fetching SPF record from MAIL FROM domain twitter.com.
"v=spf1 ip4:199.16.156.0/22 ip4:54.156.255.69 -all"
IP address [54.156.255.69] is ALLOWED to send mails for twitter.com.
250 OK
RCPT TO:<twitter.com@test123.domboxmail.com>
250 OK
RCPT TO:<amazon.com@test123.domboxmail.com>
MAIL FROM domain is not amazon.com.
So fetching SAD record from _sad.amazon.com.
"v=sad1 amazon.co.uk amazon.ca amazon.in -all"
MAIL FROM domain twitter.com not whitelisted in amazon.com SAD.
550 SAD Failure. Refer https://domboxmail.com/solutions/sad
RCPT TO:<facebook.com@test123.domboxmail.com>
MAIL FROM domain is not facebook.com.
So fetching SAD record from _sad.facebook.com.
No SAD record found. Falling back to SPF record.
Fetching SPF record from facebook.com.
"v=spf1 ip4:66.220.144.128/25 ip4:69.171.244.0/23 -all"
IP address [54.156.255.69] is NOT ALLOWED to send mails for facebook.com.
550 SAD Failure. Refer https://domboxmail.com/solutions/sad
QUIT
221 Bye