Why You Should Use a Shared Mailbox For Your Company’s Podcast Email Address
Switching hats for a bit here and speaking directly to Marketing and IT departments who have been looped into your C-suite’s sudden decision to launch a podcast (we’re seeing a lot of this during the quarantine):
You’re likely wrangling with a lot of unknowns.
Marketing, you’re probably worried about the “how.”
IT, you’re probably worried about the “how…does this put our network at risk?”
I offer this article as the first in a series targeted at Marketing and IT departments, to help them navigate the many unknowns of launching a new corporate podcast. I hope you find it helpful.
In the last few months, a handful of companies have created pilot podcasts with us as a way of testing the waters in the medium. Many questions come up during the planning stages of these pilot programs (each of which we’ll go over as this series continues) but one of the first is relating to CTA’s (Call To Action) and specifically:
How do our listeners contact us if they want to?
In one such recent instance, a large technology and communications company was concerned about possible DDoS attacks (Distributed Denial of Service) on their hybrid Exchange environment. A concern certainly worth taking seriously! Especially if you’re large enough to be considered a worthwhile target to those nefarious types who do those sorts of things.
But before we talk about how to protect your mail servers from internet ne’er-do-wells, let’s talk about why you would have a podcast specific e-mail address and why that e-mail address should take the form of a shared mailbox and not simply an alias or forward.
Why a dedicated email address? Why not JenInMarketing@mycompany.com?
There are a few reasons, let’s go over each:
- This email address will appear in your RSS feed, a publicly available XML document, and on every podcast directory (Apple Podcasts, Google, Spotify, Stitcher, etc.) where your podcast is listed. You wouldn’t make Jen’s email public in this instance for the same reason you wouldn’t make it public on your website: You probably don’t want Jen to become the target of spam, unwanted solicitations, or clever social engineering schemes.
- Jen might leave your employ at some point, she may decide she’s had enough of Bill’s nonsense and she’ll go off and start her own marketing firm in Kentucky. Now what? Now you have to forever and always have old podcast episodes referencing an email address and person which/who no longer exists, AND you have to assign JenInMarketing@mycompany.com as an alias to whoever takes over her position. Oh, AND you’ll have to do a mailbox export request to get all of Jen’s messages in to your new person’s inbox… or you’ll have to give your new person read and send-as permissions to Jen’s old account. It’s a mess, and your IT Department will shake your building to the ground with their low frequency grumbles.
- Not having firstname.lastname@example.org as an email address is akin, at this point, to not having email@example.com or firstname.lastname@example.org or email@example.com or firstname.lastname@example.org — this is increasingly expected.
Okay, I get it. What email address should I use then?
You should use email@example.com or firstname.lastname@example.org or email@example.com
Not only is this more intuitive for the person trying to contact you, but it means that instead of managing permissions across multiple users in Active Directory and Exchange (or what have you), you now just have to worry about managing the members of one security group. If the email address is firstname.lastname@example.org, you can use a security group to control which mailboxes do and don’t have access. When they no longer need access, you can simply remove them from the security group.
And the shared mailbox?
Well you want all the data to live in one mailbox, right? You don’t want some of the email in Jen’s mailbox, some of it in Tim’s, and the rest of it Frank’s — then you either miss things entirely, or inadvertently reply to things twice, not realizing someone else already replied.
Ideally email@example.com should be monitored by two people: a direct report and their superior. The direct report should be in charge of managing the mailbox and the superior should have access only as an escalation solution. Example:
“Hey Christine, I was going through the podcast email queue this morning and someone has questions about embedding a snippet of one of our podcast episodes in an article for Forbes, is this something I should pass to you?”
“Yes, thanks Jack. I’ll look at it now and reply.”
You probably don’t need 5 people managing this inbox, but you probably do want more than one.
To echo what I said in the previous section: a shared mailbox is easier to manage access to, and therefor is the primary internal benefit to using one.
So what about those DDoS Attacks (and BEC attacks)?
Yeah, that was a really fun problem to work through actually, especially since it happened simultaneously across a few companies (the question and concern I mean). There are two solutions here, both I think are pretty creative.
A. Host your firstname.lastname@example.org mail server within a different domain, such as: email@example.com or firstname.lastname@example.org
It’s likely that if you can consider this a viable option, that you already have a separate domain for your email. Good on you too. Isolating your communications from the rest of your network is a fantastic approach to ensuring security and is an important part of building high availability networks (long live clustering!). If you do not already have something like this in place, it is unlikely that implementing such a solution would be cost-effective or sensible just for a podcast email address. Though, hey, you may want to take it on as a long-term 2020 project (the year of suddenly having a lot of time on your hands) for the overall sake of your business.
B. Utilize your Firewall Appliance or SPAM Filter
This is a little outside the box, I’m proud to say, and I feel rather clever suggesting it to you.
No doubt you have a Firewall. A Sonicwall, a Sophos, a Watchguard, a Fortinet, a SOMETHING. It’s also likely you have a cloud-based spam filter, such as Proofpoint, SolarWinds, SpamTitan, or other.
If you set the score of what is considered “SPAM” low/high enough for a particular mailbox, you can ensnare all communications coming to that mailbox in the filter. This isolates it from the network (in the case of proofpoint, it wouldn’t even touch your firewall). Your mailbox users can then check the SPAM filter once a day instead of checking their Outlook (or what have you), and can control the release of emails from quarantine manually. This isn’t exactly the way a filter should be used, but it is a way to accomplish the prevention of DDoS attacks on your mailserver (affectionately referred to as an “Email Bomb”) and relevant specifically to your podcast email address.
And so that’s it. Those are the whats, whys, and hows of using a shared mailbox for your email@example.com email address. I hope you’ve found this helpful.
If you have questions, please don’t hesitate to comment. You may have guessed after reading this that I have a fair amount of technical knowledge, in a previous life I was a SysAdmin, have served at two separate companies as an SME on Office 365, and am accordingly MS certified in O365. I’ve overseen a few on-prem-to-cloud and on-prem-to-hybrid migrations (as well as many straight to cloud standups) and have just shy of 20-years experience in IT-related industries. Consider me an unofficial resource if your IT team has questions you can’t answer quickly.