> If they use a reputable bulk mailing service instead of using their first-party domain then they are indistinguishable from a phishing attack.
With most bulk mailing services, the message will come from the "first-party domain". They will have configured that service as a legitimate sender for the domain via SPF/DKIM DNS records.
> With most bulk mailing services, the message will come from the "first-party domain". They will have configured that service as a legitimate sender for the domain via SPF/DKIM DNS records.
It's not just the from:marketing@firstparty.com that I'm talking about. If the unsubscribe link does not also go to firstparty.com, then it's still indistinguishable from phishing.
With most bulk mailing services, the message will come from the "first-party domain". They will have configured that service as a legitimate sender for the domain via SPF/DKIM DNS records.