Google Apps Achilles’ Heel – ‘on behalf of’ messaging

Google Apps for Business - software-as-a-service for business email, information sharing and securityHaving architected, deployed, and managed enterprise Microsoft Exchange environments, I know Microsoft Exchange Server is a solid, scalable, and feature-rich product which leverages Microsoft’s LDAP directory services, Active Directory. However, the caveats to implementing this system include a commitment to the Microsoft platform and in-house expertise to manage the infrastructure. What if your business needs to reduce costs yesterday, or is seeking alternatives to Microsoft?

Google has a brilliant, Cloud-based answer to Microsoft: Google Apps. The solution includes Gmail, Google Calendar, Google Docs (documents, spreadsheets and presentations), Google Sites, Google Talk–all using your own domain name–for FREE. Yes, for businesses or groups of up to 50 users, the advertising-supported Google Apps Standard Edition is free. Here’s what Google got right:

  • Significantly reduced the cost of messaging/collaboration for small businesses
  • Designed an easy-to-manage, functional, intuitive interface
  • Generously allocated storage–7GB/user!
  • Provided secure, encrypted access using SSL
  • Tightly integrated the Apps Suite, including Mail, Calendar, Docs, Sites, and browser-based Chat

‘Google Messaging’ is simply Gmail branded @your-company.com. It is robust, feature-rich, and fast, including great features such as “plus addressing”.

The Achilles’ heel: email aliases

Email aliases, or ‘Nicknames’ as Google refers to them, are a key component for most business email systems. For instance, email aliases such as customer.service@your-company.com or support@your-company.com, typically forward to email distribution groups or individual mailboxes. The benefits of email aliases/forwarders include:

  • providing a standardized, professional method for customer communications,
  • addresses which are independent of employees,
  • protecting the domain username from disclosure, and
  • protecting individual email accounts from spam.

Google allows you to add nicknames relatively easily. See the video overview:

The problem arises when using a desktop email client (read: Microsoft Outlook, Mozilla Thunderbird, et cetera) configured to send from your email alias. The result is the disclosure of your primary email address, your account username, and the presentation of the email message in a less-than-professional manner to the recipient.

So what?

Let’s look at a potential scenario:

  • Full Name: John Doe
  • Logon Username: JDoe
  • Primary Email Address: John.Doe@your-company.com
  • Email Alias: sales@your-company.com

Suppose a customer sends a message to sales@your-company.com. This message is delivered to John Doe’s mailbox. John responds to the message, mindfully choosing to respond from sales@your-company.com email address. When the customer receives the reply, depending on their email client, the 'From:' field will display "Your Company Sales <sales@your-company.com> on behalf of John Doe <John.Doe@your-company.com>".

Why does this happen?

In the message header, Google includes the sender’s Google username and primary email address in the form of 'Return-path'‘ and 'Sender' fields. Google justifies the inclusion of the ‘Sender’ field because it helps prevent your message from being marked as spam. If you use Google’s intended browser-based interface, the problem isn’t as visible yet the ‘Return-path’ field is still included in the header, disclosing your primary email address and effectively undermining the purpose of the alias.

What can Google do to make Google Apps more business-friendly?

Few would argue that Google’s search and email capabilities are robust and well managed. Most small business would be justified in concluding Google has a superior ability to manage the messaging and collaboration infrastructure. Organizations, large and small, have some legitimate concerns which must be addressed sufficiently for Google to win their business.

Fix the ‘on behalf of’ Mess

First and foremost, professional messaging is a core component of business. Unfortunately, even if you upgrade to Google Apps Premier Edition, this undesired behavior will persist if you choose to use email aliases/forwarders/nicknames. Google must listen to the overwhelming feedback from it’s users and eliminate the ‘Return-path’ and ‘Sender’ fields.

Assuage Information Assurance Concerns

Larger, regulated organizations that deal with sensitive information, including intellectual property and customer non-public information [NPI] or personally identifiable information [PII], want adequate protections in place to manage the information security risk. In November 2008, Google obtained a SAS70 Type II certification for Google Apps. Google is continually making inroads by addressing information security concerns. See the video overview of Google’s take on Information Assurance in the Cloud:

For a large, distributed organization like Google, I like their practical, nimble approach to information assurance. Ideally, they’ll embrace and certify against internationally recognized standards such as ISO 27001.

Provide Transparent, Feature-Rich Offline Access

What happens when you don’t have an Internet connection and you need to access your Internet-based Google Apps? Google’s answer to this conundrum: bring the Cloud with you.

Cloud computing is great, but you need the cloud to make it work. On an airplane, on the shuttle commuting to work, or at home when my cable modem goes down, I want to work on my documents. And, until now, that usually meant saving a copy and editing on the desktop.

Now there’s a better solution. With Google Docs offline (powered by Google Gears), I can take my little piece of the cloud with me wherever I go. Once enabled, I have a local version of my document list and editors, along with my documents.

This offline access is a good start, but it’s not as polished as it should be. Google is helping develop the next HTML standard, HTML 5, which will enable a better offline experience.

So what do you think?

Be Sociable, Share!
  • robert

    I am having the exact problem, if a nickname is added, an email sent using the nickname should be treated as if it is not an alias. As a result, I need to create one account for each nickname and forward the email to another account.

  • GlennEU

    I found a way to remove the message: “on behalf of” if you send and email with an alias / nickname from your free Google Apps account:
    http://glenn.eu/2010/05/10/google-apps-aliases-