Is my plan feasible?
No, not really.
The problem is (almost) anything in an email and email header can be changed and spoofed. Also anyone in your company can send email through any other server they like to (unless you block all their internet access, oh wait, you can't, they still have their smartphones etc.), seemingly coming from your company. If an employee in your company wants to avoid the scrutiny of the PHB they just use an outside email server (MTA).
You don't even have to worry about deliverability, say if the rDNS or EHLO greeting doesn't match the return-path. Just make the return-path's domain be the same as the outgoing MTA, but change the From: address to be from your company and almost everyone thinks it IS from your company.
Will there be issues that I have overlooked?
Yes, always. It is a pointless exercise and it is trivial to circumvent. To avoid yourself and your co-workers any headaches you need to explain this to your PHB and convince her or him that it's the wrong way to go. There are better ways to approach this. But those lie more in company policy, educating and hiring the right employees, and specific regulations than in extreme (and easy to avoid) measures limiting one's freedom. These kind of draconian measures have a knack of biting you back in the long run, almost without exception.
Does it have the danger of being treated as spam by the other mailservers since I'll be messing up the headers?
Not likely. Anything in the headers can be spoofed and changed (see above). That's pretty much the standard, MTAs add and change things in the headers all the time. Whether you do it as a human, or create a script to change things, the MTA doesn't really care. As long as it is validated and accepted by the MTA it should not have much more of a chance to be marked as spam (within reason of course).
Anyways, I don't want to think any more about this truly horrendous idea. :-(
My question is: Is there any added benefit of sending automated email
from an email address with a subdomain?
I don't think there are many technical reasons why a subdomain is required or necessarily better for deliverability of emails.
That being said, having/using subdomains can sometimes make things easier for large organizations because:
- As an admin, I may not have access to global resources associated with the primary domain. For example, maybe I only manage IPs/Firewalls/DNS Zones in my specific regional office/division.
- Even if I did have access to global resources, the scope of users/systems affected by my email changes is large. Perhaps I don't want that.
- Even though we're specifically discussing outbound deliverability here, there is still the possibility of NDRs and failed delivery generating return traffic. Depending on the volume of mail I'm sending, I may not want delivery status notifications going back through my standard inbound mail route.
Ultimately, I think it comes down to the use case here and scope of systems affected.
Best Answer
There are some addresses you should exempt such as postmaster, abuse, hostmaster, and any other administrative addresses. I would recommend you pick a domain or two that will be used for email rather than wildcarding the domain.
You will likely need to configure the transport to run as a specific user.