Announced on Phase 1 (UI removal) Phase 2 (rollout starts)
June 18, 2026 June 18, 2026 September 23, 2026

Zendesk is raising the security floor for all accounts by establishing a new "minimal security" standard for sender authentication. This update ensures that your account is secure while improving the reliability of legitimate email delivery.

This announcement includes the following topics: 

  • What's changing?
  • Why is Zendesk making this change?
  • What do I need to do?

What's changing?

Zendesk is migrating all accounts to a mandatory "minimal security" standard for sender authentication.

This update will be implemented in two phases:

  • Phase 1 (June 18, 2026): For accounts that already have sender authentication enabled, the setting to disable it will be permanently removed from Admin Center. This ensures that the security floor cannot be lowered. You will still be able to select from different authentication profiles (for example, Minimal or Native), but the option to turn the feature off will no longer be available.
    Note: New accounts starting June 18, 2026 will have this setting enabled and set to “Minimal." The option to update the authentication profile will remain, but disabling sender authentication will not be permitted. This provides baseline protection for both native and forwarded email while suspending only clear spoofing attempts and avoiding disruption to your operations.
  • Phase 2 (starting September 23, 2026): For accounts that currently have the Authenticate emails received with SPF, DKIM, and DMARC alignment setting disabled, Zendesk will begin a rollout to automatically enable it with the "Minimal" protection level.
    • Customers in this group who enable sender authentication before September 23 will no longer be permitted to disable it without contacting Zendesk.
  • Improved email delivery: By enforcing this standard, spam thresholds are adjusted for traffic that passes authentication, reducing the risk of legitimate forwarded emails being accidentally suspended as spam.

Why is Zendesk making this change?

Zendesk is moving to a "secure-by-default" model to enhance platform security and resolve persistent issues with email suspension. 

Previously, legitimate forwarded emails were occasionally flagged as spam. By mandating a minimal authentication standard, Zendesk provides the visibility needed to manage these edge cases effectively. This change strengthens platform security and helps ensure trusted mail reaches its destination.

What do I need to do?

For phase 1 accounts (with the setting already enabled): No action is required. You will notice that the option to disable sender authentication has been removed from Admin Center.

For phase 2 accounts (with the setting currently disabled): No action is required for the migration to take effect on September 23, 2026. However, Zendesk recommends the following:

  • Review documentation. To understand how these protocols work, see Authenticating incoming email (SPF, DKIM, DMARC, and ARC).
  • Monitor your Suspended tickets view regularly. Spam issues must be resolved at the source; adjusting filters will not improve sender reputation or prevent messages from being suspended.
    As needed, work with your domain admin or provider to examine and correct any issues with forwarding workflows.

If you have feedback or questions related to this announcement, visit our community forum, where we collect and manage customer product feedback. For general assistance with your Zendesk products, contact Zendesk Customer Support.

Powered by Zendesk