Authenticating incoming email using DMARC

Have more questions? Submit a request

4 Comments

  • Allen Hancock

    It should be noted that if you workflow includes auto-forwarding email in to a Zendesk, the DKIM signatures may not be correct.

    Before enabling this feature, you might look at the "original message" in a few recent tickets, and ensure that emails forwarded to your zendesk do not have "dkim=fail" in the list. If they do, you'll want to reconsider how you get messages in to Zendesk before enabling this feature.

     

     

    0
  • Sean Cusick

    Hi Allen, a DKIM failure on a forwarded email alone should not cause any change in behavior on our end. If that failure also included an SPF failure then there might be a flagged comment or a suspension, depending on whether it was a soft or hard-fail. 

    0
  • Hasan S

    "Most emails that do not pass DMARC authentication are suspended. You can view them in your Suspended tickets view. Tickets suspended for failing to pass DMARC authentication have Failed email authentication as the cause of suspension."

    If I understand correctly, if DMARC fails the email may be rejected instead of being 'Suspended'. Is there a way for these emails to never be downright rejected and always end up in the Suspended view? Some users do have SPF/DKIM set up for their domain but do not always send in emails the normal way, an example would be PHPmailer on a webserver with an IP address that is not covered by their SPF record.

    Basically, we want to manually review each message that does not pass DMARC authentication so we don't miss legitimate emails. When we identify those users, we'll just add them to the whitelist.

    0
  • Sean Cusick

    Hi Hasan, Based on your description the arriving emails would become suspended. Only emails that purport to be from Zendesk.com might possibly be rejected. This policy can not be configured at the individual account level. Recovering or deleting from the suspended view is the only moderating tool available at this time for this purpose. Any change in this behavior would be a Feature Request

    0

Please sign in to leave a comment.

Powered by Zendesk