Allowing Zendesk to send email on behalf of your email domain

Have more questions? Submit a request

131 Comments

  • Heather R
    Comment actions Permalink

    1) Does Zendesk have a DKIM option?
    2) how long does it take for the TXT record to update and be effective?

    0
  • Max McCal
    Comment actions Permalink

    1) Yes! https://support.zendesk.com/hc/en-us/articles/203663326
    2) It should be based on the "TTL" or time to live of your record. If you don't see it in a day or so (keep using the retry link to update), let our support team know.

    0
  • Jessie Schutz
    Comment actions Permalink

    Hi Eugene!

    Where in the email is it saying this? I need to know what part of the communication we're dealing with in order to be able to answer your question.

    0
  • Henrik Schack
    Comment actions Permalink

    (Guessing..) I think what Eugene is seeing is a "via ... zendesk.com" to the right of the From address, at least Google displays the From address in that manner if the From address differs from the Sender envelope address.

    -1
  • Isaac de la Fuente
    Comment actions Permalink

    Once you create the SPF record what changes do you make in Zendesk to trigger your emails to be send via your domain?

    1
  • Jessie Schutz
    Comment actions Permalink

    Hey Isaac,

    As long as you have your Support Addresses set up, you won't need to do anything else!

    0
  • Simon McAllister
    Comment actions Permalink

    Perhaps this article could be updated…  Whilst adding Zendesk to your SPF will ensure that your customers receive Zendesk emails posing as your domain, employees of your domain may not receive these type of emails from Zendesk until you have authorised your mail server to accept them.  This is because SPF may not the only method of authorisation required e.g. our Exchange mail server required an additional 'Receive Connector' to be setup to accept emails that were sent from Zendesk using our domain name.  Without this step in place tickets were shown in a suspended state with error:  “550 5.7.1 Client does not have permissions to send as this sender”

    0
  • Chris
    Comment actions Permalink

    If you already have a SPF record for your domain, you should not create a new record for Zendesk because multiple SPF records are not allowed. Instead, add 'include:mail.zendesk.com' to your existing SPF record.

    0
  • Chris
    Comment actions Permalink

    The article recommends using '?all', but that makes SPF almost useless.

    1
  • Henrik Schack
    Comment actions Permalink

    You should not rely on SPF or DKIM alone for email authentication.

    Deploy DMARC and then -all ~all or ?all doesn't really matter, as only a SPF PASS makes the email pass DMARC.

     

    1
  • Bob Novak
    Comment actions Permalink

    Hi Chris - the ?all portion is up to you, as long as you have the proper entry for Zendesk it will work in regards to our system. I think we recommend ?all because it is the least intrusive, but you are free to use your preference.

    2
  • Neeraj
    Comment actions Permalink

    v=spf1 include:_spf.google.com include:mail.zendesk.com ~all

     

    I have updated the mentioned SPF Records. I am still being warned to verify the SPF records.

    0
  • Jessie Schutz
    Comment actions Permalink

    Hey Neeraj!

    If you're still getting the warning message, most likely the settings aren't quite right in your DNS settings. The right way to do this is going to vary depending on what service you're using...have you checked any support documentation your DNS provider has?

    0
  • Jonathan Hayes
    Comment actions Permalink

    I am using Office 365 and Godaddy.  I have added

    v=spf1 include:spf.protection.outlook.com include:mail.zendesk.com -all

    Office 365 shows all good, but I can't verify the spf record in Zendesk

    0
  • Bob Novak
    Comment actions Permalink

    Hi Jonathan - I'll make a ticket for you and we can troubleshoot there. Please keep an eye out for my notification in your inbox.

    0
  • Adam Horn
    Comment actions Permalink

    I'm getting the same result as Jonathan.

     

    0
  • Jessie Schutz
    Comment actions Permalink

    Hey Adam!

    It looks like Jonathan changed ?all to -all and that took care of his issue! If that doesn't solve the issue for you, I'd recommend submitted a Support ticket (if you haven't already done so) so we can take a look at it.

    0
  • Heather R
    Comment actions Permalink

    We are very thankful for the updates to this and other articles.

    We were able to successfully set this up with one very big exception --  for tickets that are created by an agent (Customers calling us) we are seeing that Zendesk still uses a Zendesk email.

    Is this some sort of default? How do we change this. Thank you so much!

    0
  • Ryan
    Comment actions Permalink

    Hey Heather! 


    That would mean your default support address is still an internal support address @yourdomain.zendesk.com. You will want to change that by Going to Admin >> Channels >> Email.

    From there, You will Hover over the support address you'd like to make your default address to make the change (on the right side)

    HERE is a tech note on it as well.


    1
  • Heather R
    Comment actions Permalink

    Thanks @Ryan! Now I understand!

    I am hoping at some point in the future we can select what address Zendesk uses depending on different factors. We have multiple divisions here using the tool who would like their own default email....

    1
  • Tomás Gutiérrez Meoz
    Comment actions Permalink

    Hi all - I'm still seeing an SPF warning for our configuration, and can't seem to fix it. The following is the current configuration:

    '''
    [togume:~] $ dig whitetalecoffee.com TXT +short
    "v=spf1 include:_spf.google.com include:mail.zendesk.com include:shops.shopify.com ~all"

    '''

    Any support would be helpful. Thanks!

    0
  • Henrik Schack
    Comment actions Permalink

    What sort of warning? It's a valid SPF record.

    The Dmarcian.com SPF Survey tool is really great. : https://dmarcian.com/spf-survey/

     

     

    0
  • Sean Cusick
    Comment actions Permalink

    Hi Tomas / Henrik, The record appears to be present and populated now for whitetalecoffee.com. Some domains employ a 24 hour TTL before a record becomes published publicly. If you click SPF Retry within Channels>>Email>>Support Addresses>>address in questions and it is still not verifying then please open a ticket at support@zendesk.com and we'll be happy to investigate further. 

    0
  • Tomás Gutiérrez Meoz
    Comment actions Permalink

    @Henrik - thanks for the reply, and for the tool! Yes - I was fairly certain that it was a valid record.

    @Sean - aha! Bingo. I'd set up the SFP entry a long time ago, and today I was poking with some configurations when I came across the warnings. A manual retry cleared the warnings. I didn't even think of that; figured that it would have been cleared on its own :).

    All good on this end. Thanks!

    0
  • Tina Cochet
    Comment actions Permalink

    hi,

    v=spf1 include:mail.zendesk.com ?all

    The ? should be ~ it took me a while to notice why the TXT record wasn't working, maybe  edit the document to make it look like :

    v=spf1 include:mail.zendesk.com ~all


    Kind regards Tina

    0
  • Ryan
    Comment actions Permalink

    Hi Tina!

    The Qualifier can be either actually!

    It's all dependant on what you're comfortable with, and what behavior works for you. We use the ? (neutral) qualifier so its neutral and won't cause any unexpected failures to people who are unaware of the difference.  Using ~ means the SPF record has designated the host as NOT being allowed to send but is in transition -- While usually not a problem, we cannot account for every situation (or behavior that fits your workflow or servers), hence the neutral being used in its place (as a general recommendation).

    But again, we allow the use of any qualifier, and any valid SPF syntax, so whatever works for you, go with (as long its in line with SPF specifications that is).


     For more information on the Qualifiers themselves, Open SPF is a great resource:
    http://www.openspf.org/SPF_Record_Syntax

    0
  • support
    Comment actions Permalink

    Hello,

     

    How can I remove the zendesk word from this support@smartsmileapp.zendesk.com ? I would like it to become like this  support@smartsmileapp.com . Anyone here please help me.

     

     

    Thanks

    0
  • Simon McAllister
    Comment actions Permalink

    If you have control of your mail server (where emails to @smartsmileapp.com land), you can setup a forward to support@smartsmileapp.zendesk.com

     

     

     

    0
  • support
    Comment actions Permalink

    Hello Simon,

    Thank you so much for your reply. Basically my boss just wants to make sure our customer will not see our published email as support@smartsmileapp.zendesk.com but just support@smartsmileapp.com only. So he just want me to take the zendesk out of that email.

    0
  • Simon McAllister
    Comment actions Permalink

    Yes, of course;  you will want your customers to continue to send to support@smartsmileapp.com

    Ensure that the server that handles mail for your domain, is setup to forward those mails to your support@smartsmileapp.zendesk.com

    Also ensure that reply emails that are sent from Zendesk (from your support agents), send 'as' support@smartsmileapp.com

    If your mail domain is protected against spoofing (where you authorise specific servers to send 'as' your domain) you will also have to update the protection to allow Zendesk servers.

    SPF is one type of protection that is discussed above.

    This is important because many (not all yet) customer email systems may perform checks as part of their anti-spam protection.  Those that do will more than likely not receive your support agents’ replies from Zendesk unless protection is updated correctly.

    My organisation has an on premise Exchange server that works with this scenario and is secured as much can be.  Thus the components of our Exchange server (receive connectors) required similar action (add Zendesk mail sending server IP’s) to authorise Zendesk’s emails, posing as our domain, to arrive in our own support agents or sales employees mailboxes.

    Bear in mind that if your mail server is inaccessible, it cannot receive or forward mails from your customers.  Zendesk itself is quite resilient, in many cases, more so than some of its customer’s mail platforms.  But it depends on each scenario.  Research, plan and test where you can.  Good luck.

    0

Please sign in to leave a comment.

Powered by Zendesk