If you want to use your own email address to receive support requests, and you've added your email address as a support address in Zendesk, then you can set up your custom email domain to verify that Zendesk can send email on behalf of your email server.
For example, if you receive email from your customers at help@acme.com, and you've set up an automatic redirect to forward all email received there to Support, you can authorize Zendesk to send out notifications as if it originated from your own email address (for example: help@acme.com). That way you can preserve your branding throughout the entire process.
You don’t have to configure your email domain this way, but it’s recommended if you use your own custom email domain and have set up forwarding to an external email address. If you use a non-custom domain, such as addresses ending in @gmail.com or @yahoo.com, you can't use this feature, as you won't have access to the account DNS settings.
The advantages of this configuration
So, do you have to allow Zendesk to send email on behalf of your email domain? The short answer is: No. The slightly longer answer is: Only if you really don't want your customers to see the Zendesk name on their messages.
When Zendesk sends an email message using your email address (which is what happens if you've set up a support address with forwarding) the message identifies the sender as zendesk.com to avoid getting rejected. However, if you allow Zendesk to send email on behalf of your email domain, Zendesk stops sending messages from zendesk.com, and sends them from your domain, completely preserving your branding.
If you don't complete the tasks described in this article, your customers might see something like this:
The following warning will also appear in the agent interface next to your external support addresses:
However, if you complete the tasks described in this article, the via statement and warning don’t appear.
Setting up records for your domain
The process of setting up an SPF record is different for different domain registrars. For example, here are the instructions for GoDaddy, Namecheap, 1&1, Network Solutions, and Google Domains.
To create or edit an SPF record to reference Zendesk
- Edit your domain's DNS settings to add a TXT record. The steps vary depending on your domain registrar. A TXT record is required for your SPF record to be validated.
Zendesk recommends using the following SPF record:
v=spf1 include:mail.zendesk.com -all
- If you use
include:mail.zendesk.com
, then it must be in the first-layer lookup - SPF macros are supported
-
redirect:
syntax is supported - Record flattening services will work, though this
practice may be less stable than
include:
,redirect:
, or macro syntax.
-all
), which offers the greatest security against
email spoofing. An invalid SPF record can cause verification to
fail. Seek support from your domain provider, as Zendesk cannot help
you administer your DNS or security records and policies.If you've already set up an SPF record for another purpose, add a reference to Zendesk to it. The SPF specification requires that you only have one SPF record on your domain. If you have multiple records, it may cause issues, and cause rejections of your email.
For example, instead of having two separate records, such as
v=spf1 include:_spf.google.com -all
and
v=spf1 include:mail.zendesk.com -all
,
combine them into one, like this:
v=spf1 include:_spf.google.com include:mail.zendesk.com -all
In the past, Zendesk suggested alternate formulations for SPF records,
including include:smtp.zendesk.com
and
include:support.zendesk.com
. These are both
outdated SPF records. While they might still work, they're not the
best option. If you're still using them, you'll see a warning flag
indicating you've set up an outdated record.
Removing legacy DNS entries
zendesk1.yourdomain.com >> mail1.zendesk.com
zendesk2.yourdomain.com >> mail2.zendesk.com
zendesk3.yourdomain.com >> mail3.zendesk.com
zendesk4.yourdomain.com >> mail4.zendesk.com
Verifying your domain
In order for Zendesk Support to send emails on your behalf, you must verify that you own the domain that you want Support to use. This is done by adding a TXT record (a domain verification record) to your DNS server that Support will check. The domain verification record is unique for each Support account and domain combination.
If you don’t add the domain verification record, Support sends emails from a Zendesk-provided email address. If you want to give your customers a white label experience, hiding all Zendesk branding, you must add this record.
To verify that a domain belongs to you
- Make sure you have finished setting up your SPF record.
-
In Admin Center, click
Channels in the sidebar, then select Talk and email > Email.
You should see a verification check for your DNS records.
- Click See details to see the domain verification value.
You can find the value next to the Domain verification TXT record check. In this example, the value is abcdef123456:
Note: If you are an agent with permissions to manage support addresses, you can use the Support Addresses API endpoint to find the domain verification code for your support address instead, if you prefer. Look for the domain_verification_code value. For more information, see the developer documentation about Support Addresses. - Edit your domain's DNS settings and add this TXT record:
Type Name Value TTL TXT zendeskverification <your unique value found in Support> 3600 or use default Note: Your domain will be automatically appended to zendeskverification. If your domain is used in multiple Zendesk accounts, you must add a separate TXT record for each account. - After you add the TXT record, click the Verify DNS
records button to confirm that your records are
now valid. The domain verification records aren't currently
in use and don't affect sending or receiving behavior.
If the records are valid, the red error messages will disappear. If you're having trouble setting up your DNS record correctly, see Why do I receive the error "DNS records are not set up correctly" when verifying my DNS records.
After your domain is verified, leave the domain verification record in-place.
If you decide to change your Support subdomain or host mapping later, you don’t need to update your domain verification records.
Understanding SPF checks
Sender Policy Framework (SPF) is a domain level email authorization protocol that allows you to declare which IP addresses are allowed to send email as if it originated from your domain.
This is accomplished by adding Domain Name System (DNS) TXT record. Think of DNS as a publicly accessible record for the internet. This record enables you to state publicly that Zendesk is an authorized sender for your domain.
When an email client receives a message, it performs an SPF check on the sending domain to verify that the email came from who it says it did. If this check fails, or there isn't a DNS record that says that Zendesk is a permitted sender, some receivers might consider that email spam or a phishing attempt, and flag it as untrustworthy or not display it to your customers at all.
Zendesk avoids this by sending email using our own domain when we're not authorized to use your domain, and by using your domain only when you authorize Zendesk with a proper SPF record. Generally, this helps to prevent emails from your Zendesk account to your customers from being incorrectly marked as spam. However, if you are having this problem, see How can I stop my emails from going into my customer's spam folder?
If you're curious, you can read more about SPF at www.openspf.org. If you're having trouble verifying your SPF record, see Why is my SPF record not validating?
43 comments
Support
could you please also link in other domains ? many thanks brett
0
Brett Bowser
Can you share the email provider you use? That would help narrow down the instructions you need to remove the email forwarding.
Let me know!
0
Neda Kelly
Hey Support,
We're looking at a way to use email addresses as our sender address without it becoming one of our standard support addresses in Zendesk. Is there a way to do this?
Thanks in advance!
0
henrik
You should update this part of the documentation:
Having multiple SPF records will invalidate the SPF configuration for the domain. The part from Zendesk MUST be merged with the existing SPF record.
1
henrik
Years ago, Zendesk customers were asked to create a collection of new hostnames as preparation for migrating to Amazon SES I think.
zendesk1.<customerdomain>
zendesk2.<customerdomain>
zendesk3.<customerdomain>
zendesk4.<customerdomain>
What happened to those migration plans? Can we delete those records again ?
0
Gabriel Manlapig
As of the moment, there's no out of the box way to do this. The only way to choose an address is by using the select an address app (this option still required you to add your email address as a support address in Zendesk) or setting received at address via API tickets.
From our API documentation, the "recipient" parameter defines the email address where the notifications for a ticket come from. Essentially, it is the outbound email address.
With that, you can simply add the "recipient" parameter to your POST request to create a ticket. Please see the sample payload below.
I hope this helps you out. Thank you!
0
Kristie Sweeney
henrik Thank you for the call out in the documentation! I am working with the engineering team to update that section of the article.
0
Noelle Cheng
What about when a requester submits a ticket via the helpcenter? Will this allow for our email address to be the email used when the ticket is created?? We really don't want the “domain.zendesk.com” to be on the automatic notifications to the requester when a ticket is opened via helpcenter.
0
Dikshant Rai
Hi, I am seeing error as “SPF does not include Zendesk Support”. For DNS and Forwarded, it is verified.
I need clarification if I am adding SPF record correctly.
For example: I have domain as dikshant.com and I have added support.dikshant.com in zendesk to send all email with this domain. I have other spf records already for my main domain. Should I add zendesk SPF in root domain or it should have separate TXT record with subdomain as support and values as Zendesk SPF.
0
Ivria Sisson
Hi, i am trying to complete the set up to Allow Zendesk to send email on behalf of our email domain process, however I keep getting a message that the email is already used by support, see attached screenshots.
0
Max
ERROR
Be careful this is wrong :
Note: Your domain will be automatically appended to zendeskverification. If your domain is used in more than one Zendesk account, your TXT record can include all of the verification codes, separated by a space, up to 255 characters.
You have to do 2 separate DNS records and not separate them by a space for it to work. Confirmed by Zendesk Support (Support Tech Engineer Principal Tier 3)
0
Kristie Sweeney
Hi Max! Thank you for letting us know about the incorrect information. I updated the article to state that if your domain is used in multiple Zendesk accounts, you must add a separate TXT record for each account.
0
Noelle Cheng
Hi Kristie Sweeney or Gabriel Manlapig,
What about when a requester submits a ticket via the helpcenter? Will this allow for our email address to be the email used when the ticket is created? We really don't want the “domain.zendesk.com” to be on the email used for automatic notifications to the requester when a ticket is opened via the helpcenter.
Also, does this now work for side conversations as well? Currently all side conversations are sent using the "domain.zendesk.com" address and it's incredibly frustrating that this happens and we aren't able to fully private label. Thanks!
0