What are SPF, DNS, and TXT records?

Question

Why do I need SPF, DNS, and TXT records in Zendesk? What are DMARC and DKIM? What is CNAME?

Answer

Important: These DNS records are an important part of the external email setup and you must configure them outside of Zendesk. Consult an admin before you proceed. They're only necessary for accounts that go beyond the most basic email configuration (quick setup) and those accounts that add external email addresses and configure advanced DNS settings. These definitions are general, though Zendesk recommendations are specific and the implementation differs per email provider.

What is DNS?

DNS stands for Domain Name System and includes Sender Policy Framework (SPF) and text (TXT) records. DNS translates the domain name to an IP address to send emails. Within the Zendesk Email settings, the DNS records are set up correctly if you add all recommended DNS records. This usually involves adding the SPF TXT record provided in the Email settings. Issues with the DNS configuration can impact the ability of Zendesk to deliver emails.

What is SPF?

SPF stands for Sender Policy Framework. SPF is a type of TXT record that an admin adds in the external email account DNS settings. The SPF record lists all approved hostnames or IP addresses allowed to send an email on behalf of the email domain. An SPF record may look like this: TXT @ v=spf1 include:mail.zendesk.com ?all or -all depending on the domain needs.

Zendesk strongly recommends that you add a Zendesk SPF record to allow Zendesk to send emails to customers. Admins usually add the recommended SPF record to prevent customer email clients from blocking emails or routing them to a spam folder. The addition of Zendesk in the SPF record improves email delivery.

What is TXT?

TXT stands for a text record. A TXT record is a type of DNS record that allows you to store text information and associate the text to a resource. The addition of this record verifies that you administer the email domain and that you allow Zendesk to send emails.

An admin should add the Zendesk TXT record value to the external email DNS settings. The TXT record may look like this: TXT zendeskverification abc1234567890. Zendesk doesn't currently use this record but recommends that you add this record for future domain verification requirements.

What is DMARC?

DMARC stands for Domain-based Message Authentication, Reporting and Conformance (DMARC). If the domain has highly restrictive DMARC settings, it's important to add an SPF and possibly a DomainKeys Identified Mail (DKIM) record outside of the Zendesk account to help ensure deliverability. Check with the domain admin or provider for assistance.

Important: Zendesk cannot advise or assist you on domain security settings.

What is DKIM?

DKIM stands for DomainKeys Identified Mail. DKIM is an additional authentication protocol that works with SPF or acts as an alternative, depending on DMARC settings. Set up DKIM to digitally sign emails and improve deliverability by verifying that the email came from the organization.

Important: Don't turn on this feature without verifying that you add the necessary CNAME records first. Failure to do so causes email delivery issues.

What is CNAME?

CNAME stands for Canonical Name Record. Set up CNAME records to point to the Zendesk domain to use the domain key. This recommendation is specific to the DKIM record and unrelated to host mapping.

Summary of DNS records

An admin configures all these records outside of Zendesk
Zendesk recommends a specific SPF configuration and provides the TXT value to set
You can see within the Zendesk Email settings if you set these records up correctly
SPF errors cause issues where emails are marked as spam or not sent at all
SPF TXT errors cause the external domain to question whether Zendesk is a trusted source. This includes emails to agents.
If you turn on enhanced authentication, you limit the amount of spam, but this also impacts users without configured SPF, DKIM, and DMARC settings

For more information, see