Question
Why do I need SPF, DNS, and TXT records in Zendesk? What is DMARC and DKIM? What is CNAME?
Answer
What is DNS?
DNS stands for Domain Name System and includes SPF and TXT records, among others. DNS translates your domain name (what follows the @ sign in your email address) to an IP address to send your emails, among other functions. Within your Zendesk Email settings, your DNS records are set up correctly if you have added all of the DNS records that are recommended. This usually involves adding the SPF TXT record that is provided in your Email settings. Issues with your DNS configuration can impact Zendesk's ability to deliver emails on your behalf.
What is SPF?
SPF stands for Sender Policy Framework. SPF is a type of TXT record that your email admin can add in your external email account's DNS settings. Your SPF record lists all of the approved hostnames or IP addresses that are allowed to send an email on behalf of your email domain (which is why you should include Zendesk in that record). An SPF record may look something like this: TXT @ v=spf1 include:mail.zendesk.com
?all
or -all
depending on your domain's needs.
Adding a Zendesk SPF record is strongly recommended, but not strictly required, to allow Zendesk to send emails from your Zendesk account to your customers on your behalf. Email admins usually add the recommended SPF record to prevent your customers' email clients from blocking your emails sent from Zendesk or routing them to a spam folder. The addition of Zendesk in your SPF record improves the ability of Zendesk to send emails on your behalf.
What is TXT?
TXT stands for a text record. A TXT record is a type of DNS record that allows you to store text information and associate the text to a resource. Adding this record verifies that you administer the email domain and that you have allowed Zendesk to send emails on your behalf.
Your email admin should add your Zendesk TXT record value to your external email DNS settings. Your TXT record may look something like this: TXT zendeskverification abc1234567890
. Zendesk is not currently using this record but recommends adding this record for future domain verification requirements.
What is DMARC?
DMARC stands for Domain-based Message Authentication, Reporting and Conformance. If your domain has highly restrictive DMARC settings, then it becomes more important to add an SPF and possibly a DKIM record outside of your Zendesk account to help ensure deliverability. Please check with your domain admin or provider for assistance.
What is DKIM?
DKIM stands for DomainKeys Identified Mail. DKIM is an additional authentication protocol that works together with SPF, or even can be used as an alternative, depending on DMARC settings. Set up DKIM to digitally sign emails sent out of Zendesk and improve deliverability (from Zendesk to your customers) by verifying that the email came from your organization.
What is CNAME?
CNAME stands for Canonical Name Record. Set up CNAME records to point to the Zendesk domain to use its domain key. This recommendation is specific to the DKIM record and unrelated to host mapping.
Summary of DNS records
- All of these records are configured outside of Zendesk by your email administrator.
- Zendesk recommends a specific SPF configuration and tells you what TXT value to set.
- You can see within your Zendesk Email settings if you set these records up correctly.
- SPF errors may cause issues with the emails sent out of Zendesk to be marked as spam or the email may not be sent at all among other email deliverability issues.
- SPF TXT errors may cause your external domain to question whether Zendesk is a trusted source to send emails on your behalf. This includes emails to your own agents.
For more information, see these articles:
- Add the Zendesk recommended SPF record
- Add a TXT record to verify your domain
- My SPF record won't validate
- Why do I receive the error "DNS records are not set up correctly"?
- How do I know if my DKIM records are configured correctly?
- Why is my support address not verified because of a forwarding issue?