| Announced on | Rollout starts | Rollout ends |
| August 18, 2025 | August 18, 2025 | September 8, 2025 |
Today, we’re excited to announce improvements to how we authenticate inbound email traffic, including SPF/DKIM/DMARC/ARC verification. We have updated our sender authentication feature so customers can now choose protection for differing inbound email pathways.
This announcement includes the following topics:
What's changing?
Customers want to use Zendesk as an integrated part of their organization’s email environment and choose the security level that is ideal for them. We are releasing a series of improved and new features that allow for greater configurability in this regard.
Previously, the sender authentication feature could only be turned on or off. Now, you can choose the type of traffic you want the setting to primarily act on:
- Native for heightened protection for traffic that arrives directly at a Zendesk-provided support address (support@yoursubdomain.zendesk.com).
- Native & Forwarded, which also includes forwarded traffic from your external support addresses (support@yourcompany.com).
- Minimal for low-level protection across the entire account, which acts on both, suspending only egregious examples.
We have also implemented support for ARC headers to help better facilitate auto-forwarded workflows, where authentication from the original sender is often lost. It is now preserved for those domains that support ARC-forwarding.
Why is Zendesk making this change?
At Zendesk, we always strive to improve the service and security experience for our customers. One important aspect is how we handle unauthenticated email traffic that arrives at your account. Email traffic being either unauthenticated or poorly authenticated can strongly indicate that the actual sender is not who they claim to be. This can be leveraged by bad actors to trick you into reacting to a ticket in a way that you might not otherwise. We want to ensure that you have options regarding your account’s visibility and security.
What do I need to do?
In Admin Center, go to Channels > Email > Authenticate emails received with SPF, DKIM, and DMARC alignment and turn on the feature that's best for your organization. See Authenticating incoming email.
We recommend turning on this feature for Native traffic, and then testing to ensure that Native & Forwarded isn't suspending on what should be traffic that arrives with authentication verified.
If you are seeing unwanted suspensions, this may reveal a weakness or misconfiguration in your forwarding process. To discover more, you may want to contact your domain admin or provider, or open a ticket with Zendesk Customer Support.
If you have feedback or questions related to this announcement, visit our community forum where we collect and manage customer product feedback. For general assistance with your Zendesk products, contact Zendesk Customer Support.