Zendesk SPF and DKIM Record: Step by Step

Zendesk SPF and DKIM Configuration: Step by Step

4 Min Read
Zendesk logo on a blue background

This informative article will demonstrate the Zendesk configuration process of Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM) Signatures to ensure Zendesk passes the DMARC alignment check.

SPF records allow receiving servers to check whether an email with the specified source domain was actually sent from a server authorized by the owner of this domain.

DKIM adds a digital signature to each message. This allows the receiving server to check if the message has been sent from an authorized sender, faked or changed upon delivery.

This Zendesk configuration process is crucial to let ISPs know that you are a trusted sender. One of the many benefits you will enjoy with this setup will surely be improved open rates. ISPs reward authenticated email with better inboxing. Improved open rate means more conversions because more prospects will see your messages.

SPF Record Setup

To ensure the emails from Zendesk are sent on behalf of your domain, we need to create or update your existing SPF record by including the following mechanism: include:mail.zendesk.com.  You can easily create a record using our SPF Record Generator tool. 

The steps to create a new Zendesk SPF record:

  1. Navigate to SPF Record Generator.
  2. Add include:mail.zendesk.com in the include:__ section.
  3. Choose the Policy (The options are: Fail (Not Compliant will be rejected), SoftFail (Not Compliant will be accepted but marked), and Neutral (Mails will be probably accepted)).
  4. When the proper steps are made click on the “Generate SPF Record ” SPF_Record_Generate
  5. Copy the provided Zendesk SPF record and navigate to your DNS provider TXT record (CloudFlare, Godaddy, etc.). We’ll be using CloudFlare for this example. SPF_DNS_Setup
    Important Note: Make sure you don’t create multiple SPF TXT records on one domain. If you do, SPF will return a PermError.

    If you are using multiple IPs, ESPs, Third-Party services for your various email strategies, you should include them in a single SPF Record.
    E.g v=spf1 ip4: include:mail.zendesk.com include:thirdpartyservice.com ~all 

  6. After the record is added in your DNS zone, navigate to Zendesk and select Admin > Channels > EmailZendesk_nav_bar
  7. Hover over “Add Address” and select “Connect External Address”.Zendesk_Add_Address
  8. Provide an email address or connect to Google Workspace if you already use their services.forwarding_email_setup
  9. Ensure automatic forwarding incoming email to Zendesk Support.

    Here are the steps for some email vendor automatic forwarding steps:

  10. When the Zendesk Automatic Forwarding is set up, select on the newly added address and select “Verify Forwarding”verify_forwarding
  11.  Select the SPF and click on the “Verify SPF Record” button.verify-spf
  12. Then select the DNS Records section and copy the name and the uniquely provided TXT record. Verify_DNS
  13. Head to your DNS zone and create a new TXT record and add the following information provided by Zendesk.Zendesk_TXT_Record_DNS
  14. Navigate Back to Zendesk DNS Records and click on the “Verify DNS Records” button.Verify_DNS_After_Adding_TXT_Record

Finally, after completing these steps, your Zendesk SPF record will be DMARC Compliant!SPF_Check

DKIM Record Setup

  1. Navigate to Zendesk and select Admin > Channels > Email
  2. Locate the section “Custom domain for DKIM” Zendesk_DKIM_Pannel
  3. Navigate to your DNS zone and create two new Zendesk CNAME records.

    For the first CNAME record, in the Name field, enter zendesk1._domainkey.your_domain_name.com. As for Target field, enter zendesk1._domainkey.zendesk.comDNS_Zone_CNAME_1

    For the first CNAME record, in the Name field, enter zendesk2._domainkey.your_domain_name.com.

    As for Target field, enter zendesk2._domainkey.zendesk.comDNS_Zone_CNAME_2

  4. When both CNAME records are added in your DNS zone, head back to Zendesk, navigate to Custom domain for DKIM and click on the “Enable button” and then click on “Save”.Zendesk_DKIM_Pannel_Enable

Now Zendesks’ DKIM record is configured and activated to pass DMARC!

Following the step of enabling and saving the updated DKIM records, navigate to our DKIM Record Lookup tool to ensure the records are set up correctly.

In the Selector section type zendesk1 or zendesk2 and type your domain name in the Domain section.DKIM_Check_1 DKIM_Check_2.

When the DKIM status is shown the green color, that indicates the record is set up correctly. You can read more about Zendesk SPF and DKIM Configuration here.

Various authors from EasyDMARC teams have contributed to our blog during company's lifetime. This author brings everyone together.


Inline Feedbacks
View all comments

succees We’re glad you joined EasyDMARC newsletter! Get ready for valuable email security knowledge every week.

succees You’re already subscribed to EasyDMARC newsletter. Continue learning more about email security with us