Skip to main content

Article 2 min read

Important update to the Zendesk DMARC policy

By Srikanth Veeraraghavan

Last updated October 7, 2016

As of September 14, 2016, we made a change to Zendesk’s DMARC policy from p=”none” to p=”reject”. A DMARC reject policy tells the email receiver, “if you see an email from a domain, but the domain didn’t send it, please do not deliver it.” While this policy only has an impact on email receivers that perform DMARC validation on inbound emails, the list is growing and includes email providers such as Comcast, Google, Microsoft, AOL, and Yahoo.

This change helps to protect Zendesk’s customer subdomains from unauthorized use. It also stops delivery on what previously would have been considered authorized mail sent on behalf of Zendesk subdomains via non-Zendesk servers. Email sent on behalf of Zendesk subdomains to the receiver of the email will be rejected unless the email passes SPF or DKIM authentication checks.

We recognize that some legitimate senders will be challenged by this change and be forced to update how they send mail. However, this is an important change for protecting Zendesk’s reputation as an email sender and its customers’ reputations, as Zendesk sends emails on behalf of its 81,000 customers.

What should you do?
Regular use of Zendesk email, including email forwarding or use of the Gmail connector, is unaffected. This change will affect you if you have set up a mailing service or other tool to use one of your Zendesk addresses to send email.

For example, if you send an email newsletter to customers from using a tool other than Zendesk, and you want any responses to automatically create tickets in Zendesk, you will need to adjust your email settings to send on behalf of and then forward the responses to

Why this change?
We’ve made this change because we believe it is important. We don’t like to toot our own horn, but realize it can be helpful to hear what people in the DMARC community have to say about this change:

  • From Steven M. Jones, Executive Chairman of “Zendesk is taking a laudable step to secure the email communications of thousand of companies, and protect millions of their customers. I’m not sure there’s ever been a single deployment that would protect more companies than this.”
  • From Tim Draegen, Chair of DMARC Working Group, IETF: “Zendesk’s roll out of DMARC across its huge customer-serving infrastructure really shows just how serious Zendesk is in protecting email communications. When someone signs up with Zendesk, a custom sub-domain of is provisioned for sending email on behalf of the customer. Securing so many actively used sub-domains to protect the entire Zendesk customer base has never been done before, and really proves the utility of DMARC and the ingenuity of Zendesk.”

Learn more about DMARC here. And thanks for working with us as we make email a safer and better experience for everyone!

Related stories

1 min read

Agent performance: What it is + 25 metrics to track

Agent performance is directly tied to customer retention and operational efficiency. Learn important metrics and how to improve agent performance.

4 min read

Why AI agents mark a massive change in CX

Autonomous AI agents will be the new front line in CX—instantly deployable and capable of resolving the vast majority of customer issues.

2 min read

Building AI-powered experiences for humans—with Upwork’s Brent Pliskow

With AI at the heart of their support operation, Upwork is raising the bar for their customers and their internal teams.

1 min read

Employee leave: An essential guide for 2024

Employee leave is a fact of life across all industries, including customer service. Discover who qualifies for leaves of absence and learn more about them in our comprehensive guide.