Zendesk has published a support article indicating a significant change to their required configuration for DMARC-Aligned SPF.
hc/en-us/articles/203683886- Allowing-Zendesk-to-send- email-on-behalf-of-your-email- domain#topic_sx4_wqp_l2b
hc/en-us/articles/ 360001986348-Sending-Zendesk- email-from-Amazon-SES-servers-
Changes Required for Agari customers
The current set-up for SPF authentication:
Customer adds include:mail.zendesk.com to their sending domain's SPF as a TXT record.
New CNAME option for SPF authentication (Zendesk recommended method)
Customer adds CNAME records to 4 specified sub-domains:
New SPF/MX option for SPF authentication (alternate method)
Customer adds TXT(SPF) and MX records to 4 specified sub-domains:
General Impact for Customers
It is important to note that failure to make the above changes will not result in emails that fails DMARC.
This changes mean that the emails will not be sent from the customer's actual domain; delivery will be done by a native Zendesk address like support@<sendingdomain>.zendes
This also means that in the Agari portal, Zendesk traffic for the customer will appear to cease entirely as the traffic won't be associated to the customer's domain.
Direct Agari Service Impact
Because of the sub-domain requirement, the new Zendesk SPF cannot be managed directly for the customer's sending domain in Hosted SPF as the authorization is done against the sub-domain.
Please contact Agari Technical Support if you have any further questions.