Summary
Configuring SFMC for sending on behalf of sales representatives with DKIM/DMARC authentication is achievable and doesn't cause conflicts with other systems. It necessitates both a Sender Authentication Package (SAP) and a Private Domain for top-level domain sending, with SAP handling link/image wrapping. Utilize subdomains for the SAP (e.g., email.domain.com) to ensure DMARC alignment. SPF checks in SFMC occur at the bounce domain level, emphasizing proper DKIM setup. Subdomain usage isolates email reputation, and avoiding top-level domain reply-to addresses when using subdomains prevents address book issues. Crucial steps also include generating DKIM key pairs, publishing the public key in DNS, configuring SFMC with the private key, configuring Reply Mail Management (RMM) to process replies and unsubscribes, monitoring and improving sender reputation, and correctly setting up DMARC records to prevent domain spoofing. Using inbox placement tests, measure the impact of SPF, DKIM and DMARC records.
Key findings
- SAP & Private Domain Required: Sending as a top-level domain requires both a Sender Authentication Package (SAP) and a Private Domain.
- Subdomain for SAP: Employing a subdomain for the SAP ensures proper DMARC alignment.
- SPF Scope in SFMC: SPF checks primarily occur at the bounce domain level within SFMC.
- Importance of DKIM: Proper DKIM setup is essential for authentication and deliverability.
- RMM for Reply Handling: Reply Mail Management (RMM) configuration is critical for processing replies and unsubscribes.
- Monitor Sender Reputation: Continuously monitor and improve sender reputation for optimal deliverability.
- Use inbox tests: Using inbox placement tests measure the impact of email authentication.
Key considerations
- Address Book Management: Avoid using top-level domain reply-to addresses when sending from subdomains.
- DNS Configuration: Ensure DNS records are configured correctly to prevent authentication failures.
- DMARC Implementation: Properly configure DMARC records to instruct receiving servers on handling unauthenticated messages.
- Full Implementation: Partial SAP and Private Domain implementations are not advised; ensure a comprehensive setup.
- Regularly validate: Regularly validate the SPF, DKIM and DMARC records.
What email marketers say
6 marketer opinions
To configure SFMC for sending on behalf of sales representatives with proper DKIM/DMARC authentication, it's essential to ensure SPF and DKIM are correctly set up. SPF authorizes sending sources, while DKIM signs emails. Using a subdomain isolates email reputation and allows individual DKIM settings. Consistently monitor and improve sender reputation, using SPF, DKIM and DMARC. Regularly checking your IP and domain reputation, addressing spam complaints, and maintaining sending volumes are crucial. Correctly setting up DMARC records instructs receiving servers on handling unauthenticated messages, preventing domain spoofing. Finally, employ inbox placement tests to evaluate the impact of SPF, DKIM, and DMARC records on deliverability.
Key opinions
- SPF & DKIM: SPF and DKIM are prerequisites for DMARC implementation.
- Subdomain Isolation: Using subdomains helps isolate email reputation for multiple sending reps.
- Sender Reputation: Consistent monitoring and improvement of sender reputation are crucial.
- DMARC Handling: DMARC records instruct receiving servers on how to handle unauthenticated emails.
- Deliverability Testing: Inbox placement tests measure the impact of authentication records on deliverability.
Key considerations
- Authentication Setup: Verify that SPF, DKIM, and DMARC records are correctly configured and validated.
- Reputation Monitoring: Implement continuous monitoring of sender reputation and domain health.
- Feedback Loops: Actively address spam complaints and feedback loop reports.
- Testing Protocols: Use inbox placement tests to proactively identify and resolve deliverability issues.
- Alignment: Ensure SPF and DKIM align with the 'From' domain for DMARC compliance.
Marketer view
Email marketer from EmailGeeks shares that to implement DMARC correctly, ensure SPF and DKIM are properly configured first. SPF should authorize the sending sources, and DKIM should sign your emails. Monitor DMARC reports to identify any authentication issues and adjust configurations as needed.
9 Dec 2021 - EmailGeeks
Marketer view
Email marketer from Neil Patel Blog shares that consistently monitoring and improving your sender reputation is crucial for deliverability. Regularly check your IP and domain reputation, address any spam complaints promptly, and maintain consistent sending volumes to build a positive reputation.
26 Jul 2023 - Neil Patel Blog
What the experts say
7 expert opinions
Configuring SFMC to send on behalf of sales representatives with DKIM/DMARC authentication involves several key steps and considerations. It's feasible and won't create conflicts; DKIM can exist in multiple places. Implementing both a Sender Authentication Package (SAP) and a Private Domain is crucial for sending as a top-level domain, with SAP handling link/image wrapping and the Private Domain enabling the use of the top-level domain in the 'From' address. When using subdomains for sending (e.g., e.domain.com), avoid reply-to addresses at the top-level domain to prevent address book issues. Best practice involves using a subdomain for the SAP (e.g., email.domain.com) to ensure proper DMARC alignment with the top-level domain in the 'From' address. In SFMC, SPF checks occur at the bounce.email.domain.com level, so the top-level domain SPF isn't necessary, relying instead on correct DKIM setup. Ensure that SPF, DKIM and DMARC are correctly setup.
Key opinions
- SAP and Private Domain: Both SAP and a Private Domain are needed for sending as a top-level domain in SFMC.
- Subdomain Strategy: Use a subdomain for the SAP to align with DMARC requirements.
- SPF Scope: SFMC SPF checks are limited to the bounce domain, top-level domain SPF not needed.
- DKIM Importance: Proper DKIM setup ensures authentication and deliverability.
- No Conflicts: Implementing DKIM/DMARC won't conflict with other domain uses like G Suite or Salesforce CRM.
Key considerations
- Address Book Issues: Avoid using top-level domain reply-to addresses when sending from subdomains.
- Full Implementation: Partial implementation of SAP and Private Domain is not recommended.
- Authentication Key: Make sure SPF, DKIM and DMARC are all set up correctly for authentication.
Expert view
Expert from Email Geeks explains that sending on behalf of a company sales rep using SF Marketing Cloud and still being DKIM/Dmarc-authenticated is doable and will not create a conflict. The domain can be configured in G Suite, Salesforce CRM, etc., as DKIM can exist in more than one place.
16 Sep 2022 - Email Geeks
Expert view
Expert from Spam Resource explains that to configure SFMC to send as a top-level domain (e.g., @yourdomain.com) for sending on behalf of sales reps, you need both a Sender Authentication Package (SAP) and a Private Domain configured correctly. The SAP handles link and image wrapping, while the Private Domain allows you to use your top-level domain in the 'From' address. The linked article details the exact steps.
28 Apr 2024 - Spam Resource
What the documentation says
5 technical articles
Configuring SFMC to send on behalf of sales reps with DKIM/DMARC authentication, per Salesforce documentation, requires implementing a Sender Authentication Package (SAP) for authentication, including a dedicated IP, branded domain, and DKIM signing. DKIM setup involves generating a key pair, publishing the public key in DNS, and configuring SFMC with the private key. Proper configuration of SPF syntax is also essential. To handle replies effectively, configure Reply Mail Management (RMM) to route replies to the correct sales rep and process out-of-office and unsubscribe requests. DKIM specifications are outlined in RFC documentation, detailing digital signatures for email integrity.
Key findings
- SAP Implementation: Implementing SAP in SFMC enables email authentication.
- DKIM Key Setup: DKIM setup requires generating and configuring key pairs in DNS and SFMC.
- RMM Configuration: Configuring RMM is crucial for handling replies and unsubscribes.
- RFC Specs: DKIM specifications are detailed in RFC documentation.
- SPF Configuration: Correct SPF syntax and structure is essential.
Key considerations
- DNS Configuration: Ensure DNS records are correctly configured to avoid authentication failures.
- Deliverability Maintenance: Proper RMM configuration is necessary to maintain deliverability.
- SPF validation: Check the SPF records are set up correctly.
Technical article
Documentation from Salesforce Help explains that implementing a Sender Authentication Package (SAP) in Salesforce Marketing Cloud allows you to authenticate your email sends. This includes features like a dedicated IP address, branded domain for link and image wrapping, and DKIM signing of emails.
2 Aug 2022 - Salesforce Help
Technical article
Documentation from Salesforce Help explains that to set up DKIM in SFMC, you need to generate a DKIM key pair and publish the public key in your DNS records. Then, configure SFMC to use the private key for signing outgoing emails. Ensure your DNS records are correctly configured to avoid authentication failures.
25 Feb 2023 - Salesforce Help
Can DKIM be set up on a subdomain, and which domain should be used for signing?
Do SPF and DKIM records need to be aligned for all email service providers?
How do I align SPF and DKIM in Salesforce Service Cloud, and is it necessary if DKIM is already aligned?
How do I implement DMARC with BIMI on multiple subdomains?
How do I properly set up SPF and DKIM records for email marketing, including handling multiple SPF records, IP ranges, bounce capturing, and Google Postmaster Tools verification?
How should DMARC, SPF, and DKIM records be configured for domains that do not send email?
