How do non-branded domains and shared SFMC hostnames impact email deliverability and what configurations are best?

Key findings

• Shared reputation risk: When utilizing shared SFMC and ExactTarget hostnames for email images, clicks, and views, your sending reputation becomes intertwined with other users. If these shared domains develop a poor reputation (e.g., due to spammy sends from other users), it can lead to deliverability problems for your brand.
• URL blocks: A negative reputation on any shared domain touchpoint, especially with major mailbox providers like Gmail, can result in URL blocks, preventing your emails from reaching the inbox.
• DMARC alignment nuances: DMARC passes if either DKIM or SPF aligns. This means DMARC can pass even if SPF (often tied to bounce domains) does not align, which can mask potential underlying deliverability issues.
• SPF blocks: Despite DMARC passing, some ISPs, notably Yahoo, have been observed to explicitly block emails based on SPF authentication failures, particularly after recent email authentication requirement changes.

Key considerations

• Implement SAP: For robust deliverability, it is highly recommended to implement a Sender Authentication Package (SAP). This ensures full branding of your email program with custom domains for images, clicks, and views, alongside proper DKIM and SPF authentication. Salesforce provides guidance on email deliverability best practices.
• Control hostnames: Configuring your accounts to use hostnames you control for all email elements (e.g., image hosting, click tracking) significantly improves long-term deliverability by reducing reliance on shared reputation pools.
• Multi-bounce domain: Ensure that multi-bounce domain functionality is enabled within your ESP to achieve proper SPF alignment for all your sending domains. This is a crucial step for comprehensive email authentication.
• DNS records for bounce domains: Confirm that your bounce subdomains have correctly configured SPF, MX, and A records. While older SFMC accounts may lack A records for bounce domains, their presence can prevent blocks by some smaller ISPs.

Key opinions

• Shared domains as a cause: Marketers frequently find that non-branded domains or shared hostnames for email assets are a contributing factor to existing deliverability issues, prompting audits and corrective actions.
• SAP expectations: There's a strong expectation among marketers that a Sender Authentication Package (SAP) with fully custom image, click, and view domains is a standard configuration for ensuring good deliverability, even if not strictly mandatory from a technical standpoint.
• Multi-brand complexity: Managing multiple brands within a single SFMC account poses a challenge. Achieving separate body domains for each brand often leads to considering the significant cost and maintenance of acquiring separate SFMC accounts.
• SPF-specific blocks: Despite DMARC passing due to DKIM alignment, marketers observe that ISPs, particularly Yahoo, are increasingly issuing blocks specifically citing SPF failures, indicating its growing importance after recent policy changes. This underscores the need to also prioritize proper SPF alignment.

Key considerations

• Prioritize full branding: Marketers should strive for full branding across all email components, including images and click tracking links, to establish and control their unique sender reputation. This is a core part of email sending practices.
• Monitor bounce reasons: It's vital to closely monitor SMTP bounce reasons, as they can reveal specific authentication issues, such as SPF failures, that might not be immediately obvious from DMARC reports alone.
• Cost-benefit analysis for multi-brand: For organizations managing multiple brands, a careful assessment of the deliverability benefits versus the increased costs and maintenance of separate SFMC accounts for distinct branding should be conducted. This is particularly relevant when deciding on strategies to improve email deliverability.

Key opinions

• Shared domain blocklists: Multiple non-branded domain touchpoints that use shared domains are susceptible to having a poor reputation at ISPs like Gmail, which can result in emails being blocked or placed on a blacklist.
• Shared reputation pitfall: Using SFMC and ExactTarget hostnames means sharing reputation with a vast customer base, some of whom may engage in problematic sending behaviors. This is described as a 'hideous pit of spammers' due to the unpredictable impact on your deliverability.
• Domain mismatch tolerance: For most mailbox providers, a mismatch between the sending domain and other hostnames (e.g., for images or clicks) within an email is generally not a significant deliverability issue, except for a few specific European email activists.
• DKIM vs. SPF importance: While DKIM alignment is paramount for DMARC to pass, SPF alignment is still crucial. Experts recall instances where widespread blocks, even for entire data centers, occurred due to issues with a shared SPF domain. Understanding individual versus shared DKIM can be beneficial here.
• A record for bounce domains: Although not universally considered strictly 'required' by some, the absence of an A record for bounce subdomains can lead to mail being blocklisted by some smaller ISPs, indicating its practical importance for comprehensive email deliverability.

Key considerations

• Full branding for protection: To protect against future deliverability issues, particularly from shared domain reputations, experts strongly recommend implementing a Sender Authentication Package (SAP) that provides full branding with custom image, click, and view domains. This aligns with best practices for third-party ESPs.
• Control all possible hostnames: Where possible, configure your accounts to use hostnames that you directly control across all aspects of your email messages. This proactive measure improves both current and future deliverability.
• Separate accounts for distinct branding: If complete separation of body domains is required for different brands, experts suggest that separate SFMC accounts may be necessary to achieve this level of distinct branding. This affects considerations like subdomain selection for marketing emails.
• Address legacy configurations: Be aware that older accounts, even those from 2020, might have legacy configurations (e.g., missing A records on bounce domains) that do not align with current best practices and can impact deliverability, especially with stricter ISPs. This is an important part of optimizing SFMC for deliverability.

Key findings

• Sender authentication package (SAP): Documentation confirms that SAP is designed to brand all links and images within your emails, aligning them with your chosen sending domain. This is a critical component for professional email marketing. Understanding Salesforce Marketing Cloud setup for deliverability is key.
• Comprehensive authentication: SAP configurations typically include the setup of essential authentication protocols like SPF, DKIM, and sometimes DMARC, all of which are vital for validating your sender identity and improving inbox placement. For email domain authentication best practices, this is essential.
• Private domain importance: Private domains are highlighted as crucial for ensuring that your email is authenticated and your content (like CloudPages) is branded according to your company, rather than relying on generic ESP branding.
• DNS record necessity: Proper configuration of DNS records, including SPF, DKIM, MX, and A records for various subdomains (e.g., bounce, image, click tracking), is consistently emphasized as fundamental for technical deliverability and verification by mailbox providers.

Key considerations

• Aim for comprehensive branding: The goal is to replace all generic ESP hostnames with your own branded domains across all elements of your email messages to present a consistent and trustworthy sender identity.
• Build independent reputation: By branding your entire email infrastructure, you build and maintain a distinct and robust sender reputation, independent of the shared reputation of the ESP's platform.
• Ensure compliance: Implementing a full Sender Authentication Package helps meet the increasingly stringent sender requirements from major ISPs like Google and Yahoo, which prioritize strong authentication and brand alignment.
• Strategic subdomain usage: For different sending needs or multiple brands, strategic use of subdomains for email marketing is recommended, often implying separate accounts or careful configuration with distinct domains.