Should both top-level and DKIM subdomains be monitored for email deliverability?

Key findings

• Reputation variance: Subdomains can independently develop their own sender reputation, which may differ significantly from the parent (top-level) domain.
• Data granularity: Monitoring subdomains provides more specific data points on performance, complaints, and blocklisting, which is essential for targeted troubleshooting.
• DKIM alignment: While the reputation is largely tied to the DKIM signed domain, friendly From domains also play a role in how recipients and ISPs perceive your mail.
• Complaint source: Email complaints are typically attributed to the DKIM signed domain, making its monitoring critical for identifying abusive sending patterns.

Key considerations

• Comprehensive view: To gain a full understanding of your email program's health, monitor both the top-level domain and all active DKIM subdomains.
• DMARC reports: Utilize DMARC monitoring to receive aggregated reports on authentication results, which will include data for both your organizational domain and its subdomains.
• Strategic subdomain use: Implement a strategy where different subdomains are used for distinct mail streams (e.g., transactional, marketing) to isolate reputation and simplify troubleshooting. This is a common best practice, as outlined in our guide on why to use subdomains.
• Authentication importance: Ensure proper SPF and DKIM authentication for all sending domains and subdomains to maintain strong deliverability. Mailjet provides a comprehensive guide on authenticating domains with SPF and DKIM.

Key opinions

• Subdomain reputation: Many marketers find that subdomains can develop distinct reputations from their parent domains, warranting separate monitoring.
• Monitoring is key: Despite some platforms rolling data into the top-level domain, marketers still see value in verifying and monitoring DKIM authenticated subdomains.
• Data for troubleshooting: The detailed data from subdomains, especially concerning complaints, helps in diagnosing and resolving deliverability issues more effectively.
• Reputation complexity: Email reputation is not solely tied to one domain type, but influenced by various factors across all sending entities.

Key considerations

• Distinct mail streams: Using different subdomains for different email types (e.g., transactional, marketing) is widely recommended to protect overall domain reputation. Our guide on using subdomains for outbound email elaborates on this.
• DKIM's role: Reputation and complaints are often linked to the DKIM signed domain. This means understanding the best DMARC, DKIM, and SPF setup is vital.
• From domain considerations: While DKIM is primary for reputation, the friendly From domain still impacts user perception and some filter decisions. Mailgun's article on the basics of email subdomains offers insights.

Key opinions

• Holistic reputation: Experts stress that email reputation is a complex calculation influenced by all aspects of the email, not just the DKIM signing domain.
• Monitoring depth: It is critical to monitor all domains and subdomains involved in sending, including the friendly From, Return-Path, and DKIM domains.
• Isolation strategy: Using separate subdomains for different email types (e.g., marketing, transactional) helps isolate reputation risks, preventing issues in one stream from affecting others.
• Visibility gaps: Failing to monitor any significant domain or subdomain can lead to undetected problems and potential blocklistings.

Key considerations

• Comprehensive analysis: Implement robust monitoring tools that provide insights across all your sending domains and subdomains. This aligns with advice on technical solutions for deliverability.
• DNS configurations: Proper DNS setup, including SPF and DKIM records for all relevant domains, is foundational for good deliverability. Kickbox Blog offers expert advice on how DNS impacts email deliverability.
• Proactive issue detection: Continuous monitoring of all domain types allows for early detection of issues, preventing them from escalating into major deliverability problems. Discover common email deliverability issues.

Key findings

• Authentication standards: For an email to pass DMARC, it must pass either SPF or DKIM alignment, where the domain used in those checks aligns with the RFC 5322 From domain.
• Subdomain coverage: Many guidelines recommend ensuring all subdomains are covered under SPF, DKIM, and DMARC policies for full protection.
• DKIM's role in DMARC: A valid DKIM signature and alignment between the d= tag (DKIM domain) and the From domain are essential for DKIM-based DMARC compliance.
• Reputation isolation: Official advice often encourages using subdomains to compartmentalize different mail streams, thereby limiting the scope of potential damage from reputation issues.

Key considerations

• Holistic authentication: Implement SPF, DKIM, and DMARC across all top-level domains and their respective subdomains. Our simple guide to DMARC, SPF, and DKIM covers the basics.
• DMARC policy for subdomains: Consider if subdomains need their own DMARC records or if a wildcard DMARC record (e.g., *.yourdomain.com) is appropriate to protect all subdomains.
• Proactive protection: The Canadian Centre for Cyber Security provides implementation guidance on email domain protection, emphasizing the importance of comprehensive authentication.