Can I use my TLD for SAP with Marketing Cloud when it's also used for corporate email?

Key findings

• Technical feasibility: It is technically possible to send from your TLD for marketing purposes, even when it is also used for corporate email, through Salesforce Marketing Cloud's Private Domain feature.
• Subdomain for SAP: The recommended practice for SAP configuration is to use a subdomain (e.g., email.yourcompany.com) rather than the TLD itself.
• Private domain functionality: After setting up SAP on a subdomain, you can add your TLD as a private domain, allowing you to send emails branded with your main domain.
• DNS conflict avoidance: This setup bypasses conflicts with existing DNS records (like MX records) that are vital for your corporate email system.

Key considerations

• DNS management: Managing DNS records for authentication is simpler with a subdomain. Salesforce typically provides the necessary DNS entries, but custom DNS hosting might be required for advanced setups.
• DMARC alignment: The Private Domain strategy ensures DMARC (Domain-based Message Authentication, Reporting, and Conformance) passes through relaxed alignment, as the return-path domain will align with your SAP subdomain. Learn more about DMARC, SPF, and DKIM.
• Reputation isolation: Using separate subdomains for marketing and corporate emails can help protect your primary domain's reputation. If your marketing emails encounter deliverability issues (e.g., getting blocklisted), it is less likely to affect your corporate communications. This is a best practice recommended by organizations like M3AAWG in their Sending Domains 101 document. Consider how subdomains affect your primary domain's reputation.
• Cost implications: There may be an additional cost associated with purchasing a Private Domain SKU within Marketing Cloud.

Key opinions

• Brand consistency: Marketers highly value the ability to send emails from their TLD to reinforce brand identity and trust with recipients.
• SAP importance: They recognize SAP as a crucial tool for email authentication and overall deliverability, aiming to integrate it seamlessly with their existing domain strategy.
• Subdomain is common: Many marketers are aware that subdomains are the more common and often recommended approach for SAP due to technical simplicity.
• Interest in TLD solutions: Despite subdomain recommendations, there's a strong interest in understanding how to leverage the TLD for sending, indicating a priority for primary domain branding.

Key considerations

• Balancing branding and deliverability: The challenge lies in achieving strong branding without compromising email deliverability, which heavily relies on proper authentication configurations.
• Navigating technical requirements: Marketers need to understand the DNS entries and Salesforce-specific configurations required for both SAP and Private Domains. This can be complex, and resources like SFMC Stack's guide on SAP can be helpful.
• Impact on corporate email: A primary concern is ensuring that marketing email configurations do not negatively affect the existing corporate email infrastructure or its deliverability. Refer to our guide on protecting your main domain reputation.
• Cost vs. benefit analysis: The additional cost for a Private Domain SKU needs to be weighed against the perceived benefits of TLD branding for marketing emails.

Key opinions

• Subdomains are preferred: Experts generally recommend using a subdomain for SAP due to easier DNS record management and better isolation of sending reputation.
• TLD sending is possible: It is not uncommon to configure Salesforce Marketing Cloud to send as the TLD, even if the primary SAP is on a subdomain.
• Private domain functionality: The Private Domain feature in Marketing Cloud is key to allowing TLD sending while SAP remains on a subdomain.
• DMARC compliance: This setup allows for DMARC to pass through relaxed alignment, ensuring authenticated sends. For more on DMARC, see our page on fixing common DMARC issues.

Key considerations

• DNS record conflicts: The main reason against direct TLD use for SAP is potential conflict with existing DNS records, such as MX records, which are essential for corporate email traffic. This is a primary concern for email domain authentication best practices.
• DNS hosting: Salesforce may not host customized DNS, implying that organizations might need to manage their own DNS for complex TLD configurations.
• Deliverability impact: Using separate subdomains can help protect the overall domain reputation. If marketing emails cause issues (e.g., land on a blocklist or blacklist), corporate email deliverability is less likely to be impacted. Spamhaus provides marketing FAQs that touch upon domain separation.
• Complexity: While feasible, the configuration for TLD sending can be more complex than a straightforward subdomain setup and requires a clear understanding of DNS interactions.

Key findings

• SAP's dedicated domain: The Sender Authentication Package includes a dedicated domain feature designed for proper configuration and use by Marketing Cloud.
• Private domain function: Private Domains enable sending mail from an authenticated domain, including comprehensive authentication like SPF, Sender ID, and DKIM.
• DNS requirements: Specific DNS entries, including MX, A, and CNAME records, are needed for SAP setup, often pointing to Salesforce infrastructure.
• Branding replacement: SAP aims to replace all references to Marketing Cloud with your authenticated domain for stronger branding.

Key considerations

• Subdomain best practice: Industry bodies like M3AAWG recommend using a subdomain when sending through third-party platforms to protect the main corporate domain's reputation. This aligns with advice on using subdomains for marketing emails.
• DNS maintenance: Salesforce provides specific guidance on DNS record maintenance for their ESP services. Conflicts with existing corporate DNS records must be avoided.
• Reply mail management: SAP includes Reply Mail Management (RMM), allowing Marketing Cloud to handle replies to the 'reply to' email address, integrating with the chosen domain strategy.
• Multiple SAPs vs. business units: While a Marketing Cloud account can have multiple SAPs, a single business unit only supports one SAP for branding, impacting how domains are structured across an organization.