How can a franchise set up DKIM for email marketing without corporate DNS control?

Key findings

• Shared DKIM: Utilizing an email service provider's (ESP) shared DKIM option is a viable starting point when dedicated domain control is not possible. Any DKIM authentication is better than none for improving deliverability.
• Subdomain delegation: Requesting the corporate office to delegate a subdomain for email marketing to the franchisee can offer a path to direct DNS control for authentication records. This allows the franchise to manage their own DKIM, SPF, and DMARC records without impacting the corporate domain.
• Separate domain acquisition: Acquiring a completely separate domain for marketing purposes is an option, although it may dilute brand consistency if not carefully managed. This provides full DNS control but separates the email marketing efforts from the core corporate brand identity.
• Deliverability impact: Lack of proper DKIM setup can lead to significant deliverability issues, particularly with major inbox providers like Microsoft, resulting in emails landing in spam or being rejected.

Key considerations

• Corporate policy adherence: Before pursuing any technical solution, it's crucial for the franchisee to understand and align with the franchisor's policies regarding brand usage, marketing activities, and domain management. A clear business agreement should precede technical implementation.
• Branding implications: Using a separate domain for email marketing might dilute the franchisor's brand identity. Discussing branding guidelines and potential workarounds with corporate is essential.
• DNS record types: For DKIM, the corporate IT team would need to add TXT or CNAME records to the DNS. Understanding the specific record types needed can help frame the discussion with corporate IT.
• Importance of DKIM: DKIM adds a digital signature to email headers, allowing recipients to verify the sender's authenticity and detect tampering, which is vital for avoiding spam filters. More information on DKIM can be found on external resources.
• Verification: Once any changes are made, it's critical to verify the DKIM setup to ensure it's functioning correctly and improving deliverability.

Key opinions

• Shared DKIM is a fallback: If direct DNS changes aren't possible, using the ESP's shared DKIM is preferable to no DKIM at all, although it's not the ideal solution for optimal brand alignment and deliverability.
• DNS control is critical: Marketers frequently encounter issues with corporate IT departments unwilling or unable to make necessary DNS changes for email authentication, which highlights a common pain point in franchise marketing operations. This often means emails struggle to pass DMARC alignment checks.
• Impact on major ISPs: A recurring concern is the poor deliverability to major inbox providers (like Microsoft) when DKIM isn't properly set up, leading to wasted marketing efforts.
• Consider a separate domain: Some marketers suggest the franchisee acquiring their own domain, though this must be weighed against branding and strategic goals.

Key considerations

• Evaluate corporate flexibility: Explore if the corporate stance on DNS changes is a rigid policy or a misunderstanding, as finding the right contact can sometimes resolve obstacles.
• Branding vs. Deliverability: Weigh the benefits of maintaining strong corporate branding (using the corporate domain) against the need for high email deliverability (which might require a separate or subdomain).
• Subdomain as a compromise: Pushing for a subdomain might be a reasonable compromise, allowing the franchisee some autonomy while retaining a connection to the corporate brand. This can aid in setting up dedicated sending domains.
• Communicate business impact: Clearly articulate the business consequences of poor email deliverability to corporate stakeholders to advocate for necessary DNS changes. Mailjet's guide on DKIM setup steps can be helpful in this discussion.

Key opinions

• Business problem first: Experts largely agree that the inability to set up DKIM due to corporate DNS control is fundamentally a business problem, not primarily a technical one. The email program is not the place to solve deeper franchise agreement issues.
• Risk of separate domain: Purchasing a 'cousin' or unrelated domain is viewed as a poor solution that undermines the value of being a franchisee and the brand association they pay for.
• Clarify brand usage: The franchisee must first clarify with the brand owner whether using the corporate email address (or any derivative) for marketing purposes is permitted by policy or contract.
• DKIM and subdomains: DKIM does not strictly require a subdomain, but if DNS delegation is needed, the franchisor must provide access to add TXT, CNAME, or NS records. This aligns with standard DNS record placement for email authentication.

Key considerations

• Start with business terms: Prioritize discussions with the franchisor about their policies on brand usage in marketing before engaging their IT department for technical changes. This establishes the legitimacy of the request.
• Obtain IT cooperation: Once business terms are clarified, use that leverage to secure cooperation from corporate IT for adding necessary DNS records (TXT, CNAME, or NS) to enable DKIM signing.
• Franchisor support: Acknowledge that some franchisors might not offer robust marketing support, which sometimes compels franchisees to seek independent solutions. However, these solutions should still ideally respect brand guidelines.
• Email authentication importance: Emphasize to the franchisor that proper email authentication is crucial for maintaining brand reputation and ensuring marketing emails reach the inbox, preventing blocklisting (or blacklisting). This is vital for overall email deliverability rates.
• DMARC implications: Failure to set up DKIM, especially for a domain used by an ESP, can lead to DMARC alignment issues, which ultimately results in emails being rejected or quarantined by recipient servers. This is a critical factor for maintaining a good sender reputation, as discussed by leading industry blogs.

Key findings

• DKIM purpose: DKIM is an email authentication method that uses a digital signature to allow recipients' email systems to verify that an email originated from an authorized domain and has not been tampered with in transit.
• DNS record requirement: Setting up DKIM typically involves generating a key pair and publishing the public key as a TXT record (or sometimes a CNAME record) in the domain's DNS.
• Integration with ESPs: When using an ESP, the ESP often provides the DKIM keys or CNAME records that need to be added to the domain's DNS settings.
• Authentication importance: DKIM, along with SPF and DMARC, forms the backbone of modern email authentication, which is crucial for preventing spoofing, phishing, and improving inbox placement. You can learn more about how to configure DKIM.

Key considerations

• DNS access: The fundamental requirement for setting up DKIM is access to the domain's DNS records, usually via a DNS provider or registrar. If this is centrally controlled (e.g., by corporate), direct communication and permission are needed.
• Subdomain benefits: While not strictly required, using a subdomain for marketing emails allows for isolated authentication management without affecting the main corporate domain's reputation. This is elaborated in guides about CNAME delegation for authentication.
• Selector names: DKIM records include a 'selector' (e.g., s1, default) which helps manage multiple DKIM keys for a single domain or different sending systems. Understanding these can facilitate setup discussions.
• Verification tools: Documentation often recommends using online DKIM checkers to confirm correct record publication and functionality.