How do I configure DNS records to send emails from two different ESPs using the same subdomain?

Key findings

• SPF record complexity: Combining SPF records for multiple ESPs into a single record is possible but must adhere to the 10 DNS lookup limit to remain valid. Having multiple SPF records is not supported and will invalidate all of them.
• DKIM flexibility: Multiple DKIM records do not interfere with each other. Different selectors can easily be used for each ESP.
• MX record challenges: If the subdomain's MX record already points to an internal service desk for replies, the ESP might not be able to collect and suppress bounces, impacting deliverability and reporting accuracy.
• Dedicated subdomains: Many experts and ESPs advise using a dedicated subdomain for each mail stream to simplify management and mitigate potential deliverability risks, even if sharing is technically possible.

Key considerations

• Impact on deliverability: Improper configuration can lead to authentication failures (SPF, DKIM, DMARC), resulting in emails being blocked or sent to spam folders. This can significantly affect your email deliverability.
• DMARC reporting: Sharing a subdomain adds layers of complexity to analyzing DMARC reports, making it harder to diagnose issues and optimize performance for individual sending streams.
• ESP support: Many ESPs recommend delegating DNS management to them precisely because of these complexities, and they may offer limited support for custom, self-hosted DNS configurations.
• Technical expertise required: Successfully implementing such a setup demands a thorough understanding of DNS, email authentication protocols like SPF, DKIM, and DMARC, and the specific requirements of each ESP. This can be complex, and some tools like Kitterman's SPF validator can help with SPF syntax.

Key opinions

• Branding priority: Marketers frequently prioritize brand consistency, desiring to send all emails from a single, recognizable subdomain, regardless of the ESP used.
• Belief in possibility: There's a common sentiment that if other CRM systems can send on behalf of a primary domain, then marketing clouds should also offer similar flexibility.
• Confusion with ESP advice: Marketers can become confused when ESPs advise against sharing subdomains, especially when they've successfully configured dedicated subdomains for other purposes in the past.
• Seeking workarounds: When faced with restrictions, marketers look for ways to implement a dual or triple DNS setup to achieve their desired sending configuration.

Key considerations

• Business justification: The decision to use a shared subdomain should be weighed against the technical complexities and potential impact on deliverability and sender reputation. Consider if it is necessary to use the same sending domain with multiple ESPs.
• ESP limitations: Some ESPs (like Marketing Cloud) have policies that encourage DNS delegation, making self-hosting a shared subdomain a use at your own risk scenario.
• Deliverability sacrifices: Custom, complex setups may force compromises that impact optimal email deliverability or make troubleshooting more difficult. Understanding how to troubleshoot SPF authentication issues is crucial.
• Operational complexity: Managing a shared subdomain for multiple mail streams can complicate ongoing maintenance, support, and the overall understanding of email flow.

Key opinions

• SPF rule: It is strongly advised that each ESP should have its own 5321.from domain with a unique SPF TXT record, rather than attempting to share one SPF record across multiple ESPs.
• MX for bounces: Each 5321.from domain should also have its own MX record specifically for bounce handling, ensuring that bounces are properly returned to the correct sending system.
• DKIM selectors: Configuring DKIM for multiple ESPs is relatively straightforward by simply using different selectors for each ESP's record.
• Delegation preference: Most ESPs recommend letting them handle domain delegation because it simplifies the DNS configuration and removes the burden of complex setup from the sender.

Key considerations

• Hidden complexities: While technically achievable, shared subdomain setups can be highly complex and are generally advised against due to the difficulties in management and potential for deliverability issues.
• DMARC reporting challenges: An additional layer of complexity is introduced when analyzing DMARC reports for mail streams sharing a subdomain, making it harder to pinpoint sources of authentication failures or abuse. Utilize DMARC reports from Google and Yahoo to mitigate this.
• Specificity of advice: Providing precise DNS configuration advice for shared subdomains is impossible in the abstract; it requires examining specific email examples and understanding each CRM or ESP's unique setup. This is why best practices for DNS lookups are important.
• SPF validation: SPF primarily validates the 5321.from (Return-Path) address, not necessarily the 5322.from (From) address visible to the recipient. This distinction is vital for proper authentication.

Key findings

• DNS record types: To send and receive emails, documentation consistently points to the necessity of setting up MX, SPF (TXT), and DKIM (TXT or CNAME) records.
• Subdomain specific records: Each subdomain used for email sending typically requires its own set of DNS records, distinct from the root domain, to ensure proper authentication and routing. This is vital when considering how to set up email subdomains.
• DKIM selectors: Documentation confirms that DKIM (and sometimes BIMI) supports selectors, which enable multiple distinct records to be published for the same domain, allowing for different signing keys per ESP or mail stream.
• NS records for subdomains: For custom MAIL FROM subdomains, NS records might be required to delegate authority to a specific DNS server for that subdomain, as indicated by some cloud provider documentation. When adding an MX record to a subdomain, it can be tricky if CNAMEs are used for email sending verification.

Key considerations

• Adherence to standards: Following RFC standards for DNS and email authentication is paramount to ensuring optimal deliverability across all recipients.
• ESP-specific requirements: While general principles apply, each ESP will have specific DNS records (e.g., CNAMEs for tracking, unique DKIM keys) that need to be configured for their service.
• Self-hosting vs. delegation: Documentation often implies that delegating DNS to the ESP simplifies setup, avoiding the complexities of manual DNS management and potential misconfigurations. For example, the Cloudflare DNS documentation can provide more information on how to add email records.
• Comprehensive setup: A complete email sending setup involves not just SPF and DKIM, but also MX records for mail exchange and DMARC for policy enforcement and reporting.