Summary
When setting up Salesforce Marketing Cloud (SFMC), a common requirement is to point your email subdomain to multiple Salesforce name servers for proper email sending and load balancing. However, some hosting providers may restrict the number of name server (NS) records allowed per subdomain, creating a challenge for standard implementations. This document explores the options and considerations for navigating such restrictions, focusing on workarounds, the implications of self-hosting, and the trade-offs between delegation and control.
Key findings
- NS record limitation: Some hosting providers may impose limitations, allowing only one NS record per subdomain instead of the four required by SFMC, which complicates standard setups.
- Self-hosting as a workaround: If a hosting provider cannot accommodate the multiple NS records, self-hosting the subdomain's DNS is often the primary alternative to meet SFMC requirements.
- Full domain dedication: Another option is to dedicate an entire top-level domain to SFMC, allowing for the required NS entries at the root level, though this limits the domain's other uses, such as for a website.
- Provider misunderstanding: Sometimes, the issue isn't the provider's technical inability but rather their unwillingness or a misunderstanding of the request for multiple NS records.
Key considerations
- Increased complexity with self-hosting: Self-hosting DNS for an email subdomain often involves creating numerous DNS entries, which can be complex and error-prone for IT teams unfamiliar with the intricate requirements for email authentication like SPF, DKIM, and DMARC. Learn more about how to set up email subdomains.
- Impact on security and control: Delegating a subdomain to an ESP offers convenience but transfers control and responsibility for DNS management, which some organizations might view as a security risk.
- Flexibility vs. delegation: While self-hosting offers greater control, delegation allows the ESP to automatically update DNS settings for new features, such as BIMI, simplifying future adjustments. Explore domain or subdomain delegation to Marketing Cloud further.
- Certificate management: Self-hosting DNS can complicate or delay the process of adding SSL/TLS certificates for HTTPS URLs, which are essential for branding and security.
What email marketers say
Email marketers often face practical challenges when configuring email subdomains for Salesforce Marketing Cloud, particularly concerning DNS server limitations imposed by their hosting providers. Discussions among marketers highlight concerns about the additional workload and technical hurdles associated with deviating from standard SFMC setup procedures, especially when self-hosting DNS.
Key opinions
- Provider limitations: Some marketers find their hosting providers cannot or will not accommodate the four required NS servers for an SFMC email subdomain.
- Workload concerns: Self-hosting the subdomain is seen as a viable but less desirable solution due to the increased workload and complexity it entails for the marketing or IT team.
- HTTPS delays: Marketers worry that self-hosting DNS will delay the implementation of HTTPS for their branded links, impacting trust and branding.
- Subdomain purpose: A key practice is to use a dedicated email subdomain to protect the root domain's reputation, even if it's not strictly necessary to use multiple subdomains.
Key considerations
- DNS record creation: Each subdomain setup necessitates new DNS records. Proper configuration is critical for email deliverability. For more on this, see if you can point one subdomain to multiple ESPs.
- Branding options: Utilizing Salesforce's Sender Authentication Package (SAP) or a private domain is vital for branding emails with a consistent sender address. You can read more about sending emails in SFMC from existing domains.
- DNS manager: If using different nameservers for subdomains, NS records must be added in the DNS Manager for the top-level domain.
- Subdomain choice: It is not always necessary for the email subdomain to be in the format 'email.company.com'.
Marketer view
Marketer from Email Geeks explains that their client's hosting provider does not allow pointing one subdomain to four different NS servers, only one, which means the standard SFMC implementation will fail if load balancing is required.
Marketer view
Marketer from Email Geeks notes that self-hosting the subdomain, while a potential solution, introduces more work for the team.
What the experts say
Experts in email deliverability and DNS management weigh in on the complexities of pointing SFMC subdomains to multiple name servers. Their insights cover the feasibility of hosting provider restrictions, the pros and cons of delegating DNS authority, and the practical challenges of self-hosting, emphasizing security, flexibility, and the potential for configuration errors.
Key opinions
- Self-hosting necessity: If a hosting provider is truly restrictive with NS records, self-hosting the subdomain's DNS is often considered the only viable workaround.
- Delegation upside: Delegating the subdomain to the provider offers the benefit of automatic updates for new features like DKIM, DMARC, and BIMI.
- Control vs. convenience: While delegation is convenient, experts advise that brands should retain control over their subdomains to mitigate risks like a provider's DNS being compromised, even though their own servers are also susceptible.
- Complexity of self-hosting: Self-hosting DNS for SFMC is challenging due to the large number of DNS entries required, which IT teams might not fully understand or might make errors when configuring. This includes managing SPF, DKIM, and DMARC. Learn more about how to implement DMARC, SPF, and DKIM.
Key considerations
- Alternative to subdomain: As an alternative, dedicating an entire domain to SFMC is possible, but it makes the domain unusable for other purposes, like hosting a website. For more specific guidance, explore configuring self-hosted DNS for SFMC migration.
- DNS record accuracy: Errors in copying and pasting DNS entries (e.g., wrong hostnames, truncation, incorrect quotation marks) are common and can severely impact functionality. CNAMEs can simplify certain configurations.
- Delegation of responsibility: The decision to delegate DNS control to an ESP involves delegating responsibility, which may not always be a sound strategy from a long-term security perspective. You should also consider Salesforce's Sender Authentication Package.
- Understanding IT capabilities: It's crucial to assess the IT team's capacity and understanding of complex DNS configurations before opting for a self-hosted solution.
Expert view
Expert from Email Geeks suggests that self-hosting is probably the only way to overcome a hosting provider's limitation on the number of NS records for a subdomain.
Expert view
Expert from Email Geeks advises that another option, though suboptimal, is to dedicate an entire domain for use in SFMC, allowing for the required DNS servers at the top level.
What the documentation says
Official documentation and technical resources provide clear guidelines for configuring email subdomains, particularly within the Salesforce Marketing Cloud ecosystem. They detail the processes of domain delegation and the requirements for proper authentication, often outlining the necessity of pointing specific domains or subdomains to the ESP's DNS servers.
Key findings
- Standard delegation: Salesforce documentation typically instructs clients to delegate a specific domain or subdomain to Marketing Cloud DNS servers as part of their Sender Authentication Package (SAP) or private domain setup.
- NS record requirement: This delegation commonly requires the client to insert four nameserver (NS) records to properly direct traffic and authentication to Salesforce.
- Branding solutions: Both SAP and Private Domain options are designed to brand email sender addresses, ensuring they reflect the client's brand.
- Domain vs. subdomain: Documentation outlines options for both dedicating entirely new domains or delegating specific subdomains for email sending purposes.
Key considerations
- DNS records: Understanding DNS record types and their functions is critical for proper setup. For instance, CNAMEs are widely used. Refer to Cloudflare's documentation on DNS records.
- Delegation implications: Delegating a domain or subdomain means trusting the ESP with its DNS management, which impacts deliverability and reputation.
- Authentication requirements: Proper configuration of SPF, DKIM, and DMARC is paramount, and these are often handled by the ESP when delegation occurs. Find more details on Salesforce email deliverability and authentication.
- Load balancing: The requirement for multiple NS servers is typically tied to load balancing and redundancy, ensuring consistent email delivery.
Technical article
Documentation from SFMC Simplified states that one option is to purchase a new domain, such as 'email-abc.com', and point its namespace servers directly to Salesforce, although these domains will then be exclusively for SFMC.
Technical article
Documentation from SFMC Stack explains that domain or subdomain delegation involves pointing a specific domain, subdomain, host, or zone name to Marketing Cloud DNS servers.
Related resources
12 resources
Related pages
How to set up email subdomains and what DNS records are required?
How to configure self-hosted DNS for SFMC migration with multiple IPs and avoid conflicts?
Is using the same subdomain for email and CloudPages bad for deliverability in Marketing Cloud?
Is it possible to point one subdomain to multiple email service providers?
Should I use the same or different subdomains for multiple ESPs?
A simple guide to DMARC, SPF, and DKIM
How to configure SPF, DKIM, and DMARC when sending marketing emails from a subdomain but signing with the primary domain?
The benefits of implementing DMARC
Boost email deliverability rates: technical solutions from top performing senders
A practical guide to understanding your email domain reputation
