Happy Business Starts Here

Re: DKIM implementation

DKIM implementation

One issue I saw with leveraging the Zuora SPF record, it tossed my SPF over the RFC limit of 10 lookups (it alone is over 10)...many folks have either done subdomains for items like this or started to leverage DKIM...with such a large SPF, I would like to see a DKIM option to ensure email delivery if possible...

Community Manager
Status changed to: More Feedback Needed
Community Manager
Status changed to: Under Consideration
Zuora Product Team
Status changed to: New Idea

We're looking into dupporting both DMARC and DKIM email authentication standards. Please vote this issue up, if you're interested in this.

Zuora Product Team
Status changed to: Under Consideration
New Student

Most services that use DKIM for emailing customers, this is a very needed feature.

New Student

DKIM is a bare minimum at this point - but the SPF support is also critically important.  The standard is terrible, but it's nearly universal at this point.  Its utter lack of foresight for third-party services means that as more and more SaaS services are leveraged it becomes nearly impossible to keep it functional.  Everything you can do to limit the lookups on your end is a boon to your customers.

For specifics, in your knowledge base you indicate (rightly) that including your SPF is the best practice.  But, you don't actually indicate what that SPF record is, instead you just have your SPF record in there:

Another way to accomplish this is to reference Zuora's SPF record instead of a specific host. The advantage of this is that if Zuora adds more email gateways, no change is necessary to your record:

v=spf1 mx ip4: ip4: -all

This should, ideally, be something like "spf.zuora.com" or "_spf.zuora.com" or something similar (and definitely should NOT have the mx in there).  This way, in our own records we can have something like:

v=spf1 include:spf.zuora.com -all

If you have that, it's not published for us to see in that document.  The only thing we have to go off of are the SPF records you have published, which is currently:

zuora.com.		2256	IN	TXT	"v=spf1 ip4: ip4: ip4: include:_spf.google.com include:_spf.salesforce.com include:mail.zendesk.com include:mktomail.com include:stspg-customer.com ~all"

This Zuora record already includes nine lookups all on its own, so it cannot possibly be included into our own records. 

Honor Student

the current SPF sets customers up for failure, the RFC dictates you can only have 10 DNS looks up...Zuora alone has 5 at the root, 3 sub includes via _spf.google.com, total of 8...


https://tools.ietf.org/html/rfc7208 (4.6.4)


this requires the customer to leverage a 3rd party SMTP relay similar to mailjet or sendgrid...we were forced to leverage a 3rd party due to the size of the SPF and the impact to normal day to day mail delivery...once you cross the 10 includes limit, its hit or miss if it will work depending on how strict the antispam software is with SPF and the RFC rules

New Student

Upvoting the DKIM implementation from zuora side. We are a Zuora customer and would like to leverage Zuora to send emails to our customers on our behalf via Zuora SMTP once the SPF+DKIM support is there.

Zuora Staff

Desperately needed for a customer implementation I am doing

New Student

While DKIM is still a voluntary standard, it is becoming more common among those that focus on email security and deliverability.  Adding an upvote for this feature as our IT team is planning on moving to a forced DKIM model at the end of the year.