DKIM is a bare minimum at this point - but the SPF support is also critically important. The standard is terrible, but it's nearly universal at this point. Its utter lack of foresight for third-party services means that as more and more SaaS services are leveraged it becomes nearly impossible to keep it functional. Everything you can do to limit the lookups on your end is a boon to your customers. For specifics, in your knowledge base you indicate (rightly) that including your SPF is the best practice. But, you don't actually indicate what that SPF record is, instead you just have your SPF record in there: Another way to accomplish this is to reference Zuora's SPF record instead of a specific host. The advantage of this is that if Zuora adds more email gateways, no change is necessary to your record:
v=spf1 mx ip4:18.104.22.168/24 ip4:22.214.171.124/24 -all This should, ideally, be something like "spf.zuora.com" or "_spf.zuora.com" or something similar (and definitely should NOT have the mx in there). This way, in our own records we can have something like: v=spf1 include:spf.zuora.com -all If you have that, it's not published for us to see in that document. The only thing we have to go off of are the SPF records you have published, which is currently: zuora.com. 2256 IN TXT "v=spf1 ip4:126.96.36.199/24 ip4:188.8.131.52/24 ip4:184.108.40.206 include:_spf.google.com include:_spf.salesforce.com include:mail.zendesk.com include:mktomail.com include:stspg-customer.com ~all" This Zuora record already includes nine lookups all on its own, so it cannot possibly be included into our own records.
... View more