How to configure SFMC to send on behalf of sales reps with DKIM/DMARC authentication?

Email marketer from EmailGeeks shares that to implement DMARC correctly, ensure SPF and DKIM are properly configured first. SPF should authorize the sending sources, and DKIM should sign your emails. Monitor DMARC reports to identify any authentication issues and adjust configurations as needed.

Email marketer from Neil Patel Blog shares that consistently monitoring and improving your sender reputation is crucial for deliverability. Regularly check your IP and domain reputation, address any spam complaints promptly, and maintain consistent sending volumes to build a positive reputation.

Email marketer from SendGrid explains that using an SPF record can help authorise the IP address. Ensure that this SPF record is set up correctly.

Email marketer from StackExchange responds that using a subdomain for your SFMC setup can help isolate your email reputation and protect your primary domain. This is useful when sending on behalf of multiple reps, as each subdomain can be configured with its own DKIM settings.

Email marketer from Mailjet answers by sharing that setting up a DMARC record will tell receiving mail servers how to handle unauthenticated messages. This helps protect your domain from being used for spoofing by malicious actors.

Email marketer from GlockApps shares that using inbox placement tests, one can measure the impact of SPF, DKIM and DMARC records, by sending test emails to different mailboxes and determining whether they land in the inbox, spam folder, or are blocked.

Expert from Email Geeks explains that sending on behalf of a company sales rep using SF Marketing Cloud and still being DKIM/Dmarc-authenticated is doable and will not create a conflict. The domain can be configured in G Suite, Salesforce CRM, etc., as DKIM can exist in more than one place.

Expert from Spam Resource explains that to configure SFMC to send as a top-level domain (e.g., @yourdomain.com) for sending on behalf of sales reps, you need both a Sender Authentication Package (SAP) and a Private Domain configured correctly. The SAP handles link and image wrapping, while the Private Domain allows you to use your top-level domain in the 'From' address. The linked article details the exact steps.

Expert from Email Geeks suggests doing a subdomain for the SAP (e.g., email.domain.com or sfmc.domain.com) so that only the 'from' address is the top-level domain (domain.com) via the private domain, ensuring they match for DMARC.

Expert from Email Geeks responds that both SAP and a Private Domain are needed for the described configuration and there's no good way to only partially implement it.

Expert from Email Geeks clarifies that in Marketing Cloud, the SPF record is only checked at the bounce.email.domain.com level in the headers (the return-path/bounce header), so the top-level domain doesn't need it and will pass based on proper DKIM setup.

Expert from Email Geeks shares that if you send from a subdomain (e.g., e.domain.com) but use a reply-to address at the top-level domain (e.g., domain.com), people will end up with the subdomain in their address book, which could cause issues when they try to email that address later.

Expert from Word to the Wise explain that email authentication is the key. Ensure you have SPF, DKIM and DMARC records set up correctly.

Documentation from Salesforce Help explains that implementing a Sender Authentication Package (SAP) in Salesforce Marketing Cloud allows you to authenticate your email sends. This includes features like a dedicated IP address, branded domain for link and image wrapping, and DKIM signing of emails.

Documentation from Salesforce Help explains that to set up DKIM in SFMC, you need to generate a DKIM key pair and publish the public key in your DNS records. Then, configure SFMC to use the private key for signing outgoing emails. Ensure your DNS records are correctly configured to avoid authentication failures.

Documentation from Salesforce Help explains that to properly handle replies when sending on behalf of sales reps, configure Reply Mail Management (RMM). This allows you to route replies to the appropriate sales rep's inbox and maintain deliverability by processing out-of-office replies and unsubscribe requests.

Documentation from RFC provides the DKIM specifications to ensure email is authenticated correctly, detailing how a digital signature can be setup to prove the integrity of the email.

Documentation from AuthSMTP details that the SPF syntax must be correctly configured, with a correct syntax and structure.