Zendesk drops new features and platform updates on a near-constant basis. Keeping up can be a full-time job, but we’re here to give you our expert opinion on what really matters. Here’s our take on the latest announcement.
Zendesk Is Making Email Security Mandatory – And That’s a Good Thing
What We Think:
Zendesk is enforcing a “minimal” sender authentication standard for all accounts, removing the option to disable this crucial security setting. Our verdict: This is a fantastic, long-overdue change that will improve both security and email deliverability. It directly addresses the frustrating problem of legitimate forwarded emails being incorrectly suspended as spam. By making this a non-negotiable part of the platform, Zendesk is creating a more reliable and secure environment for everyone, and we’re fully on board.
The Reality Check: What’s Actually Changing?
Let’s cut through the jargon. Zendesk is flipping a switch to enable mandatory Zendesk sender authentication for all incoming emails. This means your instance will use standard security protocols (like SPF, DKIM, and DMARC) to verify that emails coming into your support system are actually from who they claim to be from. The key takeaway is that you will no longer be able to turn this feature off.
Zendesk is rolling this out in two distinct phases:
- Phase 1 (starting June 18, 2026): If you already have sender authentication enabled, the option to disable it will simply disappear from your Admin Centre. For any new Zendesk accounts created from this date, the setting will be enabled by default at the “Minimal” level.
- Phase 2 (starting September 23, 2026): For the remaining accounts that currently have sender authentication disabled, Zendesk will begin automatically enabling it for you, also setting it to the “Minimal” protection level.
Essentially, Zendesk is establishing a new security floor for every account on the platform, moving towards a “secure-by-default” model.
Our Expert Opinion: It’s About Deliverability, Not Just Security
While the headline is security, the real operational win here is about email reliability. One of the most persistent and annoying issues we’ve helped clients troubleshoot is the “case of the disappearing email,” where a legitimate, forwarded customer email gets wrongly flagged as spam and dumped into the Suspended Tickets view.
The announcement explicitly states this change is designed to “resolve persistent issues with email suspension.” This is the core benefit. By forcing at least a minimal level of authentication, Zendesk’s systems gain the “visibility needed to manage these edge cases effectively.” In other words, when Zendesk can verify an email’s path using authentication records, it can more intelligently decide if a forwarded message is legitimate or actual spam. This reduces false positives and ensures more of your customer emails get where they need to go.
We think the choice of a mandatory “Minimal” protection level is a smart, pragmatic move. It’s strong enough to catch and suspend obvious spoofing attempts but not so aggressive that it will break complex (but legitimate) email forwarding workflows that many larger organisations rely on. It’s a balanced approach that provides baseline protection without causing unnecessary operational disruption.
How We’d Handle the Rollout: A Proactive Checklist
Zendesk says for most customers, “no action is required.” As consultants, we believe “no action required” is an invitation to be proactive. This change is a perfect opportunity to conduct a quick health check of your email channels. Here is what we’re advising our clients to do.
| Action Item | Our Recommendation |
|---|---|
| 1. Assess Your Current Status | Log in to your Admin Centre and navigate to your email settings. Determine if you fall into the Phase 1 or Phase 2 group. Knowing this gives you a clear timeline. |
| 2. Start Proactive Monitoring | Don’t wait until September. Get into the habit of regularly checking your Suspended Tickets view now. This change might surface underlying email configuration issues that were previously going unnoticed. Get ahead of any problems. |
| 3. Collaborate with Your IT Team | This is a technical change. Schedule a brief chat with your domain administrator or IT department. Let them know this change is coming and use it as a chance to review your organisation’s SPF, DKIM, and DMARC records to ensure they are correctly configured. |
| 4. Get Educated on the Protocols | You don’t need to be an expert, but understanding the basics is helpful. We recommend your Zendesk administrators read the documentation Zendesk provided on Authenticating incoming email. It provides a solid overview of how these security standards work together. |
In conclusion, this is a positive and necessary evolution for the Zendesk platform. By enforcing a baseline for Zendesk sender authentication, the company is not only enhancing security but also tackling a common operational headache. While the rollout is largely automated, we strongly encourage teams to use this as a moment to be proactive, review their email configurations, and ensure they are set up for success.
