Email Authentication based on Client Domain
We want the FROM address set to our domain so that 'via Shipstation.com' does not appear on gmail. We also want to include your spf/senderId records in our spf/senderId records, have the email signed with our DKIM key and have the links use our subdomain instead of email.shipstation.com.
Here's how this works on a few of the major ESPs:
This will significantly improve deliverability and professional appearance.
VP of Marketing Technology
I’ve posted the following response to our ShipStation community thread and want to also share here for transparency:
Thank you for your candor with your feedback. We definitely understand and appreciate that the lack of responsiveness on this specific issue has been frustrating. We are working internally to improve how we review and respond to feedback so this doesn’t keep occurring in the future. And we apologize for failing to meet our users’ expectations around this feedback. We will do better and changes are already happening.
Our product team is investigating how to implement a workable solution for this that will not impact other existing functionality and properly uses the notification service that’s embedded in ShipStation. There are really two issues here that need to be addressed and they don’t affect all users equally:
Spam – ensuring the notification makes it to your user without getting filtered to their spam folder or blocked entirely.
Domain validation – which validates that you own and control the domain your email is coming from (there are some additional considerations here about what level of control should be implemented within ShipStation around these email settings – this is where the SPF/DKIM/DMARC/etc details come in).
Because of ShipStation’s level of configurability, we also have to consider the impact any change will cause to the experience of many different types of users. If a change is made available universally, and there are additional settings or configuration options that must be included to accommodate the change, how will this affect the experience of users at different levels? Could it potentially cause a mis-configuration to break notifications entirely? If we don’t implement the change universally, what’s the criteria used to determine this?
As of now, these are a few of the questions our product team is looking at (though there are many more). This change is still in the discovery phase and is not part of the upcoming sprint cycle of development work happening in April. We hope to have some decisions made around this by the end of the month and we’ll update this thread at that time.
In the meantime, we recommend what was suggested early on this thread – remove your email address from your stores’ Branding tab and allow ShipStation to send notification emails from tracking at shipstation dot com. If you have something in the Branding tab’s Company field, that will be used as the display value for the FROM field in your customers’ inboxes.
Thank you again for your input and patience.
Shipping DK Firearms commented
We definitely need this.
Eric Bender The Tooth Bank commented
@other users. What alternative shipping software should I consider. This lack of innovation and attention to customer requests is leading me to look toward viable alternatives that allow for proper emaol signatures, DKIM SPF, etx.
Gene Kagan Lola & Sophie commented
This needs to become a feature like 2 years ago at this point. I'm blown away that there is no proper DKIM / SPF records through ShipStation. This will lead to your customers emails ending up in THEIR customer's spam folders after some time has passed. PLEASE add support for this basic necessity ShipStation
This is still a critical issue. I don't know how the priorities are managed at ShipStation but I would imagine that losing business for your customers would rank higher before you lose more customers. We know you use SendGrid for your emails. Just stop ignoring this issue and post an article to resolve this.
This is becoming more important to at least allow customers to add proper DKIM and SPF records for your sending servers. using DMARC tools messages from shipstation always fail SPF/DKIM checks
Adam Bierschenk Universal Athletic commented
I'm not sure if everyone who has posted will see this, but if so, has anyone found any work-arounds for this and still be able to implement DMARC w/reject policy?
Maxence Gélinas-Guy Dyze Design commented
Any update on this? This is definitely a must-have...
Eric Bender The Tooth Bank commented
An updates on this @admin? It's been quite some time - would like to have consistent branding and more importantly email deliverability. Emails send via shipstation are being marked as spam by Google. "Be careful with this message, Could not verify that it actually came from domain.com. Avoid clicking links, downloading attachments, or replying with personal information. +report spam or "looks safe"" <-- This is impacting our workflow - our customers don't trust our emails.
I am also needing SPF support. I am definitely looking into other services for shipping at this point. The only option I have found for emails not to be marked as spoofed is to remove my email from the BCC / Delivery email box and that isn't a good solution. I would like these emails to come from my domain and also It helped to be BCC'd on these. This is pretty frustrating. C'mon Shipstation!
Steven Hull CMS, Inc. commented
You are sending thousands of emails an hour for all us merchants. These DMARC SPF rejected email do not bounce back to your server. So this is adding hundreds of extra phone calls and email from customers to merchants asking for tracking and delivery notices.
We have not been interested in your competitors because Shipstation is so good, but this problem may make us rethink rejecting them flat out. This will be my first question to them.
SO PLEASE FIX
Sunho Choi Simple Shapes commented
My email was recently flagged as spam by google because of shipstation emails. This should be an absolute priority as I am thinking of moving to another platform that will support proper SPF/DKIM records.
We really need this feature. Do we have any type of status update? This was posted sooo long ago.
David Benedetti Cathouse LLC commented
+1 for SPF/DKIM support... Email deliverability from shipstation is really rough at the moment...
Koos Vis @ Diamond Hoof Care Ltd. commented
Any updates on this? It's been 3 years and it's honestly ridiculous that this is not supported yet. It is really important to improve deliverability of our emails from ShipStation and maintain our professional appearance. Get this verification feature added ASAP, please!
Aaron Johnston Hook & Loom Rug Company commented
We also can't implement DMARC rejection due to shipstation emails not supporting SPF/DKIM. We've had customers complain these emails aren't delivered or go to spam. We're looking into alternatives for shipstation due to this issue--if a portion of our customers aren't notified of their shipments, that's pretty unacceptable to us.
Honestly, the fact that this ticket has been open without any serious comment when this could be set up in an afternoon is pretty maddening. As someone said, this is SaaS 101, a basic thing that's expected, and its integration into sendgrid is widely documented, several people have shared the links for you!
2019 checking in... and these now-standard email security practices are sorely needed in ShipStation and are overdue. We are relatively new customers to ShipStation and are otherwise satisfied, but I can only ignore the ShipStation failures in my DMARC reports for so long.
This is still an issue in December of 2018.
After reviewing the DMARC failure reports, it appears that ShipStation is using the SendGrid system, so I've implemented their SPF & DKIM steps:
Will see if this improves our deliverability issues with ShipStation emails without leaving our domain wide-open.
You guys HAVE to fix this.
We're not far now from a world where incorrectly configured email deliverability is equal to zero email sending capability.
Imagine offering shipstation with no ability to send out shipment status and tracking emails to your customer's customers. That's very close to what you have now without the ability to include your mail servers in our SPF records.
Very, very low hanging fruit to fix this with a huge win.
Put one devops person on this for one weekend and it's all good.
Please get this done.
Our company, like so many below, requires this feature to prevent confusion by our customers and reduce spam flagging for our domain.
WHEN will DKIM and DMARC capabilities be rolled into Shipstation email servers?
Kevin Schmitt GearUP Sports commented
June 26, 2018
Today I rise to join the chorus of voices requesting either a)SPF/DKIM records or b) the ability to send outgoing email from our own email accounts.
This weekend we had multiple emails from two different countries use our domain. With threats like that I can't wait for ShipStation. We are rejecting mail that fails our DMARC tests which includes email that is sent by mx.tds.net.
For the moment, I'm figuring out a work-around so that our customers aren't left in the dark.
How does this "impact my workflow"? It impacts our end-customers and our production team as they will no longer receive any notifications from ShipStation.