Zendesk is raising the security floor for all accounts by establishing a new "minimal security" standard for sender authentication. This update ensures that your account is secure while improving the reliability of legitimate email delivery.
| Announced on | Phase 1 (UI removal) | Phase 2 (Rollout starts) |
|---|---|---|
| June 18, 2026 | June 18, 2026 | September 23, 2026 |
1. What's changing?
Zendesk is migrating all accounts to a mandatory "minimal security" standard for sender authentication. This update will be implemented in two phases:
-
Phase 1 (June 18, 2026): For accounts that already have sender authentication enabled, the setting to disable it will be permanently removed from Admin Center. This ensures that the security floor cannot be lowered. You will still be able to select from different authentication profiles (for example, Minimal or Native), but the option to turn the feature off will no longer be available.
Note: New accounts starting June 18, 2026, will have this setting enabled and set to “Minimal" by default -
Phase 2 (starting September 23, 2026): For accounts that currently have the "Authenticate emails received with SPF, DKIM, and DMARC alignment" setting disabled, Zendesk will begin a rollout to automatically enable it with the "Minimal" protection level.
- Customers in this group who enable sender authentication before September 23 will no longer be permitted to disable it without contacting Zendesk.
- Improved email delivery: By enforcing this standard, spam thresholds are adjusted for traffic that passes authentication, reducing the risk of legitimate forwarded emails being accidentally suspended as spam.
2. Why is Zendesk making this change?
Zendesk is moving to a "secure-by-default" model to enhance platform security and resolve persistent issues with email suspension.
Previously, legitimate forwarded emails were occasionally flagged as spam. By mandating a minimal authentication standard, Zendesk provides the visibility needed to manage these edge cases effectively. This change strengthens platform security and helps ensure trusted mail reaches its destination.
3. What do I need to do?
For phase 1 accounts (with the setting already enabled): No action is required. You Will notice that the option to disable sender authentication has been removed from Admin Center:
For phase 2 accounts (with the setting currently disabled): No action is required for the migration to take effect on September 23, 2026. However, Zendesk recommends the following:
- Review documentation: To understand how these protocols work, see Zendesks guide on Authenticating incoming email (SPF, DKIM, DMARC, and ARC).
- Monitor your Suspended tickets view regularly: Spam issues must be resolved at the source; adjusting filters will not improve sender reputation or prevent messages from being suspended. As needed, work with your domain admin or provider to examine and correct any issues with forwarding workflows.
4. Frequently Asked Questions (FAQ)
Can we disable sender authentication after this update rolls out?
No, the option to turn off sender authentication will be completely removed. You can change the profile configuration, but baseline protection cannot be turned off.
How will this change benefit our legitimate email setup?
By ensuring inbound traffic passes basic alignment verification, Zendesk reduces strict spam threshold constraints for those emails, lowering the chance of legitimate operational mail ending up in your suspended folder.
Looking for Zendesk's official documentation?
You can review the full announcement here:
https://support.zendesk.com/hc/en-us/articles/10806145522074
Need assistance configuring your email security protocols?
SoftwareOne can help you verify your domain alignments, set up proper SPF/DKIM records, and ensure uninterrupted email flows in Zendesk.