[mikerg87]

No numbers, but anecdotally we turned off DKIM. Telling end users we are rejecting their otherwise email because they don’t have DKIM implemented. SPF and DMARC compliance got better over time but DKIM compliance just never did get better.

[RNCTX]

Thanks!

I'm coming from the other side of the equation. I work for a (small-ish, niche) CRM company, and have insisted that all new customers be very explicitly told that they have to set up SPF and DKIM properly during their migration/implementation.

It would be nice to have something to send them to point out "here's where X% of your emails will go to spam if you don't do this, plus you're Y% of an annoyance on our mail server's reputation, too" but there's not any hard data to be found.

[LeonM]

> It would be nice to have something to send them to point out "here's where X% of your emails will go to spam if you don't do this, plus you're Y% of an annoyance on our mail server's reputation, too" but there's not any hard data to be found.

If you are going to offer CRM to your customers that relies on sending email, then I suggest you read more on how email works, and how SPF, DKIM and DMARC work.

None of the three mentioned standards are anti-spam. They are anti-impersonation. If you are hosting the CRM, and your CRM is going to send email on behalf of your customer's domains, then your customers will have to include your services in their SPF poliy at the very least. But since SPF is horribly broken and shouldn't be relied on, you should always offer DKIM as well.

At the very least, the email you send should be DKIM signed with the rfc5321 domain, which is your domain, the one that matches the reverse-DNS of your host (because you should always setup reverse DNS). If the CRM is hosted by you (not your customer) then you should also generate DKIM keys per customer domain, and have the customer publish the DKIM public key under their domain. This is because you want DKIM alignment, which is especially important if the customer domain uses DMARC (which they should).

So TL;DR: your customer has to allow your CRM to send email on behalf of their domain by means of SPF and DKIM. If the CRM is hosted by you, you'll need to take extra care of alignment. SPF and DKIM are never optional, don't offer your customer a way to skip these steps, ever. If you don't want to deal with email issues, use a third party solution such as Mailgun, but even if you do, your customer will still have to set up SPF and DKIM.