How Can Third-Party Marketing Agencies Send DMARC Compliant Emails on Behalf of Others?

by Duocircle


Businesses often outsource marketing work to third-party agencies as they have people with special skill sets and expertise in areas like branding, digital marketing, social media management, media relations, content creation, etc. Moreover, it’s a cost-effective measure because hiring an in-house marketing team can be heavy on pockets, especially for small and medium-sized businesses.

So, if you also own a marketing agency and often send emails on behalf of your clients, then you will understand the importance of ensuring that the emails you send don’t get marked as spam or bounce back. 

In the modern era, numerous domain owners have implemented DMARC as a measure of phishing protection, which also serves as a deterrent against spamming. DMARC ensures that if an unauthorized entity sends emails from your domain, then those messages are perceived as suspicious by recipients and, hence, get placed in the spam folders or are rejected outright. This security measure provides a sense of confidence and peace of mind. 

So, if you send marketing emails on behalf of your clients and from their DMARC-compliant domains, then ensure you are an authorized sender. This practice promises a good email delivery rate, visibility, engagement, and conversion. Also, take care of the following-

  • Email links should originate from the client’s domain but should be serviceable by your own infrastructure.
  • Change server names linked with email delivery to match with your client’s domain.
  • Images and other email elements should originate from the client’s domain but should be serviceable by your infrastructure.


email deliverability

Image sourced from


Sending Emails From a Client’s Domain

The methods to send emails from your client’s domain are-


1. Domain Delegation

Ask your client to delegate a subdomain for your part of the job so that you can officially send marketing emails on their behalf. However, in this case, it will be your responsibility to manage the delegated subdomain on behalf of your client.

You can ask your client to grant you subdomain delegation using either full delegation or CNAMEs.


What is Full Delegation?

In the full delegation method, you will be granted an entire subdomain exclusively for you, and you will be responsible for its maintenance. So, your client has to delegate a subdomain once, and they are done. This is the most preferred approach.


What are CNAMEs?

In this approach, clients create several CNAMEs pointing back to their own domain, and then each CNAME delegates individual services. This method is less preferred as the client has to create more DNS entries at the start.

Also, CNAMEs are generally created for SPF, handling rejected emails, DKIM, and mapping skills in emails to your client’s domain.


2. Relaying

Relaying is efficient only if you have to send a few emails on behalf of your client. To do this, you will have to let your clients configure emails to be relayed through a different email server. There are two methods to do this- SMTP relay and user credential configurations.


What is SMTP Relay?

An SMTP relay is a mail server that forwards emails from one domain to another, acting as an intermediary between the sender’s and recipient’s email servers. This way, you can send emails across networks and domains.


SMTP relays


SMTP relays are commonly used to route emails between mail servers when direct delivery is not possible or practical, such as when sending emails to external domains or large email distribution lists. This is exactly the scenario with third-party marketing agencies like yours.

However, this process has two drawbacks-

  1. Bounce emails can’t be managed unless the relay forwards all the bounce backs to you.
  2. The relay operator, which is your client in this case, gets access to your email services.


What are User Credential Configurations?

Allow your clients to set up user credentials and provide you with an account to send emails. Then, ask them to configure your services, letting you use the new user credentials for emailing. 

This method also has two drawbacks-

  1. You will have to take care of user-level access to other platforms too.
  2. You will be accessing your client’s resources to send messages on your behalf. 


3. Manual Configuration

If the delegation approach sounds too complicated, then manual configuration is your option. 


How to Manually Configure SPF?

Your clients will have to add your netblocks to their SPF record. Make sure the client’s domain is used in the bounce address of emails you send.

The downsides of manual configuration are-

  1. When emails bounce, they are directed to your client instead of you, so you will not have any insight into performance or delivery problems.
  2. Your clients must always consider the impact on your work whenever they need to adjust their SPF record. Managing multiple third-party senders only adds to their complexity.


How to Manually Configure DKIM?

Your client will just have to add your DKIM-related keys to their DKIM record

The minus points of this method are-

  1. You have to cut and paste long strings of DKIM keys, and this can get messy sometimes, leading to technical errors.
  2. Rotation of DKIM keys can be annoying and resource-consuming for some clients.


Manually Configure DKIM


Responsibilities in Manual Configurations

The clients will be responsible for the one-time domain configuration process to add SPF records and sign DKIM keys. 

On the other hand, you will manage email server functions, including adding the client’s domain to bounce addresses and DKIM signatures

Additionally, you’ll need to regularly update SPF records and ensure clients update their SPF records when infrastructure changes occur. The complexity of this process can vary, depending on whether clients include your infrastructure via SPF or manually add elements like “ip4:” to their records. Regardless of the approach, email server features are essential.

However, there’s overlap in the required capabilities among non-relay approaches, with differences mainly in how clients set their domains to authorize sending emails on their behalf. Therefore, we stress the importance of prioritizing simplicity for clients, especially if you’re committed to sending emails on their behalf.

If all this seems complicated, our team of email security experts can simplify things for you. We can handle email deliverability and authentication on your behalf so that you can focus on marketing. Click here to schedule a demo!

Pin It on Pinterest

Share This