Zendesk email from your own brand, not Zendesk's
Zendesk sends support emails from its own mail servers — your customers see Zendesk's DKIM signature, not yours. This tutorial shows how to route Zendesk outbound through MailKite's SMTP relay, so every ticket notification, auto-reply, and agent response comes from your DKIM-signed domain. Plus: receive inbound replies and add them to tickets automatically.
Your support emails say “From: Your Company” but they’re signed by Zendesk. When a customer gets a ticket notification from support@yourcompany.com, Gmail checks the DKIM signature — and it’s zendesk.com, not yourcompany.com. DMARC alignment fails. The email lands in spam. The customer never sees the resolution.
This is the default for every Zendesk instance. Zendesk sends through its own SMTP infrastructure, and there’s no built-in option to use your own DKIM key. For most support teams, it’s invisible — until deliverability matters.
MailKite fixes this. One SMTP setting change and every Zendesk email is signed with your key, from your domain, with full deliverability logs.
What Zendesk’s default email does
When an agent replies to a ticket, Zendesk sends the email through its own mail servers:
- The
Fromaddress is your support address (e.g.,support@yourcompany.com) - The DKIM signature is Zendesk’s (
zendesk.com) - The
Return-Pathbounces to Zendesk’s domain - SPF checks Zendesk’s IP against your SPF record — which doesn’t include it
Result: DMARC fails alignment. Gmail may route the email to spam, especially for recipients at strict DMARC domains (government, enterprise, education).
The fix: one SMTP setting
1. Verify your domain in MailKite
Add yourcompany.com to the MailKite dashboard. Publish the DNS records (MX, SPF, DKIM, DMARC). Under 5 minutes.
2. Configure Zendesk’s outbound email
In Zendesk Admin, go to Channels → Email and edit your support address. Change the SMTP settings:
| Setting | Value |
|---|---|
| SMTP server | smtp.mailkite.dev |
| Port | 587 |
| Username | mailkite |
| Password | Your API key (mk_live_…) |
| Authentication | PLAIN (over TLS) |
| TLS | Yes (STARTTLS) |
Set the From name to your brand and the From address to an address on your verified domain.
3. Verify
Send a test ticket reply. Check the headers in Gmail:
Authentication-Results: mx.google.com;
dkim=pass header.d=yourcompany.com
spf=pass
dmarc=pass
All three pass. The email is signed with your key.
What gets sent through MailKite
Once configured, every Zendesk email routes through MailKite:
- Ticket auto-replies — “We got your request” emails
- Agent replies — responses to customer issues
- Internal note notifications — agent-to-agent alerts
- Satisfaction surveys — CSAT/NPS emails after resolution
- Trigger-based emails — any custom trigger that sends email
All DKIM-signed, all logged in the MailKite dashboard, all with the same deliverability guarantees as API sends.
Receiving inbound email → Zendesk tickets
Zendesk has a unique inbound address per ticket (e.g., support+ticketid@yourdomain.zendesk.com). If you use MailKite for inbound, you can pipe customer replies back into Zendesk via the API:
// zendesk-webhook.js — receives inbound email, adds comment to ticket
export default {
async fetch(request, env) {
if (request.method !== "POST") return new Response("OK");
const payload = await request.json();
const { from, subject, text, inReplyTo } = payload;
// Extract ticket ID from subject or headers
let ticketId;
if (inReplyTo) {
const match = inReplyTo.match(/ticket[_-]?(\d+)/i);
if (match) ticketId = match[1];
}
if (!ticketId) {
const match = subject.match(/#(\d+)/);
if (match) ticketId = match[1];
}
if (!ticketId) return new Response('{"ok":true}', { status: 200 });
// Add comment to the ticket
const res = await fetch(
"https://" + env.ZENDESK_SUBDOMAIN + ".zendesk.com/api/v2/tickets/" + ticketId + ".json",
{
method: "PUT",
headers: {
Authorization: "Bearer " + env.ZENDESK_API_TOKEN,
"Content-Type": "application/json",
},
body: JSON.stringify({
ticket: {
comment: {
body: "From: " + from + "\n\n" + text,
public: false,
},
},
}),
}
);
return new Response(JSON.stringify({ updated: res.ok }), { status: 200 });
},
};
Customer replies are added as internal comments on the matching ticket — visible in the agent workspace, tied to the right conversation.
Multiple brands
Zendesk supports multiple brands with different email addresses. Each brand can have its own From address on a different verified MailKite domain. They all share the same API key and logs, so you manage one account across all brands.
How it compares
| Zendesk default email | Zendesk + MailKite SMTP | |
|---|---|---|
| DKIM signature | Zendesk’s key | Your key |
| SPF alignment | Fails | Passes |
| DMARC alignment | Fails | Passes |
| Sending reputation | Zendesk’s shared pool | MailKite dedicated |
| Delivery logs | Zendesk’s email tab | MailKite dashboard + API |
| Inbound parsing | Email-to-ticket (basic) | Webhook → structured JSON |
| Multi-brand | Same SMTP for all | Per-domain DKIM signing |
FAQ
Will this break Zendesk’s email features? No. Zendesk’s email features (triggers, automations, macros) all use the configured SMTP server. MailKite is a drop-in replacement — same SMTP interface, different backend.
What about Zendesk’s Chat and Messaging channels? Those don’t use email — they’re real-time channels. MailKite only affects email-based ticket notifications and agent replies.
Can I use MailKite for inbound and Zendesk for outbound? Yes. You can split the configuration: MailKite’s inbound webhooks for receiving email at your domain, and Zendesk’s default SMTP for outbound. But using MailKite for both gives you consistent DKIM signing and a single delivery pipeline.
Make your support emails come from your brand, signed with your key. Start free — unlimited domains, no credit card.
Related: HubSpot transactional email — the same pattern for CRM email · Salesforce email relay — for Salesforce orgs · Receive email as a webhook in Python — building custom inbound handlers