Completed
Email Authentication based on Client Domain
We want the FROM address set to our domain so that 'via Shipstation.com' does not appear on gmail. We also want to include your spf/senderId records in our spf/senderId records, have the email signed with our DKIM key and have the links use our subdomain instead of email.shipstation.com.
Here's how this works on a few of the major ESPs:
http://login.mg2mail.com/help/Content/Listrak_Manual/Branding%20Settings.htm
https://mandrill.zendesk.com/hc/en-us/articles/205582387-How-to-Set-up-Sending-Domains
https://sendgrid.com/docs/Glossary/email_authentication.html
This will significantly improve deliverability and professional appearance.
Best Regards,
James Fredley
VP of Marketing Technology
FilterEasy
It looks like the other thread on this topic is locked. Shipstation responded in May 2021 they're working on it. Any ETA update?
Seriously Shipstation. How has this problem not been resolved?! The workaround to remove email address is not acceptable. Now the tracking emails come from shipstation.com and if the customer replies to that email they get a bounce back. Looks super unprofessional.
It's been 6 years and we're still sending tracking numbers that are marked as spam. SPF and DKIM for shipstation's domain doesn't help us when the email is still "from" our own email address. I would be happy with a from of "noreply@shipstation.com" and the the ReplyTo is our email - that alone would be an improvement for getting through spam filters.
It seems that ShipStation is counting on this problem somehow resolving itself if ignored for long enough? C’mon. This is crazy. Fix it please… every other notification software we use has this capability.
This would be very useful to not have the emails come from shipstation. Any word on the progress of this proposal?
We've been trying the suggested solution of sending from tracking@shipstation.com. But customers have still reported their tracking info going to spam, or not receiving it at all. I got curious and looked up ShipStation's DMARC records on Easydmarc:
https://easydmarc.com/tools/domain-scanner?domain=shipstation.com
Follow that link and you'll see at this time they get a 4/10 score, mostly because their DMARC is set to p=none. That means that scammers can send fake shipstation.com tracking emails with inpunity. No wonder our legit tracking emails are ending up in spam folders!
We had to re-enable sending from tracking@shipstation.com (by removing our verified email from the store settings). Ultimately as Shipstation haven't taken (or implemented this properly) email security seriously we had to fall back to using the shipstation default address as the risk to our own domain spam scores was significant.
DMARC and SPF are industry standards...use them.
This feature is critical for us as well!
It does not make any sense that the only available solution to make sure emails are delivered is to remove our own verified email address and re-enable emails being sent with tracking@shipstation.com.
We have been told this feature is being looking into but it seems it has been the case for more than 6 years now.
When can we expect a feature allowing us to send shipment notifications with an email address from our own domain?
I raised this again with support with their answer from “engineering” to use a none DKIM enabled email domain like gmail”
WTAF is that about? Here’s a corporate shipping tool saying sorry we let you you use your own from address but we can’t support the proper features so your domain is safe. It’s total crap it’s almost 2023! Active campaign, mail chimp, etc all support This. Either add this option OR the use of my own smtp sending servers now!
sounds like others I’ll have to drop the custom from address basically forever because they don’t seem to this this is a priority.
Good point @Shipping55! Providing SMTP access would work but without the necessary infrastructure or the willingness from all parties involved I am afraid that we are left with few other options.
I am not an expert on DMARC, SPF or DKIM and I welcome any knowledgeable person to correct any mistakes that I may make in my following statements:
Everyone, check out their DMARC policy:
easydmarc.com/tools/dmarc-lookup?domain=shipstation.com
v=DMARC1; p=none; pct=100; fo=1; ri=3600; rua=mailto:44bdd8b1@inbox.ondmarc.com,mailto:dmarc@shipstation.com; ruf=mailto:44bdd8b1@inbox.ondmarc.com;
Their policy is to take no action against non-authenticated emails. This tells me that they may have similar issues to what we have with services that they use, but their issue could always be somewhere else.
Now take a look at their SPF Records to find what services that they use to send their 3rd-party emails:
easydmarc.com/tools/spf-lookup?domain=shipstation.com
v=spf1 include:_spf.google.com include:smtp1.uservoice.com include:mail.zendesk.com ~all
You can also check the SPF records of their 3rd-party services, in bold above, to further investigate the issue.
Now check out this site that lists whether or not certain 3rd-party services are DMARC compliant:
We can see that they are not DMARC compliant and their 3rd party services are compliant except one. I suspect if we knew which service they used for sending our emails and investigated their 3rd-party service's 3rd-party services (and so on), along with how those services can implement DMARC compliance, some light may be shed on where the true issue may lie.
If emails are sent with google, DMARC compliance is possible but, again, would require a system and infrastructure to be implemented that is compatible with your system. Two possible systems are where either we give them access to our email servers, like @Shipping55 mentioned above, or where they can provide us with a public DKIM signature so we can add another DKIM record with a custom selector in our DNS settings.
This seems like a great business opportunity for someone to solve this problem for 3rd-party services that are unwilling or unable to provide DMARC compliance to their customers!
Sorry for the long winded post. I am sure a lot of you already knew this but I hope that I have at least provided some of you with valuable information for further research.
Good luck to on the journey to DMARC compliance!
I have been asking for help fixing this issue for my outgoing shipstation emails - and support sent me here.
To find that it is no help other than to let me know I am not alone in this.
This is absolutely ridiculous - incredible that we pay for this service and cannot get modern security standards implemented in a timely manner.
For me to get DMARC compliant basically I have to send my OWN shipping notifications. I essentially disabled ALL notification emails (shipping and/or delivery) from SS and use Zapier and/or built in WooCommerce emails with a custom "Shipped" Status to get around it. Essentially I send NO email from SS anymore with or without my own domain. Screw it until they fix it that was the only way to stay DMARC compliant.
I suggest everyone simple stops using any/all of the SS notification emails (sadly they are nice and customized and branded with tracking links), but until they get off they butts and fix this issue and provide proper SPF/DKIM you will run the risk of having their emails dropped or Quarantined with a DMARC policy enabled.
Also support basically told me to "Not use a DMARC enabled Domain" which frankly is a Bull___ answer. I love the product for how it integrates to my stores, and other things, but that was a weak response to email security being around for years now. They just need to get their act together. Until then...just disabled all their notifications and work around it yourself in other ways. Zapier is your friend for this!!
Will this feature ever be added to ShipStation? I'm tired of the tracking information going to spam. I was thinking about two workarounds:
1. It looks like ShipStation is using Google for the mail server according to MX Lookup. Can't we just use that information in our SPF records to minimize spam?
2. Can we use something like Zapier to create a trigger in Microsoft 365 or Google Workspace to send out a notification instead of using ShipStation to do so?
Finally, why wouldn't the Mailchimp integration be changed so it can be used to send out email notifications?
If ShipStation isn't going to help us out with simple things like this, at least give us some options.
I want to voice my support for the addition of this functionality. This is critical to email deliverability and frankly, it's embarrassing that ShipStation doesn't support this. ShipStation is the only SaaS product we use that sends email on our behalf, but doesn't support proper authentication.
This issue has been discussed for so long without progress is disheartening, so we've just started work on sending shipping confirmation emails directly from our domain. ShipStation can be configured to send webhooks upon shipping an order, so it's a process of handling the webhooks, getting the order/shipment info we need, and recreating email templates. What a waste of time that we shouldn't have to deal with.
Wait is this seriously an issue? I came in here just trying to set up DMARC. Is there an spf record we need available? Way too many pages in this thread.
@james11 seriously. They never implemented it or never told anyone they did.
They just ignore this issue. Every time they send an NPS survey I just mark it as 1 and link to this thread as an explanation.
I reached out to Shipstation in June of 2022 and reported that we had an uptick in shipping notification emails going to spam. We ran tests and found that the sending IP was blacklisted on several spam sites.
I went back and forth with support several times, they tested orders and deliverability and at one point acknowledged that they were aware that they had IP's on the blacklist but there was nothing they could do.
We are again experiencing an uptick in deliverability issues. I wish they would solve this!
It's simply amazing how long they have simply ignore this requirement. over a year ago I simply stopped sending notifications using their system. Instead I use Zapier and other means to send tracking info with properly managed email services like MailGun, ActiveCampaign, and even just within WooCommerce itself. Since then zero issues, and until they allow custom DKIM or SPF records their emails will continue to get sent to spam or in my case with 100% configured DMARC they would just get dropped with the security settings.
It's so far past due for them to add this it's criminal, and negligent at best for the customers of the service.
@james11 no there is no way to setup SPF or DKIM with Shipstation it's never been implemented as a feature it's just been ignored as a major need.
The only reason we continue to use their shipping notifications is the branded tracking page, which is cool, but if our customers never see it, is it really worth it??
Based on reports from DMARC digests, shipstation uses sendgrid for many of these notifications. Sendgrid can definitely accommodate this feature.
I guess it would be a matter of dev resources and sendgrid service fees for shipstation. This is something that *should* be included, but after all this time I'm willing to pay an extra fee of that's an option. Shipstation, you've made me desparate enough to ask you to charge me more money.
thread locked for some reason. I guess they want to consolidate it all here.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.