I have been asking for help fixing this issue for my outgoing shipstation emails - and support sent me here.
To find that it is no help other than to let me know I am not alone in this.
This is absolutely ridiculous - incredible that we pay for this service and cannot get modern security standards implemented in a timely manner.
For me to get DMARC compliant basically I have to send my OWN shipping notifications. I essentially disabled ALL notification emails (shipping and/or delivery) from SS and use Zapier and/or built in WooCommerce emails with a custom "Shipped" Status to get around it. Essentially I send NO email from SS anymore with or without my own domain. Screw it until they fix it that was the only way to stay DMARC compliant.
I suggest everyone simple stops using any/all of the SS notification emails (sadly they are nice and customized and branded with tracking links), but until they get off they butts and fix this issue and provide proper SPF/DKIM you will run the risk of having their emails dropped or Quarantined with a DMARC policy enabled.
Also support basically told me to "Not use a DMARC enabled Domain" which frankly is a Bull___ answer. I love the product for how it integrates to my stores, and other things, but that was a weak response to email security being around for years now. They just need to get their act together. Until then...just disabled all their notifications and work around it yourself in other ways. Zapier is your friend for this!!
Will this feature ever be added to ShipStation? I'm tired of the tracking information going to spam. I was thinking about two workarounds:
1. It looks like ShipStation is using Google for the mail server according to MX Lookup. Can't we just use that information in our SPF records to minimize spam?
2. Can we use something like Zapier to create a trigger in Microsoft 365 or Google Workspace to send out a notification instead of using ShipStation to do so?
Finally, why wouldn't the Mailchimp integration be changed so it can be used to send out email notifications?
If ShipStation isn't going to help us out with simple things like this, at least give us some options.
I want to voice my support for the addition of this functionality. This is critical to email deliverability and frankly, it's embarrassing that ShipStation doesn't support this. ShipStation is the only SaaS product we use that sends email on our behalf, but doesn't support proper authentication.
This issue has been discussed for so long without progress is disheartening, so we've just started work on sending shipping confirmation emails directly from our domain. ShipStation can be configured to send webhooks upon shipping an order, so it's a process of handling the webhooks, getting the order/shipment info we need, and recreating email templates. What a waste of time that we shouldn't have to deal with.
Wait is this seriously an issue? I came in here just trying to set up DMARC. Is there an spf record we need available? Way too many pages in this thread.
@james11 seriously. They never implemented it or never told anyone they did.
They just ignore this issue. Every time they send an NPS survey I just mark it as 1 and link to this thread as an explanation.
I reached out to Shipstation in June of 2022 and reported that we had an uptick in shipping notification emails going to spam. We ran tests and found that the sending IP was blacklisted on several spam sites.
I went back and forth with support several times, they tested orders and deliverability and at one point acknowledged that they were aware that they had IP's on the blacklist but there was nothing they could do.
We are again experiencing an uptick in deliverability issues. I wish they would solve this!
It's simply amazing how long they have simply ignore this requirement. over a year ago I simply stopped sending notifications using their system. Instead I use Zapier and other means to send tracking info with properly managed email services like MailGun, ActiveCampaign, and even just within WooCommerce itself. Since then zero issues, and until they allow custom DKIM or SPF records their emails will continue to get sent to spam or in my case with 100% configured DMARC they would just get dropped with the security settings.
It's so far past due for them to add this it's criminal, and negligent at best for the customers of the service.
@james11 no there is no way to setup SPF or DKIM with Shipstation it's never been implemented as a feature it's just been ignored as a major need.
Status: Investigating......since 2016.......7 years people......7 years....