Have your say in Community Polls: What was/is your greatest motivation to start your own business?

Re: DMARC is complicated...or is it just me?

Is DMARC record really as simple as it sounds?

LitnutsMO
Excursionist
14 0 15

I'd appreciate it if someone at Shopify would respond to this. And please be candid: If I should hire an expert to help me w/DMARC, say so. Don't act like this is no big deal if it's actually a big deal. My Shopify e-commerce site and my related Mailchimp newsletter (both use the same domain to do sends) are my future. If I get this DMARC stuff wrong, it could mean years of work down the drain.

 

Here are my concerns: 

 

I received an email from Shopify on 12/22/23 saying I need to "add a DMARC record" by 2/1/24 in order to satisfy Google and Yahoo. My fear is that this is not as simple as it sounds.

 

The Shopify email links to this post on Shopify.

 

The Shopify post, in turn, links to this Google post.

 

The information in the Google post is complex. Here are some excerpts from the Google post [bracketed comments are mine]: 

  1. "Configure DKIM and SPF before configuring DMARC. If you don't set up SPF and DKIM before enabling DMARC, messages sent from your domain will probably have delivery issues." [The Shopify post says nothing about DKIM and SPF.]
  2. "You can receive many DMARC reports every day. [Google say hundreds or even thousands, depending on how may you send. I send 20K+ per day.]. We recommend you create a dedicated mailbox to receive and manage DMARC reports."

  3. "You might use a third-party service [like Shopify, Mailchimp, and/or others] to send mail. Messages sent from third-party email providers for your domain might not pass SPF or DKIM checks. Messages that don't pass these checks are subject to the action defined in your DMARC policy. They could be sent to spam, or rejected. To help ensure messages sent by third-party providers are authenticated, contact your third-party provider to make sure DKIM is correctly set up and make sure the provider’s envelope sender domain matches your domain. Add the IP address of the provider’s sending mail servers to the SPF record for your domain." 

  4. And then there are the actual instructions from Google for setting up a DMARC record, which (again) are complicated. Here is a sample DMARC record:

v=DMARC1; p=reject; rua=mailto:postmaster@solarmora.com, mailto:dmarc@solarmora.com; pct=100; adkim=s; aspf=s.

 

There's a separate Google post on what each piece of that record means -- plus advice to "phase-in" your DMARC rollout per a separate Google tutorial.

 

My concern here is that the Shopify email kinda sounds like this is simple...just add DMARC. But it does not sound simple to me. It sounds like a very big deal. 

 

That said, I called GoDaddy (my domain host)...and after putting me on hold for a while, they came back and said, "Done." I was like, "What? What did you do?" I looked at the code they added to my DNS. It looks nothing like the sample DMARC record in bullet #4, above.

 

So now I'm wondering:

  1. Do I trust GoDaddy when they say I'm "good to go"?
  2. Will these changes have any impact on the newsletter sends I do via Mailchimp, which is the core of my business?
  3. Should I hire an expert? (Search for DMARC consultants...there are TONS of them...and most charge a monthly fee.)
  4. Did Shopify make this sound overly simplistic in their email, or am I just way overthinking this?

FYI: My newsletter is my livelihood. I don't think I'm overthinking it. I think my concerns are legit -- and I think other Shopify customers may be concerned as well. 

Replies 91 (91)

StephensWorld
Shopify Partner
1400 174 369

Hey @LitnutsMO 

 

It's actually a lot simpler than they've made it out to be. 

 

Once you're on the DNS records page on GoDaddy, you simply add a 'TXT' record with the following details:

 

Name of TXT record = _dmarc.YOURDOMAINGOESHERE.com
Value of TXT record = v=DMARC1; p=none; rua=mailto:YOUR@EMAILGOES.HERE

 

My site is 'stephensworld.ca' and my email is 'support@stephensworld.ca' ... so mine ended up looking like this:

 

Name of TXT record = _dmarc.stephensworld.ca (on GoDaddy, you don't have to put the period or anything after it - see my screenshot below)
Value of TXT record = v=DMARC1; p=none; rua=mailto:support@stephensworld.ca

 

dmarc record.png

 

Then once you've added it, you go to https://dmarcian.com/dmarc-inspector/ (the website that Shopify recommended in their email/blog/post to check if it's working) > type in your domain (without any "https://") and then click "inspect the domain". 

 

confirmed dmarc record.png

★ Did my post help? If yes, then please like and accept solution. ★

https://stephens.world
support@stephensworld.ca

LitnutsMO
Excursionist
14 0 15

Thanks very much for the response. I appreciate the input. But please see my reply to EBeeLuv. As for your DMARC record, I'm curious as to why you set p=none (instead of quarantine or reject) and why you did not include anything for pct. Not necessary? 

levantedesigns
Visitor
1 0 2

I was wondering the same thing and found this. Here's a good explanation as to why you don't want to initially set to reject and what the pct means. DMARC Percentage Tag (PCT)

 

So my understanding is that you don't want to initially set it to p=reject but you eventually want to get there.

StephensWorld
Shopify Partner
1400 174 369

I set it to p=none because that's what Jacqui said to do in the official forum post:

 

https://community.shopify.com/c/announcements/google-and-yahoo-new-email-deliverability-requirements...

 

I didn't include anything for pct because it wasn't included in the example that Google provided in their official help doc: 

 

https://support.google.com/a/answer/2466563 

 

If you follow the instructions from my initial post, then you should be good-to-go! 🙂

★ Did my post help? If yes, then please like and accept solution. ★

https://stephens.world
support@stephensworld.ca

LitnutsMO
Excursionist
14 0 15

Hi Stephen, Again...thank you very much for your reply. I understand what you did and why you did it. My fear (more for my biz than for yours) is that what you have done and suggested for me is the bare minimum. Maybe that's fine...maybe not. I don't know.

 

I really wish somebody who works for Shopify would join this conversation and clarify. 

 

What you did: You found p=none if Jacqui's post, so you did that. Then you found an example in the Google post that did not include a pct record, so you didn't include a pct record.

 

But if you dig deeper into the Google instructions (see the "Define your DMARC record" and "Tutorial: Recommended DMARC rollout" links in the right sidebar of the Google help doc), Google includes examples with pct records, and also gives pretty detailed advice on how to phase in elements of your DMARC record over time...with "p" going from none to quarantine to reject over time, and "pct" going from zero to a higher percent and eventually to 100% over time. 

 

I really wish someone who works for Shopify (Jacqui, are you there?) would get involved in this conversation. If not, I'm probably going to fork over some dough for a DMARC consultant to make sure I get this right.

 

Thanks again.

Italia-Straps
Explorer
58 1 53

The official forum post also includes leads store owners to 4 new CNAME records that need to be added at the respective domain provider. Has anyone successfully updated and authenticated these yet?

 

Thanks!

marvic
Explorer
66 4 19

We're still waiting for them to be validated....

poshology
Visitor
2 0 0

Nope cannot for the life of me figure this mess out. Would it be an easier fix to transfer your domain to Shopify so they can be the host.

Eureka_Jack
Tourist
14 0 2

Thank_you stephens.world for your reply. 

Made my task today, easy to complete.😊

A2VK
Tourist
4 1 2

I didn't see any response as to whether or not question #1 was answered:

Configure DKIM and SPF before configuring DMARC?

Can you elaborate?

LitnutsMO
Excursionist
14 0 15

I have not rec'd any responses regarding DKIM and SPF. My own experience: These were already set up (perhaps as part of authenticating with Shopify early on?), but I am getting DMARC reports that indicate DKIM and SPF (especially SPF) "fails" from some of the IP addresses used to send out my newsletter. I don't know what that means or how serious it is -- and as far as I know, I do nothave control over the IP addresses used to send out my emails -- so I am likely going to hire a DMARC consultant to at least do an initial analysis of the reports I am receiving. I'm hoping I just need a new/updated SPF in my domain's DNS settings.


juenology
Shopify Staff
28 1 13

Hi! Email Deliverability Specialist from Shopify here. Thank you so much for your questions. Just reading through the questions and comments in this particular post, so appreciate your patience as I go through the threads. The required DKIM and SPF records we mentioned are covered the 4 CNAME records we ask you to add 👍

iconicderm
Visitor
1 0 0

Hi there,

I added the DMARC record, but can't seem to add an email for dmarc@ . I've been on the chat with Godaddy for 2 hours and they are escalating the issue. I use microsoft 365 with them. I read that you don't want to use existing emails because there will be a ton of email reports. Is this the case? Should I just buy another Microsoft 365 account and call it dmarc@?

A2VK
Tourist
4 1 2

Hello,

I'm no expert by any means but after a great deal of research I did mine this morning with my Go Daddy account and it worked just fine. First I confirmed that the SPF and DKIM records already existed in my account (they were already there, I did not specifically add them). I then added the following DMARC Record:

 

Name of text record

 

_dmarc.xxxxxxx.com

 

Value of text record

 

 

v=DMARC1; p=none; rua=mailto:xxxxxx@xxxxxxxx.com

 

I then checked that the DMARC was verified, and it was. I not sure if your situation is different then mine, I also use Office 365 through Go Daddy

donnamac
Trailblazer
267 5 220

@A2VK 

I also went through this with GoDaddy support this morning.  Since I had another really weird thing happen yesterday after I did some updating...but I won't digress. We also use MS 365 email thru them but they all get forwarded to owners gmail. He 'fixed everything' and our emails seemed to work OK after that...BUT... the admin email gets email notifications after every sale since we are both online and brick&mortar.  However, now we are not getting emails for in-store sales.

 

It's always something.  Nothing is a clean update/fix in Shopify because they have so many companies/people with their fingers in the pie, noone can figure anything out.  IMO       Still a work in progress...😩

 

StephensWorld
Shopify Partner
1400 174 369

You should be able to get emails for your POS orders too, by editing your order notifications settings:

 

https://help.shopify.com/en/manual/orders/notifications/order-notifications 

 

"If you want to create notifications for orders from a particular POS location or from the web, then select a location from the list. You can select All to create notifications for all orders. To add notifications for more than one specific location, you need to create them as separate order notifications."

★ Did my post help? If yes, then please like and accept solution. ★

https://stephens.world
support@stephensworld.ca

juenology
Shopify Staff
28 1 13

Just wanted to state that the rua field (for receiving DMARC reports) is not a required part of having a DMARC record. 

Jennifer_Uecker
Tourist
18 0 2

Now that I did this and I am receiving emailed reports... what do I do with them? Thank you for your help!

onescales
Shopify Partner
98 3 17

good question. you will need to check the data and decide if you want to make any action on them. i made a video on this and we recommend easydmarc to help you understand this data without having to read these xml files. see tutorial at https://www.youtube.com/watch?v=BBy6jBT4pPk . the topic is full of detail but in particular minute 21:48 will answer your question.

OneScales.com Teaches Shopify and Solves Ecommerce Problems for Free. See our Youtube Channel for Tutorials - https://www.youtube.com/@onescales
We Also Share Insight about E-commerce, Web, Tech, AI, Analytics, SEO, PPC, Marketing and More.
ouilabinc
Shopify Partner
1 0 0

Your reply is a godsend.  Thanks!  

 

A quick follow-up question.  Do we need to add more DMARC for each email address we use to send customer email from Shopify? 

 

In your example, you had 'support@stephensworld.ca' for this entry 

 

Value of TXT record = v=DMARC1; p=none; rua=mailto:support@stephensworld.ca

 

If you have another email 'order@StephensWorld.ca", do you need to add another DMARC?  Really appreciate it!

Mikay
Tourist
7 0 3

I would like to know if we need to add another DMARC if we have another email. Some of our team told me that their email are bouncing back after I made changes.

sfoster95
Shopify Partner
56 3 13

Stephen,

I am having similar issues. My shop is shop.fosterscreations.us I was using sfoster @fosterscreations.us for my Shopify correspondence. The problem is I can only have one set of DMARC Records . I utilize that email for mailchimp and have created the DMRC records to their specifications. Shopify is still saying no records found so I changed my shop correspondence and send to customer email to shop @fosterscrestions.com (as that domain permanently redirects to fosterscreations.us and I can have multiple email addresses there. My fosterscreations.us email is with Office 365 via godaddy and the plan only allows 1 email for the account) is there a way to use the same DMARC records for Shopify and Mailchimp? I can’t ask Mailchimp as my plan does not come with email support. I am about to give up on the hole thing and have my customer emails come from Shopify. 

sfoster95
Shopify Partner
56 3 13

Ok this is what I have for my fosterscreations.us 

 

what do I need to add so that shop.fosterscreations.us is covered see attached photoIMG_6552.png

Mosgol
Visitor
1 0 0

Thank you so much Stephen!

I was at least as confused by all the jargon as LitnutsMO. You're a genius, your simple explanation was bang-on accurate, easy to follow, and fixed my issues in about 2 minutes!

Thanks again,

You're a star!

dmarcdkimspf
Visitor
1 0 0

 

Unfortunately, your response shows a common misunderstanding about DMARC. It's not just a record; DMARC is a process.

Once you set p=none with rua= to receive DMARC reports, the XML files should be reviewed to find any misconfigured email sources, which are not limited to Shopify. Then, make sure all sources have the correct SPF and DKIM records. Keep monitoring to ensure everything is DMARC aligned, and finally switch to p=reject so no one else can send emails on your behalf.

By the way, stephens.world is currently unprotected, see https://dmarcdkim.com/check/stephens.world

https://dmarcdkim.com/

eBeeLuv
Excursionist
34 0 13

Adding a DMARC is a very simple process for your ISP - might take them 5-10 secs to do so. We received the same email - Directnic hosts our website. So I sent them an email and they added it to our DNS files. Ours looks like this "v=DMARC1; p=quarantine; pct=100"

The type is a TXT and the name is _dmarc

I'm assuming you can login to godaddy and click on your DNS settings for your website. You should see a TXT type with DMARC in your DNS settings that they have added. If you see DMARC anywhere in your DNS then you are good.

Like I stated this is a very simple thing for your ISP to add. Your head is spinning since you have no idea what the DNS settings mean for your website so you are assuming the worse.




LitnutsMO
Excursionist
14 0 15

Thanks very much for the reply. I appreciate it. I really do. But for the record, I am actually fairly familiar with DNS settings.

 

What has my head spinning is things like this bit of instruction from the Google page that Shopify linked to:

"When you start using DMARC, we recommend a policy with enforcement set to none. As you learn how messages from your domain are authenticated by receiving servers, update your policy. Over time, change the receiver policy to quarantine, and finally to reject."

 

It looks like you went straight to "quarantine." 

 

And then there's this (also from Google):

Quarantine a small percentage of messages to start. After monitoring DMARC reports for at least a week with no adverse results, update your policy to quarantine , and add the pct tag to apply the policy to a small percent of your mail. For example: Add a policy that applies to 5% of messages and has enforcement set to quarantine. 
v=DMARC1; p=quarantine; pct=5. If DMARC is working as expected, update your policy so the DMARC record policy is set to reject for 100% of messages.

 

It looks like you went straight to quarantining 100% of rejected messages vs phasing in per Google's instructions. Maybe that's fine...I don't know.

 

Finally, it looks like you opted not to include an "rua" instruction in your DMARC record, which means you won't receive any DMARC reports via email, right? Was that a conscious decision? I'm asking because Google says to include one. Maybe it's not necessary. I don't know. That's part of what I'm trying to understand.  

 

All in all, I'm still where I was at the outset: Maybe this is no big deal. But if you dig into the Google instructions that Shopify linked to, it doesn't sound so simple. 

Shane-0
Excursionist
14 1 8

As suggested by the google post, i have started with p=none and will continue to monitor and then eventually get to p=reject.  At the end of the day you do not want spam being sent from your domain as this is bad business.

I am using a free DMARC service called "EasyDMARC" which provides analysis of the DMARC reports.  Worth checking out as the DMARC reports are not easy to read

https://easydmarc.com/

I have no affiliation with easydmarc, i just came across them while searching for a dmarc report analysis tool, there may be others out there.

juenology
Shopify Staff
28 1 13

Hello LitnutsMO! You're correct, anything outside of the v= and p= part of the DMARC record are not required (i.e. rua= is a feature if you want it). 

 

And yes, I would strongly recommend that people starting with DMARC start with a p=none policy, as any emails that you are sending that are not successfully DKIM / SPF authenticated can fail DMARC and accidentally get caught in the p=quarantine or p=reject rules. This can be a very likely scenario for senders who are using multiple sending platforms such as Shopify, Google Workspace, Klayvio, Mailchimp, etc. as each of those sending platforms will need to have authentication setup correctly (aka be authorized to send emails on your behalf). 

mwhitehouse
Tourist
13 0 2

I also called Go Daddy and they were clueless as to what DMARC was all about. I even had to forward the Shopify email to them, they really were no help at all so I've ended up doing nothing and coming here in the hope of trying to work this out... and failing 😞 Let's just hope there is a way out of this before the Feb 1st!

eBeeLuv
Excursionist
34 0 13
If I was you I might consider changing domain providers. We've used directnic for years and the folks there are fabulous. You can simply transfer your website over to them and only takes a small amount of time and quick to do. They will add the DMARC for you and also you are able to tweak and add pretty much whatever you want to your DNS settings. https://directnic.com/ You can reach out to them via live chat and ask them how to transfer your godaddy url to them. I would personally run from godaddy and go with an actual provider that specializes in domains.
Shane-0
Excursionist
14 1 8

sign up for a free account on https://easydmarc.com/  it will guide you through the whole process, also provides reporting.

donnamac
Trailblazer
267 5 220

@LitnutsMO 

Have you gotten to the point where you have actually received 'useable' info regarding your original topic?
Reading the responses, I don't see a solid answer.

My issue is deciphering the reports I get in my email and evolving to a 'reject' policy.  Nothing with Shopify is easily explained.  Too many 'cooks in the kitchen' with developers if you ask me.

I'm going to try the free easydmarc site to see if that sheds any light on all these reports and how to deal with the info they provide.

As most Shopify things...I spend way to much time on things like this instead of moving our business forward.

 

Just wondering how you are dealing with reports as you get them and how you might be 'moving' forward

Thx

 

LitnutsMO
Excursionist
14 0 15

I regard the info I have rec'd as "helpful," but I don't feel anyone has provided a definitive answer. People are telling me what they did and what worked for them, which is all well and good (and appreciated). But like I said...no definitive answer. And I find it disappointing that Shopify hasn't provided any clarification or further guidance.

 

I have yet to decide how to move forward. My likely plan is this:

  1. Contact Mailchimp. I need to make sure this is not an issue with them. (I have not rec'd anything from MC, and I'm told by a MC consultant that this is not an issue with MC because I'm "authenticated" with MC. But I am authenticated with Shopify as well, yet Shopify advised taking action.) Since I use the same domain to send newsletters from MC and from Shopify, I want to make sure I am in good shape with both service providers.
  2. Undo what GoDaddy did. They created a DNS record that they said would address the issue. But when I go to https://dmarcian.com/dmarc-inspector/, it still says there is no DMARC record for my domain. 
  3. Create DNS DMARC record myself, following the Google instructions (including to phase it in per Google -- and including setting up a dedicated mailbox to receive DMARC reports).
  4. If it proves too much for me to handle on my own, I will hire a DMARC consultant. 
eBeeLuv
Excursionist
34 0 13
are you checking your correct url??  You need to put xyzcompany.com to check.

Do not put www.xyzxompany.com or even https:// xyzcompany.com as it will come back as invalid



#- Please type your reply above this line -##
spookiesdream
Excursionist
30 0 10

Hi. I see your answers and makes sense. Maybe you can help me as well.
So my website domain is let's say xyz.com however the email address I use on this account is 123@yyy.com
This is where I get confused. This is how I set the TXT Value: DMARC1;p=none;rua=mailto:dmarc-reports@xyz.com 
And this was provided to me from Shopify (my both domains are on Shopify).
However the domain couldn't be authenticated.

Should I use DMARC1;p=none;rua=mailto:dmarc-reports@yyy.com instead?? Also is that correct what they have provided to me on this line? I thought I should use my email address (123@yyy.com) instead of dmarc-reports@....

Thanks in
advance

Aras

eBeeLuv
Excursionist
34 0 13
Aras, you would have to have an email set up as dmarc-reports@xyz.com [mailto:dmarc-reports@xyz.com]  to receive any emails - you basically can send the emails to any email address. So set up an email in your xyc.com so you can receive them. You can set up dmarc@xyc.com, spam@xyc.com, happy@xyc.com. Basically just set up a new email address calling it anything as having a separate email helps keep these reports separate and use that email address.  
Shane-0
Excursionist
14 1 8

Firstly, this is not Shopify that is implementing this change, it is Gmail (& yahoo).  Shopify have provided enough information for most people to be able to follow and implement, the same way that you would have had to have added an SPF record for your domain and also possibly a DKIM.  MailChimp may eventually also implement the same requirements.

 

Many companies around the world now require these extra checks in order to combat SPAM and Phishing, this is only the start, there are more things that may be implemented in the future to further tighten the security.

 

My first suggestion to you would be to try EasyDMARC as i have posted before.  from there you can actually see what is in the reports as they are XML format and you will not be able to read them yourself.

 

If EasyDMARC is not enough then i would suggest you consult an IT specialist. 

 

LitnutsMO
Excursionist
14 0 15

EasyDMARC looks like a good option. Thanks. I also found this list of DMARC service providers (including EasyDMARC) on G2: https://www.g2.com/categories/dmarc

 

outofdarkness
Visitor
2 0 2

I'm lost and shopify is NO help with this! I purchased my domain through shopify they just keep directing me to dmarcian- they keep telling me to go back to the domain host and i'm gettin dizzy! then I just chatted with shopify and they said i'm all good there are no issues but when I check on that dmarcian site it still says I need to add dmarc! i'm going nuts any help would be appreciated

 

LitnutsMO
Excursionist
14 0 15

Hi. Yes...the lack of help/clarity is frustrating. For what it's worth, I ended up doing things myself (see my post from 01-06-2024 05:02 PM, above). I just followed the Google instructions, including phasing in. I got a positive result from https://dmarcian.com/dmarc-inspector/ and other free DMARC inspection services, and started getting DMARC reports. The DMARC reports are not easy to read, but I skimmed the first one and didn't see any red flags. But again, if it starts to feel like more than I can handle, I will hire one of these DMARC consultants: https://www.g2.com/categories/dmarc

 

I hope that helps. 

 

outofdarkness
Visitor
2 0 2
Thank you so much for the info and suggestions!! appreciate it!
4John
Visitor
2 0 0

Thanks for your detailed descriptions.  I'm stuck at "Configure DKIM and SPF before configuring DMARC...."

Where did you find the info to configure DKIM and SPF?

donnamac
Trailblazer
267 5 220

I've read up a bit on what 'dmarc' is, and my understanding is that Dmarc covers both DKIM and SPF.  You should only have to store the TXT record for DMARC.  If you run a check on your site here https://dmarcian.com/dmarc-inspector/  it will confirm you did it correctly.

 

I use GoDaddy as my domain host and subscribe to their email that uses Microsoft 365.  I looked at my DNS records and saw that the DKIM (DNS rec type=CNAME) and SFP (DNS rec type=TXT) records existed. My site check was OK after just adding the TXT rec for DMARC

Italia-Straps
Explorer
58 1 53

Thanks for this. We use Network Solutions for our domain. Adding the DMARC records seems fairly straightforward, but I was also getting stuck on DKIM and SPF. Hopefully adding the DMARC record takes care of all of it.

 

BTW - We only received email notice of these required changes yesterday from Shopify which is weird as the post in the Shopify Community was 12/21/23

donnamac
Trailblazer
267 5 220

@Italia-Straps 

Thanks for mentioning that forum post.  I looked into that then did this.

 

***  Addendum  ***

Well...maybe not that easy....

I have been receiving reports since I added the DMARC record, and noticed there was a section that listed DFIM and SPF as 'failed'.  Dang.

                 <row>

          <source_ip>**I removed this**</source_ip>
          <count>1</count>
          <policy_evaluated>
           <disposition>none</disposition>
           <dkim>fail</dkim>
           <spf>fail</spf>
          </policy_evaluated>
           </row>

 

So I went to this link as someone on this thread suggested to do a 'check' on my site

             https://powerdmarc.com/power-dmarc-toolbox/

We failed the SPF check.  So I looked into that in my domain hosts DNS records:

      The TXT record for spf1 record read like this >>  v=spf1 include:secureserver.net ~all

       I changed to this and re-ran the check and it passed >> v=spf1 include:secureserver.net include:shops.shopify.com ~all

             (insert include:shops.shopify.com before the ~all  and leave a space before and after)

 

I did lookup on my domain host (godaddy) and found 3 DKIM recs for email.shopify.com (they are stored under CNAME type). I  did nothing
and am going to wait for a day or so, then check any report I get in email to see if any of that helped.

 

I really have no idea if I'm totally screwing things up.  I log all my changes so I can easily retrace my steps and remove.

LitnutsMO
Excursionist
14 0 15

Donnamac: Look at you...digging in and messing with your SPF settings. Very brave!  

 

For what it's worth, here's what I've observed regarding DKIM and SPF:

  • I already had DKIM and SPF in my DNS settings. (Don't recall for sure why, but I'm pretty sure I created those when I authenticated my domain for Shopify and Mailchimp.)
  • I went ahead and created my own DMARC: v=DMARC1; p=none; rua=mailto:xxxxx@xxxx.com; pct=5
  • Down the road, I plan to change p to quarantine and then to reject, and pct to 50 and then 100. 
  • I did not include adkim or aspf info in my DMARC record. (The options are s = strict and r=relaxed. Default is relaxed.)
  • I started getting DMARC reports. Sometimes I got a report saying DKIM failed. More often I got a report saying SPF failed.
  • Important note: All of my "sends" thus far have been via Mailchimp. I haven't sent out anything from Shopify yet.
  • On a Mailchimp page about the Google/Yahoo changes, I found this statement: "SPF is already set up on all of our sending IP domain names, so there’s nothing you’ll need to do to set that up." 
  • My takeaway: Most of the DMARC "fails" that I'm getting have to do with SPF, which is controlled by Mailchimp. I suspect Shopify may also be in control of SPF for the IP addresses they use.  

Donnamac, it sounds like you found a solution that works for you. Which is great. And also kinda weird that you had to do anything, in my view.

 

As for me, the "fails" are a very small percentage of my overall sends, so for now, I'm not going to worry about it. 

 

Feel like I've been beating my head against the wall over this! 

donnamac
Trailblazer
267 5 220

@LitnutsMO 

Yea...I do dive in too many times when maybe I shouldn't  😜

There was an SPF rec already stored...I just found documentation on adding shopify to it, which I did.  Figured it wouldn't hurt anything.

We'll see.... too much time always spent on these changes due to lack of direction.  it's frustrating.

 

Fingers crossed 🤞

LitnutsMO
Excursionist
14 0 15

This thread is getting a little  unwieldy. See my response further up the thread to someone else who asked about DKIM and SPF.