Domain Authentication

Technical Q&A

Topic summary

A user encountered domain authentication issues after purchasing a domain from GoDaddy for their Shopify store, as shown in a screenshot.

Resolution Steps Provided:

  • Access GoDaddy DNS settings and navigate to the domain control panel
  • Copy three CNAME records from Shopify (Settings > Notifications > “Authenticate domain”)
  • Add these CNAME records in GoDaddy’s DNS management
  • Wait up to 48 hours for DNS propagation

DMARC Policy Question:
The user also asked about DMARC policy settings (currently at p=none). A detailed explanation was provided covering three phases:

  1. p=none (Monitoring) - Current state; monitors email authentication without blocking
  2. p=quarantine - Sends unauthenticated emails to spam folders
  3. p=reject - Completely blocks unauthenticated emails

Recommendation included adding an rua tag to receive authentication reports.

Outcome:
The user decided not to proceed with DMARC policy changes due to complexity but was satisfied with keeping the current monitoring setting for now, with the option to revisit later.

Summarized with AI on October 27. AI used: claude-sonnet-4-5-20250929.
1

Please help how to fix this.. I’m bought this on GoDaddy

Screenshot 2025-06-07 134834.png
Screenshot 2025-06-07 134834.png910×401 27.2 KB

2

To solve the domain authentication problem for your Shopify email on a GoDaddy domain, log into GoDaddy and access your DNS settings. In Shopify, navigate to Settings > Notifications, click “Authenticate domain”, and copy the three CNAME records that appear. Next, in your GoDaddy account, add those CNAME records provided. Click Save and wait for DNS changes to be updated which may take up to 48 hours. As soon as it’s done, the error message should now be gone, and your shop emails will be sent through your Store instead of Shopify’s generic one.

3

After copying three CNAME records that appear then I go to GoDaddy account, where will I add those records?

4

Hi @xSon ,

Once you get the CNAME from Shopify, you can go to the Godaddy page to add those CNAMEs as described in Godaddy official page.

5

thank you, how about this one, do you know how to fox this please?

Screenshot 2025-06-08 133233.png
Screenshot 2025-06-08 133233.png1568×554 68.1 KB

6

There are three phases you need to go through

  1. p=none (Monitoring) is where you are currently. You can also include rua tag in your DMARC record which will send a report to you about how have used your domain to send emails but failed to verify that they were legit (as in unauthenticated emails)

    1. Example is v=DMARC1; p=quarantine; rua=mailto:your_email@yourdomain.com;. your_email@yourdomain.com can be replaced with any other emails.

  2. p=quarantine (Quarantine). This will move all unauthenticated emails from you domain to spam folder in the receiver email (for example, your customers)

    1. Example is v=DMARC1; p=quarantine; rua=mailto:your_email@yourdomain.com;

  3. p=reject (Reject): The email provider of your receiver (like your customers) will simply reject this email. This means that your receiver will never see those emails.

    1. Example is v=DMARC1; p=reject; rua=mailto:your_email@yourdomain.com;

The technical details are outlined below if you are interested in learning more.

  1. p=none (Monitoring): (What you currently have) This allows you to collect DMARC reports (if you’ve included an rua tag in your record) and see who is sending email on behalf of your domain, and whether those emails are passing SPF and DKIM. This phase is crucial for identifying any legitimate senders you might have missed configuring with SPF/DKIM.

  2. p=quarantine (Quarantine): Once you’re confident that all your legitimate email sources are correctly authenticated (passing SPF and DKIM), you can move to p=quarantine;.

    Example: v=DMARC1; p=quarantine; rua=mailto:your_email@yourdomain.com;
    This policy tells receiving servers: “If an email from my domain fails DMARC, please move it to the recipient’s spam/junk folder.” This offers some protection without completely rejecting potentially important emails.

  3. p=reject (Reject): After a period of p=quarantine with no unexpected issues, you can move to the strongest policy: p=reject;.

    Example: v=DMARC1; p=reject; rua=mailto:your_email@yourdomain.com;
    This policy tells receiving servers: “If an email from my domain fails DMARC, completely reject it. Do not deliver it to the inbox or spam folder.” This provides the highest level of protection against email spoofing.

Hope this helps!

Kind regards,

Den from FlashWombat

7

wow! how did you know about all of this, anyway I will not go through this steps as I can’t understand a thing about it haha, is it ok, is it safe? thank you!

8

Hey @xSon , It should be okay for now. You could revisit this later once you have time and resources. Hope you are fulfilled with my answer!

9

yes I am! thank you!