Nope cannot for the life of me figure this mess out. Would it be an easier fix to transfer your domain to Shopify so they can be the host.
Topic summary
Urgent requirement: merchants must publish a DMARC record by Feb 1, 2024 to satisfy Google/Yahoo. DMARC (policy telling receivers how to handle unauthenticated mail) relies on SPF (authorized sending servers) and DKIM (cryptographic signature) being set first.
Experiences diverge:
- Some added a simple TXT record (_dmarc.domain) with p=none and an rua address, verified via tools (dmarcian). Others set p=quarantine immediately.
- Several report DMARC passing but SPF/DKIM failing for some senders (e.g., Mailchimp/Klaviyo/Microsoft 365/Shopify mailer). One user “fixed” SPF checks by adding include:shops.shopify.com, though this conflicted with later guidance.
Latest guidance from Shopify: ensure the 4 CNAME “authenticate” records are added; this creates a mailer subdomain (e.g., mailer123.yourdomain.com) whose SPF Shopify manages, so no extra SPF changes are needed for Shopify on your root domain. You still must configure SPF/DKIM for other providers (Google Workspace, Klaviyo, Mailchimp, etc.).
Recommended approach:
- Start with p=none + rua to collect reports; analyze via tools (EasyDMARC/dmarcian), then phase to quarantine/reject.
- Create a dedicated reports mailbox.
Open issues: ongoing SPF fails tied to mailer.shopify.com, DNS host support confusion, Klaviyo subdomain/CNAME conflicts, and how to interpret reports. No final resolution; several users still seeking expert help.