Our agency EcomBack has created an easy step-by-step guide to creating and verifying DMARC and SFP records for Shopify and integration with Klaviyo as well as tips on making email content accessible https://www.ecomback.com/blogs/easy-steps-to-enhance-email-security-with-spf-dmarc-and-dkim-records
Topic summary
Urgent requirement: merchants must publish a DMARC record by Feb 1, 2024 to satisfy Google/Yahoo. DMARC (policy telling receivers how to handle unauthenticated mail) relies on SPF (authorized sending servers) and DKIM (cryptographic signature) being set first.
Experiences diverge:
- Some added a simple TXT record (_dmarc.domain) with p=none and an rua address, verified via tools (dmarcian). Others set p=quarantine immediately.
- Several report DMARC passing but SPF/DKIM failing for some senders (e.g., Mailchimp/Klaviyo/Microsoft 365/Shopify mailer). One user “fixed” SPF checks by adding include:shops.shopify.com, though this conflicted with later guidance.
Latest guidance from Shopify: ensure the 4 CNAME “authenticate” records are added; this creates a mailer subdomain (e.g., mailer123.yourdomain.com) whose SPF Shopify manages, so no extra SPF changes are needed for Shopify on your root domain. You still must configure SPF/DKIM for other providers (Google Workspace, Klaviyo, Mailchimp, etc.).
Recommended approach:
- Start with p=none + rua to collect reports; analyze via tools (EasyDMARC/dmarcian), then phase to quarantine/reject.
- Create a dedicated reports mailbox.
Open issues: ongoing SPF fails tied to mailer.shopify.com, DNS host support confusion, Klaviyo subdomain/CNAME conflicts, and how to interpret reports. No final resolution; several users still seeking expert help.