Thank you so much for the info and suggestions!! appreciate it!
I didn’t see any response as to whether or not question #1 was answered:
Configure DKIM and SPF before configuring DMARC?
Can you elaborate?
2 Likes
Thanks for your detailed descriptions. I’m stuck at “Configure DKIM and SPF before configuring DMARC…”
Where did you find the info to configure DKIM and SPF?
I’ve read up a bit on what ‘dmarc’ is, and my understanding is that Dmarc covers both DKIM and SPF. You should only have to store the TXT record for DMARC. If you run a check on your site here https://dmarcian.com/dmarc-inspector/ it will confirm you did it correctly.
I use GoDaddy as my domain host and subscribe to their email that uses Microsoft 365. I looked at my DNS records and saw that the DKIM (DNS rec type=CNAME) and SFP (DNS rec type=TXT) records existed. My site check was OK after just adding the TXT rec for DMARC
Thanks for this. We use Network Solutions for our domain. Adding the DMARC records seems fairly straightforward, but I was also getting stuck on DKIM and SPF. Hopefully adding the DMARC record takes care of all of it.
BTW - We only received email notice of these required changes yesterday from Shopify which is weird as the post in the Shopify Community was 12/21/23
The official forum post also includes leads store owners to 4 new CNAME records that need to be added at the respective domain provider. Has anyone successfully updated and authenticated these yet?
Thanks!
1 Like
Thanks for mentioning that forum post. I looked into that then did this.
*** Addendum ***
Well…maybe not that easy…
I have been receiving reports since I added the DMARC record, and noticed there was a section that listed DFIM and SPF as ‘failed’. Dang.
<source_ip>I removed this</source_ip>
1
<policy_evaluated>
none
fail
fail
</policy_evaluated>
So I went to this link as someone on this thread suggested to do a ‘check’ on my site
https://powerdmarc.com/power-dmarc-toolbox/
We failed the SPF check. So I looked into that in my domain hosts DNS records:
The TXT record for spf1 record read like this >> v=spf1 include:secureserver.net ~all
I changed to this and re-ran the check and it passed >> v=spf1 include:secureserver.net include:shops.shopify.com ~all
(insert include:shops.shopify.com before the ~all and leave a space before and after)
I did lookup on my domain host (godaddy) and found 3 DKIM recs for email.shopify.com (they are stored under CNAME type). I did nothing
and am going to wait for a day or so, then check any report I get in email to see if any of that helped.
I really have no idea if I’m totally screwing things up. I log all my changes so I can easily retrace my steps and remove.
I have not rec’d any responses regarding DKIM and SPF. My own experience: These were already set up (perhaps as part of authenticating with Shopify early on?), but I am getting DMARC reports that indicate DKIM and SPF (especially SPF) “fails” from some of the IP addresses used to send out my newsletter. I don’t know what that means or how serious it is – and as far as I know, I do nothave control over the IP addresses used to send out my emails – so I am likely going to hire a DMARC consultant to at least do an initial analysis of the reports I am receiving. I’m hoping I just need a new/updated SPF in my domain’s DNS settings.
This thread is getting a little unwieldy. See my response further up the thread to someone else who asked about DKIM and SPF.
Donnamac: Look at you…digging in and messing with your SPF settings. Very brave!
For what it’s worth, here’s what I’ve observed regarding DKIM and SPF:
- I already had DKIM and SPF in my DNS settings. (Don’t recall for sure why, but I’m pretty sure I created those when I authenticated my domain for Shopify and Mailchimp.)
- I went ahead and created my own DMARC: v=DMARC1; p=none; rua=mailto:xxxxx@xxxx.com; pct=5
- Down the road, I plan to change p to quarantine and then to reject, and pct to 50 and then 100.
- I did not include adkim or aspf info in my DMARC record. (The options are s = strict and r=relaxed. Default is relaxed.)
- I started getting DMARC reports. Sometimes I got a report saying DKIM failed. More often I got a report saying SPF failed.
- Important note: All of my “sends” thus far have been via Mailchimp. I haven’t sent out anything from Shopify yet.
- On a Mailchimp page about the Google/Yahoo changes, I found this statement: “SPF is already set up on all of our sending IP domain names, so there’s nothing you’ll need to do to set that up.”
- My takeaway: Most of the DMARC “fails” that I’m getting have to do with SPF, which is controlled by Mailchimp. I suspect Shopify may also be in control of SPF for the IP addresses they use.
Donnamac, it sounds like you found a solution that works for you. Which is great. And also kinda weird that you had to do anything, in my view.
As for me, the “fails” are a very small percentage of my overall sends, so for now, I’m not going to worry about it.
Feel like I’ve been beating my head against the wall over this!
Yea…I do dive in too many times when maybe I shouldn’t 
There was an SPF rec already stored…I just found documentation on adding shopify to it, which I did. Figured it wouldn’t hurt anything.
We’ll see… too much time always spent on these changes due to lack of direction. it’s frustrating.
Fingers crossed 
1 Like
Make sure to verify yourself.
We made a tutorial at https://www.youtube.com/watch?v=g9tR4ONgqgg
Once you follow all steps at miute 9:57 you will see how to verify yourself. (note there is another verification on dmarc earlier in the video)
4 Likes
Hi there,
I added the DMARC record, but can’t seem to add an email for dmarc@ . I’ve been on the chat with Godaddy for 2 hours and they are escalating the issue. I use microsoft 365 with them. I read that you don’t want to use existing emails because there will be a ton of email reports. Is this the case? Should I just buy another Microsoft 365 account and call it dmarc@?
Hello,
I’m no expert by any means but after a great deal of research I did mine this morning with my Go Daddy account and it worked just fine. First I confirmed that the SPF and DKIM records already existed in my account (they were already there, I did not specifically add them). I then added the following DMARC Record:
Name of text record
_dmarc.xxxxxxx.com
Value of text record
v=DMARC1; p=none; rua=mailto:xxxxxx@xxxxxxxx.com
I then checked that the DMARC was verified, and it was. I not sure if your situation is different then mine, I also use Office 365 through Go Daddy
It is complicated and I had my IT guy do it for that very reason. First we couldn’t send out any emails, he fixed that issue and now we are receiving duplicate sales emails. This is a BIG DEAL and when it results in issues, all of us “non tech” people feel very frustrated. So I agree, SHOPIFY, admit this is a bigger deal and then help everyone with it! Good luck LitnutsMO. I hope you have a smoother experience.
I also went through this with GoDaddy support this morning. Since I had another really weird thing happen yesterday after I did some updating…but I won’t digress. We also use MS 365 email thru them but they all get forwarded to owners gmail. He ‘fixed everything’ and our emails seemed to work OK after that…BUT… the admin email gets email notifications after every sale since we are both online and brick&mortar. However, now we are not getting emails for in-store sales.
It’s always something. Nothing is a clean update/fix in Shopify because they have so many companies/people with their fingers in the pie, noone can figure anything out. IMO Still a work in progress… 
You should be able to get emails for your POS orders too, by editing your order notifications settings:
https://help.shopify.com/en/manual/orders/notifications/order-notifications
“If you want to create notifications for orders from a particular POS location or from the web, then select a location from the list. You can select All to create notifications for all orders. To add notifications for more than one specific location, you need to create them as separate order notifications.”
Hi. I see your answers and makes sense. Maybe you can help me as well.
So my website domain is let’s say xyz.com however the email address I use on this account is 123@yyy.com
This is where I get confused. This is how I set the TXT Value: DMARC1;p=none;rua=mailto:dmarc-reports@xyz.com
And this was provided to me from Shopify (my both domains are on Shopify).
However the domain couldn’t be authenticated.
Should I use DMARC1;p=none;rua=mailto:dmarc-reports@yyy.com instead?? Also is that correct what they have provided to me on this line? I thought I should use my email address (123@yyy.com) instead of dmarc-reports@….
Thanks in advance
Aras
Aras, you would have to have an email set up as dmarc-reports@xyz.com [mailto:dmarc-reports@xyz.com] to receive any emails - you basically can send the emails to any email address. So set up an email in your xyc.com so you can receive them. You can set up dmarc@xyc.com, spam@xyc.com, happy@xyc.com. Basically just set up a new email address calling it anything as having a separate email helps keep these reports separate and use that email address.
That’s a great start to the year. We’re based in Australia and today is the first time I received an email from Shopify about this! Leaving us 2 weeks to figure this mess out. Half of the links in their info email can’t be found and end up on the generic shopify help center page. And they make it sound SO COMPLICATED. Like, what are we paying them for?! Don’t the have resources to put one off their staff to it to make an easy to follow video that we can tag along??!!! To me it looks like they don’t know how to set it up themselves.