Menu
I'm looking to add SPF and DKIM to my domain for MailChimp.
The domain in question is running through G Suite and has the following TXT record for SPF:
v=spf1 include:_spf.google.com ~all
The domain also has a TXT record for Google DKIM.
I've read via the MailChimp and G Suite docs that you shouldn't add more than one SPF record. With this in mind, would this be the correct way of adding MailChimp's SPF record?
v=spf1 include:_spf.google.com ~all include:servers.mcsv.net ?all
Do the same rules apply for DKIM or am I okay to add multiple records for this?
825
The answer is no: a domain MUST NOT have multiple SPF records, otherwise SPF fails with PermError.
Can I have multiple DKIM records? A domain can have as many DKIM records for public keys as servers that send mail. Just make sure that they use different selector names. Read about the importance of rotating your DKIM keys and automating that process here.
Don't use multiple SPF records! A domain name MUST NOT have multiple records that would cause an authorization check to select more than one record. The rule of thumb: multiple SPF records will fail the SPF authentication.
No, you can only have a single SPF record for a domain. The right way to combine those is:
v=spf1 include:_spf.google.com include:servers.mcsv.net ~all
You should never use ?all as the default action – it's as bad as not having SPF at all.
DKIM is different – you need a selector as the DNS name, so if Mailchimp uses a selector called mc (their docs will say), you would put their key in a record called mc._domainkey.example.com (substituting your domain for example.com). You can have many such selector records, and they are all independent.
You might like to look into creating a DMARC config as well.
195
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
