Setting Up Mailchimp Email Authentication

Complete guide to configuring SPF, DKIM, and DMARC for Mailchimp marketing emails.

Setting Up Mailchimp Email Authentication

Mailchimp is a popular email marketing platform. This guide covers setting up SPF, DKIM, and DMARC for Mailchimp campaigns.

Prerequisites

  • Mailchimp account
  • Domain verified in Mailchimp
  • Access to your domain's DNS settings
  • MailSentinel account for DMARC monitoring

Overview

Mailchimp requires:

  1. SPF - Authorize Mailchimp to send emails
  2. DKIM - Sign emails with Mailchimp's keys
  3. DMARC - Monitor and enforce authentication

Step 1: Add Domain to Mailchimp

  1. Log in to Mailchimp Dashboard
  2. Go to AccountSettingsDomains
  3. Click Add Domain
  4. Enter your domain (e.g., example.com)
  5. Follow Mailchimp's domain verification process

Step 2: Configure SPF for Mailchimp

Get Mailchimp SPF Include

Mailchimp provides this SPF include:

include:servers.mcsv.net

Build Your SPF Record

If Mailchimp is your only email service:

v=spf1 include:servers.mcsv.net -all

If you use other services (Google Workspace, etc.):

v=spf1 include:_spf.google.com include:servers.mcsv.net -all

Important: Only ONE SPF record per domain. Merge all includes into a single record.

Add SPF Record to DNS

DNS Record Details:

  • Type: TXT
  • Host: @ or leave blank (root domain)
  • Value: Your complete SPF record
  • TTL: 3600 (1 hour)

Verify SPF Setup

  1. In Mailchimp dashboard, check domain status
  2. Use MailSentinel to verify SPF record
  3. Use MXToolbox SPF checker

Step 3: Configure DKIM for Mailchimp

Get DKIM Records from Mailchimp

Mailchimp automatically generates DKIM keys:

  1. In Mailchimp dashboard, go to AccountSettingsDomains
  2. Find your verified domain
  3. Click View Details or Edit
  4. You'll see DKIM records like:
Host: k1._domainkey
Type: TXT
Value: k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC...

Host: k2._domainkey
Type: TXT
Value: k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC...

Add DKIM Records to DNS

For each DKIM record:

  1. Add TXT record to your DNS:

    • Host: k1._domainkey (or k2._domainkey)
    • Type: TXT
    • Value: The complete DKIM value provided by Mailchimp
    • TTL: 3600

  2. Repeat for all DKIM selectors (usually 2)

Verify DKIM Setup

In Mailchimp Dashboard:

  • Status should show "Verified" or green checkmark
  • May take 15-60 minutes to verify

Manual Verification:

  1. Send test campaign through Mailchimp
  2. Check email headers
  3. Look for DKIM-Signature header
  4. Verify signature is valid

Step 4: Configure DMARC for Mailchimp

Get Your MailSentinel Report Address

  1. Log in to MailSentinel
  2. Add your domain
  3. Go to SettingsDMARC Configuration
  4. Copy report address: your-org-id@reports.mailsentinel.io

Create DMARC Record

Starting with monitoring:

v=DMARC1; p=none; rua=mailto:your-org-id@reports.mailsentinel.io

After monitoring (quarantine):

v=DMARC1; p=quarantine; rua=mailto:your-org-id@reports.mailsentinel.io; adkim=r; aspf=r

Full protection:

v=DMARC1; p=reject; rua=mailto:your-org-id@reports.mailsentinel.io; ruf=mailto:your-org-id@forensic.mailsentinel.io; adkim=r; aspf=r

Add DMARC Record to DNS

DNS Record Details:

  • Type: TXT
  • Host: _dmarc
  • Value: Your complete DMARC record
  • TTL: 3600

Verify DMARC Setup

  1. Use MailSentinel to check DNS
  2. Verify DMARC record is detected
  3. Wait 24-48 hours for first reports
  4. Monitor in MailSentinel dashboard

Mailchimp-Specific Considerations

Domain Authentication

Required Steps:

  1. Add domain to Mailchimp
  2. Verify domain ownership
  3. Add SPF and DKIM records
  4. Wait for verification

Mailchimp IP Addresses

If you need to whitelist IPs:

  • Mailchimp uses shared IP pools
  • Don't add individual IPs to SPF
  • Use include:servers.mcsv.net instead

Mailchimp Subdomains

For Link Tracking:

  • Mailchimp may use subdomains for links
  • Configure link branding if needed
  • SPF/DKIM/DMARC apply to main domain

Mailchimp API

For API Sending:

  • Same domain authentication applies
  • SPF/DKIM/DMARC work automatically
  • No additional configuration needed

Common Mailchimp Configurations

Mailchimp Only

SPF:

v=spf1 include:servers.mcsv.net -all

DKIM: Configure in Mailchimp dashboard

DMARC:

v=DMARC1; p=none; rua=mailto:your-org-id@reports.mailsentinel.io

Mailchimp + Google Workspace

SPF:

v=spf1 include:_spf.google.com include:servers.mcsv.net -all

DKIM: Configure both Google Workspace and Mailchimp DKIM

DMARC: Same as above, covers both services

Mailchimp + Multiple Services

SPF:

v=spf1 include:_spf.google.com include:servers.mcsv.net include:sendgrid.net -all

DKIM: Configure for each service

DMARC: Single DMARC policy covers all

Troubleshooting Mailchimp Issues

Issue 1: SPF Not Working

Symptoms:

  • Emails failing SPF check
  • Mailchimp shows authentication errors

Solutions:

  1. Verify SPF record includes include:servers.mcsv.net
  2. Check only one SPF record exists
  3. Verify DNS propagation (wait 15-60 minutes)
  4. Use SPF checker to validate

Issue 2: DKIM Not Signing

Symptoms:

  • No DKIM signature in headers
  • Mailchimp shows DKIM not verified

Solutions:

  1. Verify DKIM records are published in DNS
  2. Check selector matches Mailchimp's expectation
  3. Wait for DNS propagation
  4. Verify domain is authenticated in Mailchimp
  5. Check for typos in DNS records

Issue 3: DMARC Failures

Symptoms:

  • DMARC reports show failures
  • Emails going to spam

Solutions:

  1. Verify SPF alignment
  2. Verify DKIM alignment
  3. Check From: domain matches authenticated domain
  4. Review DMARC reports for details
  5. Fix underlying SPF/DKIM issues

Issue 4: Domain Not Verifying

Symptoms:

  • Mailchimp shows domain not verified
  • DNS records not detected

Solutions:

  1. Wait 15-60 minutes for DNS propagation
  2. Verify DNS records are at correct location
  3. Check for typos in records
  4. Ensure nameservers are correct
  5. Try removing and re-adding domain

Best Practices for Mailchimp

1. Use Dedicated Subdomain

For Marketing Email:

  • Use subdomain like mail.example.com or newsletter.example.com
  • Isolates reputation from main domain
  • Easier to manage

SPF for Subdomain:

mail.example.com  TXT  "v=spf1 include:servers.mcsv.net -all"

2. Monitor Authentication

Key Metrics:

  • SPF pass rate (target: 95%+)
  • DKIM pass rate (target: 95%+)
  • DMARC pass rate (target: 95%+)
  • Bounce rate (target: <5%)
  • Spam complaint rate (target: <0.3%)

3. Regular Audits

Quarterly Reviews:

  • Check SPF includes still needed
  • Verify DKIM keys are valid
  • Review DMARC reports
  • Update records as needed

4. Test Before Production

Before Going Live:

  • Send test campaigns
  • Verify authentication headers
  • Check DMARC passes
  • Test with multiple providers

5. Use MailSentinel for Monitoring

Benefits:

  • Centralized DMARC monitoring
  • Alerts for authentication failures
  • Detailed reporting
  • Progress tracking

Mailchimp Compliance

Google & Yahoo Requirements (2024)

Bulk senders (5,000+ emails/day):

  • ✅ SPF required
  • ✅ DKIM required
  • ✅ DMARC policy required
  • ✅ Spam rate below 0.3%

Microsoft Outlook Requirements (2025)

Bulk senders:

  • ✅ SPF and DKIM required
  • ✅ DMARC policy required
  • ✅ Spam rate below 0.3%

Mailchimp Best Practices

List Management:

  • Double opt-in recommended
  • Regular list cleaning
  • Remove inactive subscribers
  • Honor unsubscribe requests immediately

Content:

  • Avoid spam trigger words
  • Include clear unsubscribe link
  • Personalize content
  • Test before sending

Next Steps

After setting up Mailchimp authentication:

  1. Monitor DMARC Reports - Track authentication status
  2. Set Up Alerts - Get notified of issues
  3. Review Best Practices - Optimize deliverability
  4. Troubleshoot Issues - Fix any problems

Additional Resources