Configure SPF, DMARC, DKIM for a mail server, Mailchimp and Sendinblue at the same time

Hello, I hope I am not posting in the wrong place.

I have a problem in configuring the SPF, DKIM, DMARC mail server with Cloudflare.

I have a domain name and site that is connected to Cloudflare and working fine. On the other hand, I use an email for several purposes (marketing with Mailchimp, transactional with Sendinblue and personal with the mail server of my hosting). To increase deliverability, I added SPF, DKIM and DMARC. Everything works fine except for my mail server. Unable to send or receive emails personally with my address.

How to correctly configure an email when it is used on an email server and on Mailchimp or sendinblue at the same time?

Thanks a lot !

Aloïs

If everything is on the root of the domain, then you need to (carefully) combine the recommended SPF records for each of your email sources into one record. Have you done that, or did you create a few SPF records?

What is the domain?

2 Likes

Hi Michael,

Hi Michael, thanks for the quick response. Yes, I created an spf on which I have the mail server, Mailchimp, Sendinblue, and Google because I process my pro mail from gmail (is it necessary to have Google in the spf for all that?)

You have a few issues with the SPF as shown, and several other email related configuration issues.

You have two includes in the SPF record for your own domain. The include with the naked domain creates a circular reference, and should be deleted. You also have an include for the mail hostname. There is no SPF record there, so nothing to include.

You need to include any and all IP addresses that you send mail from. (Where you receive email is not relevant).

But your actual problem is probably not SPF. The MX records appear to be incorrect. The mail hostname does not resolve. The next priority on your MX list seems to timeout.

Who is your email service provider?

4 Likes

Mailchimp will never include your domain in the return-path, which means you don’t need Mailchimp in your SPF.

Thanks a lot Michael, :blush:
here is a picture answer. the links don’t work

Thanks @epic.network

Does this mean that Mailchimp manages the spf itself? If I send mailchimp marketing emails with this email address, don’t I need to integrate it into my SPF anyway?

There are two From values in every email. The one you see in your email client is the RFC 5322 sender. The one you will only see in the SMTP headers is the RFC 5321 sender, also referred to as the return-path. The latter is what SPF evaluates. Mailchimp will never use your domain in the return-path, which means your SPF record will never be consulted in connection with Mailchimp email. Using an include statement of Mailchimp records in your SPF record only wastes limited resources.

The only way to authenticate Mailchimp email sent with your domain in the RFC 5322 From is by making sure that you have working Mailchimp DKIM records. Mailchimp will provide CNAME records. Ensure they are set to :grey: DNS Only.

1 Like

It’s very clear @epic.network . Thank you for taking the time to explain to me.

1 Like

When entering hostnames in yourreplies, you can make them easier to read and prevent Discourse from trying to turn them into links by using a backtick ` before and after the text. This will style it as </> Preformatted text. If you have a few lines thatneed to be preformatted, you can place three backticks on the line before and after your text.

There is no point to including a :orange: proxied A record in your SPF because it will resolve to Cloudflare IPs that will never be sending email.

1 Like

Hi @michael.
Thank you very much for the reply. It’s definitely an MX problem. The host is o2switch. I managed to do a setup just a few weeks ago but I can’t seem to reproduce it. How can I configure an MX to the o2switch mail server to send and receive mails? How not to expose the email address and protect it? Thanks a lot for the help.

It’s worth mentioning that include: in an SPF record points to a service which returns (through a DNS lookup) a list of IPs. You could also just include those IPs directly, but because IPs are sometimes rotated, services will give you a domain name (usually mail.example.com or similar) to add for your SPF record. What people are sharing above is that any include: you add should only reference hostnames which return actual mail server IP addresses. This is why you wouldn’t include your Cloudflare-proxied base domain name for instance.