DNS Cname & Keap (Infusionsoft)

Hello, I’m trying to set up DMARC for Keap. MY DNS is hosted on cloudflare. The domain I’m trying to validate is e.indimoves.com.

In the DNS CNAME setting, I have
name: zh725.e.indimoves.com
content: return.infusionmail.com

I’m getting this error on cloudflare
This hostname is not covered by a certificate.

This is a second-level subdomain so isn’t covered by the Cloudflare Universal SSL certificate (which only covers indimoves.com and *.indimoves.com).

As your CNAME is just for a DMARC record, this doesn’t matter since you won’t be using the CNAME for a web page, so you can ignore the warning.

You need to set that DNS record to “DNS only” and not “Proxied” though for it to work as it’s returning Cloudflare IP addresses instead of the target TXT record…

dig +short zh725.e.indimoves.com
104.21.96.47
172.67.173.4

…then the warning will go away.

Thank you. I’m still getting an error when trying to verify my DMARC.

Here are my settings, below are correct from Keap (Infusionsfoft). The error I receive: You have a valid DMARC record that provides visibility into the entirety of your email program(s) and helps ensure you meet email sending best practices as well as select Yahoo and Google’s new sending requirements. Your domain however is not fully protected against abuse.

There’s a lot to dig in to here.

For the CNAME zh725.e, return.infusionmail.com does not resolve. The CNAME itself is returning this…

dig +short zh725.e.indimoves.com
172.67.173.4
104.21.96.47

Can you show a screenshot of all your DNS records?

As for SPF/DMARC/DKIM you seem to have a variety of records across your domain, api, app, and e subdomains. Which are you sending email from? Ideally you should SPF, DKIM and DMARC for each if they are sending email. You don’t have any MX records for replies to the subdomain either.

The e subdomain seems the most complete for mail records…
https://cf.sjr.org.uk/tools/check?fcce2abe05c14963b42c224b3fe5eabf#dns-mail-subdomain

mail.indimoves.com appears to be proxied, and should be “DNS only” (not shown in your screenshot).

Full list of DNS below. I currently have sendgrid DMAR set up and it’s working and authorized fine. It’s just Keap (Infusionsoft). I just don’t get it.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.