I want to update DKIM and SPF record for domain Authentication in mailchimp"problem"

Hello there, I want to update DKIM and SPF for domain Authentication in mailchimp.
I added them and already authenticated my domain but the emails don’t reach now?!

Anyone know what’s the problem?

This is the DKIM and SPF checker I use. They also have a delivery tester you can use.
https://www.mail-tester.com/spf-dkim-check

I also use dmarcian.com to check such records. But if your mail through Mailchimp isn’t getting delivered, give Mailchimp Support a try:

Send us a test result link of your test on the mail-tester platform so we can help you analyze your headers so we can check to see what’s going on. You may just have to wait for propagation.

Thanks very much both @sdayman

and @neonic for your trying to help. Here’s a screenshoot.
I don’t know what’s meaning by DKIM Selector I just put my Cname Name.

So, here on Cloudflare you can specify SPF Records and other services look for SPF Records as TXT Records. You should specify both (in my opinion). As for the DKIM I just set a * wildcard for my selector so my SPF will be applied regardless. My web-host wants a default._ selector and some other services want random._ selectors cause they’re picky. So, that’s where my * wildcard DKIM helped that. Once this was applied it went ahead and linked my SPF with all of my requesting DKIM selectors.

You should also if you can set your PTR Record.

Please note, your Server IP and Mail Server IP may be different for your SPF Records which could be causing an authentication error. Mine was.

Here’s an example of the SPF I had to use to authenticate myself via Server IP and Mail Server IP:

v=spf1 +mx +a +ip4:***.**.**.* +ip4:***.**.**.*** ~all

Remember what I wrote above about the SPF while implementing it.

I now score a 10/10.

@neonic, To be honest, I don’t fully understand. Can you tell me what to do by steps?

Okay, you have your SPF Record set with your Server IP and Mail Server IP?

Selector should just be k1 in your check, I think.

Make sure the CNAME entry for k1._domainkey in Cloudflare is ‘grey cloud’

SPF and DKIM work independently, no setting of wildcard DKIM will help SPF and they cannot be linked (ignoring DMARC for now).

Also seeing as the DKIM DNS record holds the public key associated with the private key of a signing mail server (identified by the hopefully unique selector) a wildcard entry doesn’t really make any sense as it will invariably be the wrong key when used to verify a message. This would cause more harm than good when mail is used in the real world, even if it is helping you pass online checks.

@neonic I only added the SPF record to my Cloudflare DNS.

@saul, Thanks for the reply and trying to help. I tested it with k1 see the result in the below image.


Yes, the CNAME Is a grey cloud. Also, I contacted MailChimp he told me "Jumping right in, I went ahead and preformed a delivery check on my end to see where these emails were ending up. In the search I did see that all emails were delivered with no issue. "

But I replied to him that I checked both inbox and spam. I tested that after authenticating with a lot of emails with the same result"Failure"

Both SPF and DKIM look fine. Any issue with the DKIM (it varies ever-so-slightly from best practice) is with the Mailchimp controlled record to which you link. Nothing in your control.

Personally I think you look good to go.

@saul So the problem is with MailChimp and all I have to do is following the problem with them, isn’t it?

I honestly can’t see a problem with your config. Mails sent out via Mailchimp will be working fine and that’s what your SPF and DKIM records say.

Only issue I can see is if you try to send email out from a non-Mailchimp service (GSuite, Zoho, Office365 etc.) as your SPF record is telling people that you only expect them to get mail from Mailchimp and to consider everything else ‘spammy’. If this is the case let me know what you use to send email (that is presumably no longer working) and I’ll take a look, even though this isn’t really a Cloudflare issue just for clarification.

3 Likes

@saul, I’m using clickfunnels which integrated with MailChimp. This is the form link
https://otopics.clickfunnels.com/train-your-dog
You can also test it and the emails won’t be sent to you.

My adblocker blocks it unfortunately.

From a DNS standpoint you’re fine so this will be one for Clickfunnels/Mailchimp then, you’re right.

1 Like

@saul, This is mailchimp response

Also, He told me that he test an email and got my email.
Can you tell me how easily I can do what he asked me to do?
If there a video on youtube or something like that I’ll be thankful.

Well the guy just confirmed my thoughts which are everything is fine. At least from as much as can be done at Cloudflare (namely the DNS which is all perfect) and the email transmission side - he’s confirmed that emails are being sent. So this then becomes a problem based around your email address isn’t receiving emails from Mailchimp.

Mailchimp’s response is exactly what I’d say in this case - get in touch with whoever looks after your email address and get them to look into why you’re not receiving your emails from Mailchimp. And again, Mailchimp are spot on - your email service needs to make sure that the Mailchimp email server IP addresses and your Mailchimp email address are whitelisted in your email.

This isn’t a Cloudflare/Mailchimp setup issue now, but a problem with you receiving email. There’s little that anyone on here can help you with regarding that.

2 Likes

@saul
Hello, Here is what I have found out about the problem.
1- In Gmail: the emails sent to promotions.
2- In yahoo: The emails sent normally to inbox.

The problem is when you are trying to send email again to these emails it
did not reach even in Spam!!

So, If anyone tries to submit this form times2 with the same email you used
in both https://otopics.clickfunnels.com/train-your-dog
https://otopics.clickfunnels.com/train-your-dog
I think you won’t get 2 emails.

Has this been solved?

@neonic, No at all.