Verifying Domain with Mailchimp

My website is on Shopify, my domain is through Homestead, and we have it pointing from Homestead to Cloudflare. I am trying to verify my domain through Mailchimp, but it keeps having issues. I am not very techy but I am trying to get this resolved. Can someone give me step by step instructions please? Here’s a screenshot of my CNAME and DMARC things that Mailchimp has mentioned previously.

Looking at the _dmarc record, you do actually have two (2) records.

You can only have one.

Do you have input on which one should I keep? The 1hr or the auto, I’m not sure of the difference?

They are both doing the exact same thing, regardless of the TTL.

The TTL only suggests how long that the other end should remember (e.g. “cache”) the DNS response for.

So which one you delete shouldn’t matter.

To comply with Mailchimp weird way of doing business, you might need to delete the one that has the AUTO TTL.

To elaborate on the “weird way of doing business”, I suggest you read the phrase I mentioned just ~ 23 minutes before your thread, and especially the last two lines / sections.

TL;DR: If Malchimp requires the use of “p=none;”, I would look at another provider for your email deliveries.

In addition, … in regards to input:

I don’t know your affiliation with SendGrid (as mentioned in your records), and whether you’re trying to leave them and if that would be your reason to choose Mailchimp, or it is going to be a mix of using them both, or similar.

However, in regards to deliverability through SendGrid, I wouldn’t be expect anything at all.

SendGrid has for more than a decade turned the blind eye to spam, phishing and malware egressing from their network, and never done anything to e.g. terminate bad customers.

The Swiss Government Computer Emergency Response Team did for example comment the role of those email provides, with a very specific mention of SendGrid over here:

“SpamGrid”, as it is referred to in various email communities, wouldn’t be a provider I put my faith in…

Okay thank you! I have no idea when we ever used SendGrid so I just deleted those as well. If I don’t want to use the p=none, can I copy the DMARC coding from your past comment that you linked for mine or would I have to get custom code?

The best option, with the potential consequences are here:

Technically, you can copy it.

However, by blindly coping such data, the rua=/ruf= tags may have the potential of exposing some information about activity (pretending to be) from your domain name to a random third party.

That random third party should at most (with rua=) be able to see that e.g. legitimate activities through Google may be passing just fine, but that (eventual ill) activities from e.g. Microsoft would be failing email authentication.

In addition, the “reject” line from there is also including “pct=100;fo=0;rf=afrf;ri=86400;”, which can be omitted, as these are all the default values of the DMARC specification, if left omitted.

That said, -

Through your MX records, it also looks like you’re running through Google Workspace.

But you haven’t yet configured DKIM authentication for your domain.

Follow the instructions here:

Turn on DKIM for your domain - Google Workspace Admin Help

When asked, select 2048-bit for the key size / length.

And, …

In addition, your “v=spf1TXT record (last on your screenshot from above), I would also suggest changing the ending on that one, from “~all” to “-all”.