Source Guide: Mailchimp
This guide describes the process for configuring Mailchimp to send DMARC-compliant messages. You will need to configure this source, and others that send on your behalf, before advancing your DMARC policies to a more restrictive state (e.g., quarantine and/or reject).
To bring this source into DMARC compliance, you will need access to Mailchimp’s administrative account and the domain’s DNS management console.
From time to time, these instructions change with very little advance notice. Please always refer to documentation published by Mailchimp for the most complete and accurate information.
Mailchimp is a marketing automation platform and email marketing service. It’s often used by marketing and sales departments for their marketing campaigns. Mailchimp supports DMARC compliance through DKIM alignment.
You must first verify your domain with Mailchimp before you can enable DKIM.
To configure DKIM:
Step 1: Navigate to the website icon in the Mailchimp console.
Step 2: Click Domains.
Step 3: Click Start Authentication next to the verified email domain you want to work with.
Step 4: Choose your domain provider from the dropdown and click Next. If your service or software is not listed, choose Other.
Step 5: In a separate browser window or tab, navigate to your domain provider’s website and find your domain’s records. You can find links to how to add and edit records of certain DNS providers in this Mailchimp article.
Step 6: After you find your domain’s records, navigate back to Mailchimp and click Next.
Step 7: Follow the instructions for creating new CNAME records. Copy the values for your new records and paste them into the appropriate fields for your domain.
STEP 8: When you’re done, click Next.
Your email domain will be authenticated as soon as Mailchimp can confirm your records are updated and correct. This could take up to 48 hours. Mailchimp will email you when the authentication process is complete or to let you know if there are any issues with completing the process. When authentication is successful, you’ll see the Authenticated label next to the domain on the Domains page in your account.
Reference: Mailchimp’s DKIM directions
Note on SPF
Mailchimp often makes use of its own addresses in the mail-from in order to perform actions such as bounce management (failed delivered, rejected mail, etc.). For this reason, adding Mailchimp’s include statement to your SPF record is not necessary because it will not pass SPF alignment. Learn more about Mailchimp SPF records here.
If you have a dmarcian account, it may take a few days to see these changes reflected in the dmarcian platform. You can look in the Detail Viewer (shown below) to check SPF and DKIM alignment required for DMARC.
We’re Here to Help
With a team of email security experts and a mission of making email and the internet more trustworthy through domain security, dmarcian is here to help assess an organization’s domain catalog and implement and manage DMARC for the long haul.
Want to continue the conversation? Head over to the dmarcian Forum.