Set Up Custom Domain Authentication: DKIM and SPF

Internet Service Providers (ISPs), like Google, Yahoo, and Microsoft, use DKIM and SPF authentication as a way to scan incoming emails for spam or spoofed addresses. Emails that fail authentication are more likely to arrive in a spam or junk folder.

To help ensure your campaigns reach your recipients' inboxes and to make your campaigns look more professional, you can set up custom DKIM authentication for your domain, and add Mailchimp to your SPF record.

In this article, you'll learn how to set up DKIM and add Mailchimp to your SPF record.

Before You Start

Here are some things to know before you begin this process.

  • Custom domain authentication is optional for Mailchimp users. Learn more about the benefits of default vs. custom domain authentication.
  • To set up authentication, you need to change some account settings with your DNS provider. If you don't know who your DNS provider is, reach out to your hosting service.
  • Certain hosting providers, like Network Solutions, don't support Mailchimp's custom authentication standards. We recommend switching to a compatible service listed in this article if you need to set up custom authentication.

Custom Authentication: Task Roadmap

To authenticate your domain, you'll need to complete tasks in Mailchimp and your domain provider's zone editor or cPanel. This process requires you to copy and paste information from Mailchimp to your domain provider's site. We recommend that you work with two browser windows or tabs to easily move between your sites.

Here's a brief overview of the process.

In MailchimpIn Your Domain's cPanel
or Zone Editor
• Verify your domain.

• Copy two important pieces of information, your CNAME record for DKIM, and your TXT record for SPF
Create a CNAME record for with this value:

• SPF:
Create a TXT record for with this value: v=spf1 ?all


  • The URLs above are examples only. Replace "" with the domain you want to authenticate.
  • The values that you enter for these records are dependent on your hosting provider's DNS console. Contact your hosting provider for specific setup-related questions.
  • If your hosting provider requires you to use IP addresses, you can find Mailchimp's IPs here.

Verify Email Domain and Copy Records

To get started, log in to Mailchimp to verify your email domain and copy your CNAME and TXT records.

Verify Your Email Domain

Before you can authenticate your domain, verify your email domain on the Domains page in the Account Settings section of your Mailchimp account.

Account Settings Domains Emails VerifiedEmailDomainBadge

This process requires you to respond to a confirmation email. If you don't receive the email after a few moments and you've checked your spam or junk folders, visit our verification troubleshooting guide.

Copy Authentication Information

After your email domain is verified, you'll copy some important pieces of information in your Mailchimp account.

To find your domain's authentication information, follow these steps.

  1. Navigate to the Domains page in your Account Settings.
  2. Next to the verified email domain you want to work with click Authenticate.
    Account Settings Domains Emails AuthenticateButton
  3. In the Domain Authentication pop-up modal, we'll show you what information needs to be added or changed with your domain provider.
    Account Settings Domains Verified Email Domain

  4. In another browser tab or window, use this information to edit your domain's DNS record.

  5. Return to the Domains page in your Mailchimp account and click Authenticate Domain.

About DNS Record Changes

To authenticate your domain, navigate to your domain provider's site. Then, use the the DKIM and SPF information from Mailchimp to update your DNS records.

Domain providers use different names for the page where you'll update the DNS record, like cPanel, Zone Editor, Zone File Settings, Manage Domains, Domain Manager, DNS Manager, or something similar.

Example CNAME Record for DKIM

Here's an approximate example of what your CNAME record will need to look like to set up DKIM authentication. When you edit your own records, these columns and their labels may look different. Each DNS provider has different settings, so the setup illustrated in this article may not work for all domains.

Record TypeNameValue/DataTTL
CNAME Recordk1._domainkey.yoursite.comdkim.mcsv.netDefault


  • DKIM requires underscores in the CNAME file. However, in the past, DNS didn't allow for underscores and some registrars still do not allow them to appear in the CNAME file. If you receive this type of error when you set up DKIM, the issue is on the registrar's side. We recommend either of these three options: contact your registrar for assistance, set up a secondary custom domain with a registrar that allows underscores, or switch DNS providers.
  • Depending on your provider, you may need to add a period at the end of your CNAME record. Some providers add this period automatically, so you may want to refer to their help site for more information.


Example TXT Record for SPF

Here's an approximate example of what your TXT record will need to look like to set up SPF authentication. Remember, when you edit your own records, these columns and their labels may look different.

Record TypeNameValue/DataTTL
TXT Recordyoursite.comv=spf1 ?allDefault

SPF Tips

  • SPF should be set up with a TXT record, rather than an SPF record.
  • If you need hands-on assistance, several third-party services can be hired to help you with SPF setup. Check out Fraudmarc for more information.
  • When you make your updates, it's important to also ensure that any other email service provider (ESP) or internet service provider (ISP) you use is also included in your SPF record.
  • Avoid creating more than one TXT record for SPF. However, you can create multiple values in the same record with an include statement.


v=spf1 ?all
  • Depending on your provider, you may need to add quotation marks around your entire SPF record.


"v=spf1 ?all"

How to Edit DNS Records in Common Domain Providers

Here are some instructions for editing DNS records with popular domain providers. If your service isn't listed here, log in to your provider's site and search their help documents, or contact their customer support team.

Amazon Web Services: Configuring DNS, Resource Record Types

Dreamhost: DNS Overview

GoDaddy: Add a CNAME Record

Google Domains: DNS Basics

Hostgator: Manage DNS records

Hover: Edit DNS Record

Namecheap: SPF & DKIM

Squarespace: Advanced DNS Settings

Stablehost: How do I get to cpanel?

1&1: Domain Guidelines

After records are entered into your DNS correctly, your domain should authenticate within a few moments. In some cases, it may take a bit longer. To complete the process, don't forget to re-open your Mailchimp browser tab or window and click Authenticate Domain.

When authentication is successful, you'll see the Authenticated label next to the domain on the Domains page in your account.

Mailchimp logs and stores your authentication when you set it up. If you make further changes to the TXT or CNAME records after you authenticate your domain, it could interfere with the information we have on file. Before you make further changes, disable authentication on the Domains page, and re-authenticate after your DNS changes are complete.


If you've entered all records correctly and your authentication isn't working right away, there typically isn't a cause for concern. You may need to wait a bit longer (up to 48 hours) since it can sometimes take time for servers to recognize your changes.

If you still experience problems, reach out to your domain provider's help site for tips on troubleshooting DNS records in their service.

Was this article helpful?

Anything else we can do to improve our site?