Summary
When utilizing multiple email services such as Klaviyo and Shopify, it is crucial to properly configure both SPF and DKIM records to ensure optimal email deliverability and prevent spoofing. Each service requires its own DKIM key, and these keys must be set up correctly in the DNS records, utilizing unique selectors for differentiation. Although some sources suggest separate SPF records for each platform, the prevailing guidance indicates that a single SPF record that includes all authorized sending sources—using the 'include:' mechanism for each service—is the correct approach. The SPF record should be placed in a TXT record within the DNS settings and pertain to the bounce or Return-Path domain. It's essential to avoid exceeding the SPF 10 DNS lookup limit and to adhere to SPF syntax guidelines outlined in RFC 7208. Furthermore, implementing DMARC is critical for compliance with evolving email authentication standards and for instructing recipient servers on handling unauthenticated mail. For Klaviyo, prioritizing DKIM configuration is especially important.
Key findings
- Unique DKIM Keys per Service: Each email service requires a unique DKIM key, ensuring proper authentication.
- Single SPF Record with Includes: Use a single SPF record including all services via 'include:' mechanisms to authorize sending sources.
- SPF and DKIM Importance: Properly configured SPF and DKIM records are essential for email deliverability and reducing spoofing.
- DMARC Implementation: DMARC should be implemented to ensure compliance with authentication standards and manage unauthenticated mail effectively.
- Klaviyo DKIM Priority: For Klaviyo, DKIM plays a particularly important role in authentication and deliverability.
Key considerations
- SPF Record Syntax: Adhere to RFC 7208 guidelines for accurate SPF record syntax.
- DKIM Selector Uniqueness: Use unique DKIM selectors for each email service to prevent conflicts and authentication failures.
- SPF Lookup Limit: Manage your SPF record to stay within the 10 DNS lookup limit and avoid authentication issues.
- Bounce Domain Configuration: Configure SPF records for the bounce or Return-Path domain, which may differ from the header domain.
- DNS Propagation Time: Allow sufficient time for DNS record changes to propagate fully to avoid temporary authentication failures.
What email marketers say
10 marketer opinions
When using multiple email services like Klaviyo and Shopify, proper configuration of SPF and DKIM is crucial for maintaining email deliverability. Each service requires its own DKIM key, and these keys must be correctly set up in the DNS records, using unique selectors to differentiate between services. The SPF record should include all authorized sending sources, using 'include:' mechanisms for each ESP. While multiple SPF records are not allowed, a single SPF record should include all authorized sending services. It's important to avoid exceeding the SPF 10 DNS lookup limit when adding multiple services. DMARC should also be configured to ensure compliance with new email authentication requirements.
Key opinions
- Unique DKIM Keys: Each email service (Klaviyo, Shopify, etc.) must have its own DKIM key.
- Single SPF Record: A single SPF record should include all authorized sending services using 'include:' mechanisms.
- DNS Lookup Limit: Avoid exceeding the SPF 10 DNS lookup limit by efficiently managing SPF records.
- DMARC Importance: Implementing DMARC ensures proper authentication and compliance with new email requirements.
Key considerations
- SPF Syntax: Check the specific SPF syntax required by each email service provider's documentation.
- DKIM Selectors: Use unique selectors for each DKIM key to differentiate between email services.
- Authentication Alignment: DKIM should ideally align with the header 'from' domain.
- DMARC Policy: Implement a DMARC policy to tell receiving servers how to handle unauthenticated mail.
Marketer view
Marketer from Email Geeks shares that SPF is for the smtp from domain/return path, not the header domain. DKIM can be anything, but ideally should align with the header.
30 Aug 2024 - Email Geeks
Marketer view
Marketer from Email Geeks explains that one SPF record is needed for each domain used as the bounce/Return-Path domain, listing the services sending from that domain. Each service signing mail will produce a DKIM key, with the number of DKIM keys depending on Klaviyo's signing setup.
21 Mar 2022 - Email Geeks
What the experts say
4 expert opinions
When using multiple email services like Klaviyo and Shopify, it's critical to have the correct DNS entries for each service to avoid deliverability issues. Each platform should ideally have its own SPF record, and you cannot use the same bounce string for different ESPs. For Klaviyo, DKIM is particularly important for authentication and deliverability.
Key opinions
- Separate SPF Records: Ideally, each platform should have its own SPF record.
- Unique Bounce Strings: You cannot use the same bounce string for multiple ESPs.
- DKIM Importance for Klaviyo: DKIM is particularly important for authentication and deliverability when using Klaviyo.
- Correct DNS Entries: It's essential to ensure that the appropriate DNS entries for authentication are in place for each ESP.
Key considerations
- Bounce Domain: The bounce domain might not match the main domain, which can impact SPF configuration.
- Deliverability: Incorrect DNS configurations for multiple ESPs can lead to deliverability problems.
Expert view
Expert from Email Geeks explains that there should be different SPF records for each platform, and the bounce domain might not match the main domain.
23 Feb 2024 - Email Geeks
Expert view
Expert from Word to the Wise explains that when using multiple ESPs, you need to make sure that the appropriate DNS entries for authentication are in place for each service to avoid deliverability issues.
22 Mar 2023 - Word to the Wise
What the documentation says
4 technical articles
When using multiple email services like Klaviyo and Shopify, both SPF and DKIM records play critical roles in email authentication. SPF records, published as TXT records in your DNS settings, list authorized sending sources for your domain. For multiple services, include mechanisms like 'include:' for each one. DKIM involves adding keys generated by each service to DNS records, ensuring the correct key length and selector usage. Proper SPF configuration prevents spoofing by verifying that emails claiming to be from your domain are actually sent by authorized servers.
Key findings
- SPF Records List Authorized Sources: SPF records list authorized sending sources for your domain, preventing email spoofing.
- TXT Record Type: SPF records are implemented using a TXT record in your DNS settings.
- Multiple DKIM Records: Multiple services require multiple DKIM records, each with the correct key length and selector.
- Include Mechanism for SPF: Use the 'include:' mechanism in your SPF record to authorize multiple email services.
Key considerations
- SPF Syntax: Adhere to the syntax as laid out in RFC 7208 for SPF record format.
- DKIM Key Length and Selectors: Ensure correct key length and selector usage for DKIM to avoid authentication issues.
- DNS Propagation: Allow sufficient time for DNS changes to propagate after adding or modifying records.
Technical article
Documentation from Google Workspace Admin Help explains that an SPF record lists authorized sending sources for your domain. When using multiple services, the SPF record should include mechanisms (like 'include:') for each service to indicate they are permitted to send emails on behalf of your domain. The SPF record should be placed in a TXT record in your DNS settings.
31 Jul 2021 - Google Workspace Admin Help
Technical article
Documentation from Microsoft explains the importance of the sender policy framework(SPF) record for email authentication. SPF records allows mail systems to verify that mail claiming to come from your domain really is coming from your domain. This helps prevent spoofing. A valid SPF record requires that you use a TXT record type and that the SPF record itself must adhere to the syntax as laid out in RFC 7208
17 Apr 2022 - Microsoft
Can I use the same sending domain with multiple ESPs?
Do I need multiple DKIM records if I use multiple ESPs like HubSpot, Sendgrid and ActiveCampaign?
Do SPF and DKIM records need to be aligned for all email service providers?
How can I optimize my SPF record to stay within the lookup limit when using multiple email sending services?
How do I properly set up SPF and DKIM records for email marketing, including handling multiple SPF records, IP ranges, bounce capturing, and Google Postmaster Tools verification?
How do I set up an SPF record when using multiple email sending services?
How do I set up SPF and DKIM records for new subdomains when using third-party email services?
How do SPF, DKIM, and DMARC affect email deliverability with Cvent?
