Summary
Klaviyo initially handles domain authentication using shared domains or Klaviyo-managed sending domains, automating SPF and DKIM setup for ease of use. However, for long-term deliverability, brand control, and security, transitioning to a custom sending domain with properly configured SPF, DKIM, and DMARC records is strongly recommended. Without these authentication protocols, email service providers may struggle to verify the authenticity of your emails, increasing the risk of being flagged as spam. DMARC enhances security by providing instructions to receiving servers on how to handle unauthenticated emails. Ultimately, proper email authentication improves sender reputation, deliverability rates, and trust with recipients.
Key findings
- Initial Authentication: Klaviyo handles initial authentication through shared or Klaviyo-managed domains.
- Custom Domain Benefits: Custom domains with SPF, DKIM, and DMARC improve deliverability, reputation, and control.
- Authentication Importance: SPF, DKIM, and DMARC are essential for verifying email authenticity and preventing spam.
- DMARC Enhancement: DMARC provides instructions to receiving servers on handling unauthenticated emails.
- Negative Impact Without: Without SPF, DKIM and DMARC deliverability, revenue and relationships are negatively impacted
Key considerations
- Transition Planning: Plan for the transition to a custom domain with proper authentication for sustained deliverability.
- Technical Setup: Follow Klaviyo's instructions for custom authentication setup; it's not just about publishing DNS records.
- Long-Term Strategy: Relying on shared infrastructure is not a sustainable long-term strategy.
- Monitor & Adapt: Continually monitor authentication settings and adapt them to changing requirements.
What email marketers say
7 marketer opinions
Klaviyo initially handles domain authentication using shared domains, allowing users to start sending emails without immediate SPF, DKIM, and DMARC configuration. However, for sustained deliverability, brand reputation, and security, setting up a custom sending domain with proper authentication records is essential. Failure to implement these protocols can severely impact deliverability, revenue, customer relationships, and overall trust in email marketing.
Key opinions
- Initial Handling: Klaviyo handles initial domain authentication through shared domains.
- Custom Domain Importance: Setting up a custom domain with SPF, DKIM, and DMARC is crucial for long-term success.
- Deliverability Impact: Lack of proper authentication significantly harms email deliverability.
- Reputation: Setting up email authentication will improve sender reputation.
Key considerations
- Setup Time: Setting up a custom domain and authentication is a process that requires time and effort.
- Integration: Consider integration with platforms like Shopify when configuring authentication.
- Long-Term Strategy: Relying on shared domains is not a sustainable long-term strategy for email deliverability.
Marketer view
Email marketer from StackOverflow explains that ESPs (like Klaviyo) may allow sending without strict SPF/DKIM/DMARC initially for ease of use, but it’s not a long-term solution. For sustained deliverability and to avoid being marked as spam, domain authentication setup is essential.
18 Aug 2021 - StackOverflow
Marketer view
Email marketer from EmailGeeks Forum explains that Klaviyo initially uses shared sending infrastructure, meaning they handle the domain authentication. Over time, it’s best practice to configure your own dedicated sending domain and authentication to improve sender reputation and deliverability. It’s a process that takes time to set up and warm.
20 Jan 2024 - EmailGeeks Forum
What the experts say
3 expert opinions
Klaviyo uses its own domains to handle authentication when custom authentication isn't configured. The broader email authentication ecosystem (SPF, DKIM, DMARC) significantly improves deliverability and trust by verifying messages and preventing spam/phishing. Using a custom domain with correctly configured SPF, DKIM, and DMARC records is recommended to improve deliverability and sender reputation with ISPs and email providers.
Key opinions
- Klaviyo Authentication: Klaviyo handles authentication with its domains if custom authentication isn't set up.
- Authentication Ecosystem Benefits: SPF, DKIM, and DMARC enhance deliverability and security by authenticating emails.
- Custom Domain Recommendation: Using a custom domain with proper SPF, DKIM, and DMARC records improves sender reputation and inbox placement.
Key considerations
- Following Instructions: Custom authentication requires following Klaviyo's instructions, not just publishing DNS records.
- Proactive Setup: Take the time to set up custom domains with email authentication for long-term deliverability and security.
Expert view
Expert from Word to the Wise explains that using a custom domain and implementing SPF, DKIM, and DMARC can improve email deliverability and reputation. Setting up these records correctly helps ISPs and email providers verify the authenticity of your emails, which in turn can increase the likelihood that your messages will reach the inbox.
20 Oct 2021 - Word to the Wise
Expert view
Expert from Email Geeks explains that the authentication that is passing is likely Klavyio’s domains. Klaviyo will do the authentication if custom authentication isn’t set up. You need to follow their instructions in order to do the custom authentication, it is not as simple as just publishing DNS records.
21 Jul 2024 - Email Geeks
What the documentation says
6 technical articles
Klaviyo automatically handles SPF and DKIM configuration for Klaviyo-managed sending domains, eliminating the need for manual DNS configuration. However, for custom sending domains, manual setup is required. Without SPF, DKIM, and DMARC records, email service providers struggle to verify email authenticity, increasing the risk of messages being flagged as spam. DMARC enhances security by instructing receiving servers on how to handle emails that fail SPF or DKIM checks. SPF records authorize specific mail servers to send emails on behalf of your domain, preventing domain forging, while DKIM adds a digital signature to verify the message's origin and integrity.
Key findings
- Klaviyo-Managed Domains: Klaviyo automatically handles SPF and DKIM for Klaviyo-managed domains.
- Custom Domains Require Setup: Custom sending domains require manual SPF, DKIM, and DMARC configuration.
- Lack of Authentication Risks: Absence of SPF, DKIM, and DMARC increases the likelihood of emails being flagged as spam.
- SPF Prevents Forging: SPF records prevent spammers from forging your domain in the 'From' address.
- DKIM Verifies Integrity: DKIM provides a digital signature to verify the email's origin and that the content hasn't been altered.
- DMARC Enhances Security: DMARC tells receiving servers how to handle emails that fail authentication.
Key considerations
- Domain Choice: Decide whether to use a Klaviyo-managed or custom sending domain based on control and setup requirements.
- Authentication Importance: Prioritize setting up SPF, DKIM, and DMARC for custom domains to maintain deliverability and security.
- DMARC Implementation: Implement DMARC to instruct receiving servers on how to handle unauthenticated emails from your domain.
Technical article
Documentation from Klaviyo explains that if you use a Klaviyo-managed sending domain, Klaviyo automatically handles SPF and DKIM configuration. You don't need to manually configure these records in your DNS settings. However, custom sending domains require manual setup.
22 Oct 2024 - Klaviyo
Technical article
Documentation from SparkPost explains that SPF records specify which mail servers are authorized to send email on behalf of your domain. This helps prevent spammers from forging your domain in the 'From' address. Without an SPF record, your emails are more likely to be flagged as spam.
23 Feb 2025 - SparkPost
Are DMARC records required by Mailgun and Yahoo?
Are SPF, DKIM, and DMARC as important in B2B as in B2C email marketing?
Are SPF, DKIM, and DMARC records necessary for transactional email servers not used for marketing?
How do I properly set up SPF and DKIM records for email marketing, including handling multiple SPF records, IP ranges, bounce capturing, and Google Postmaster Tools verification?
How do SPF, DKIM, and DMARC email authentication standards work?
What are SPF, DKIM, and DMARC, and when are they needed?
