There are many things that can be done to minimize the chance of your Mailchimp EDM going directly to your subscribers spam folder. These include not using spammy words (e.g. You’re a Winner! and Viagra)in your email, having enough text in your campaigns, adding necessary DNS SPF and DKIM records for your domain and so on.
A company approached me recently to help in determining why a large proportion of their campaigns were going straight to spam. It transpired that multiple SPF records had been setup for the clients domain; one for the clients email provider (Google Apps) and one for Mailchimp.
To authenticate and verify your domain so that Mailchimp may send reliably on your behalf you perform the following steps:
- Login to Mailchimp.
- Click your name to the top right of the screen.
- Click Profile.
- Click Settings then Verified domains.
- Click View setup instructions.
- Follow the instructions.
In the View setup instructions window you’ll see something like:
Domain Authentication
Authenticate example.com with Mailchimp by modifying your domain’s DNS records. These changes allow your campaigns to appear to come from example.com, instead of from our servers. After you’ve made the required DNS changes, please wait 24-48 hours for the changes to propagate.
DKIM: Create a CNAME record for k1._domainkey.example.com with this value:
dkim.mcsv.net
SPF: Create a TXT record for example.com with:
v=spf1 include:servers.mcsv.net ?all
Adding and amending DNS records does require some experience. Having multiple SPF records for a single domain can cause spam classification issues. My client, who was having Mailchimp campaign delivery issues had the following two SPF records setup on their one domain; v=spf1 include:_spf.google.com ~all (for Google Apps email/Gmail) and v=spf1 include:servers.mcsv.net ?all (for Mailchimp).
I recommended that my client change their SPF records so that they have a single SPF record including both Google Apps email and Mailchimp SPF requirements in a single record thus v=spf1 include:_spf.google.com include:servers.mcsv.net ~all.
Delivery rates are well up.
Hi Gary,
Thanks for the advice on SPF and DKIM records, it definitely clarified how to get these setup.
Unfortunately, since doing so our open rate for our last two Mailchimp newsletters has *plummeted* from about 38% to about 28%, having made no other changes (aside from a very conservative DMARC record which is blocking nothing. We have a huge subscriber base, so this drop is rather substantial in impact.
Have you ever heard of anything like this?
Ralph, I haven’t seen this before. Usually open rates increase once the SPF and DKIM are added. Have your click rates changed?
So far they are up from where they were, but still down about 3-5%.
Here’s something interesting (just a link to a screenshot): http://screencast.com/t/YTisEuryYaE8. This is a screenshot of an email report from Postmarkapp, which compiles a report of DMARC responses.
As you can see, despite adding the SPF records that Mailchimp advises to our DNS records, the overwhelming bulk of them are not passing SPF.
Nearly equally large a number are being sent from domains Mailchimp doesn’t even ask you to add SPF records for: http://screencast.com/t/rzhcwmzZP
Seem strange to you?
– Raplh
Hi Ralph,
Definitely very interesting …
Mailchimp advised me a few months back that ‘The records specifying mcsv.net will cover all of our sending domains’.
Hi Gary,
Thanks for this info! We authenticated the domain and it was approved. The FROM column used to show my name followed by: via mail55.suw11.mcdlv.net. Now, it shows my name, followed by the word UNSUBSCRIBE. Any idea why it is showing Unsubscribe instead of my email address?
Hi Pamela,
Many email readers (e.g. Hotmail, Gmail etc.) now allow for one click unsubscribe from marketing emails. I anticipate this is what you’re seeing.
Thanks! Not the first thing I want at the top, but I guess I’m stuck with it!
Hi, currently I have set up DKIM for g suite and I am looking for ways to fill in DKIM & SPF the right way for G suite and also Mailchimp. So this is what I am thinking:
– Combine google SPF with mailchimp SPF as suggested per the article
– Add DKIM of Mailchimp
My question is the following: is adding Mailchimp DKIM necessary? Also can it hurt deliverability of emails send through g-suite?
After they are filled in is it necessary to set up DMARC?
Ivaylo, I’m a firm believer in DMARC for protecting domain quality (see https://organicweb.com.au/23434/email-marketing/email-spoofing/ ). As Mailchimp SPF isn’t 100% effective because they use a different return-path than your domain (long frustrating story!!!!), it’s necessary to have a Mailchimp DKIM record for your domain so that Mailchimp will pass the DMARC checks. TLDR; yes I recommend SPF, DKIM and DMARC records.
Hi, thanks for the answer. I will create a DKIM for Mailchimp for sure.
I am still waiting for the SPF to propagate it has been almost 15 hours and when I check through gmail (clicking on original message) I still get spf=neutral (google.com: ….. neither permitted nor denied by best guess record for domain of…).
So I will wait some time to see how this sorts out.
Meanwhile I also got some undelivered messages (I am guessing because the spf is still not ready) with the following mistake: 550 Verification failed for…
Delivarability towards Gmail emails and other big hosting providers is OK, but there seems to be a problem with the smaller ones.
Our company’s IT Security department comments that “using an SPF record for a mass mailing provider is an important security issue. In this case, anyone using Mailchimp could be able to send email on behalf of the company which is a big no no…”
Is there any logic to this response?
Hi Doug, there is some logic in the response in regards to SPF records in a very general sense (however the logic/concern doesn’t apply to Mailchimp); an SPF record says to a receiving system that the sending domain has authorised certain servers to send.
In Mailchimp it isn’t possible to send from ‘just any’ domain; the sender has to first verify the domain that they want to send from by responding to an email sent to the domain that the Mailchimp account holder wants to send from i.e. if you want to send from a domain in Mailchimp you need to have access to an email address on the domain from which you’d like to send.
Because of the Mailchimp requirement for domain verification (https://kb.mailchimp.com/accounts/email-authentication/verify-a-domain) it isn’t possible that ‘anyone using Mailchimp could be able to send email on behalf of the company’ (unless your company email has been hacked or there is a malicious employee).
We are having following three SPF records setup on their our domain; v=spf1 include:amazonses.com ~all (for Amazon AES), v=spf1 include:spf.protection.outlook.com -all (Office 365) and v=spf1 include:servers.mcsv.net ?all (for Mailchimp).
Can we combine this as singe record?
v=spf1 include:amazonses.com include:spf.protection.outlook.com include:servers.mcsv.net -all
My doubt is three spf records use different all extenstion, -all, ~all, ?all. Is this work fine if I change all to -all?
Yes, you must combine into a single record. v=spf1 include:amazonses.com include:spf.protection.outlook.com include:servers.mcsv.net -all will work but you may want to change the -a at the end to ~a (it’s up to you).
Note: The ~all at the end is called a soft fail. It means that recipients may accept mail from another server, but it should be viewed with suspicion. If you change it to -all, you are directing the recipient to reject mail from any server other than these. The soft fail approach is safer and recommended. https://mxtoolbox.com/problem/spf/txt-record
I am having the same problem. SPF itself is passing, but DMARC fails it since the “SPF Domain” is …mcdlv.net which is different from the “From Domain”. It is failing because it is “unaligned”
Hi Nate, for DMARC to work, either of SPF or DKIM need to pass. Make sure that DKIM is setup/correct and all will be good in regards to DMARC.
From our DMARC Analyzer account,
I see that MailChimp uses both mcdlv.net and mcsv.net
Do the SPF you suggested to use (servers.mcsv.net)
also include mcdlv.net IPs ?
Yes they do.
Hello Gary, I got an error while trying to change the SPF to v=spf1 include:_spf.firebasemail.com include:servers.mcsv.net ~all
The error is The value is not valid. An error was found in the following part: ~all. Any suggestions? I’m using ionos for my domain
I use firebase for authentication and trying to set up the forgot password email so it comes from my domain instead a generic firebase email. Mailchimp already works well
Never mind, I think I figured it out. No need to publish my previous comment
My DNS record has SFP records which include “mcsv.net”. I also set up DKIM(dkim2.mcsv.net and dkim3.mcsv.net).
Now email which sent by mailchimp’s “signed-by” field changed to my domain.
But still I see “mailed-by: mail122.wdc01.mcdlv.net”. Why that?