Klaviyo is a marketing automation platform widely used by e-commerce businesses for email campaigns, flows, and SMS. If you're using Klaviyo to send abandoned cart emails, order follow-ups, or promotional campaigns from your domain, proper authentication is essential for deliverability.
SPF Configuration
Klaviyo's sending infrastructure shares IP pools and manages SPF through their domain verification process. Klaviyo primarily relies on DKIM for authentication rather than requiring a separate SPF include.
However, if Klaviyo requires an SPF entry for your account, it will typically be:
Type: TXT
Host: @
Value: v=spf1 include:send.klaviyo.com ~all
Important: Check your Klaviyo account's DNS settings page for the exact records required — Klaviyo has been evolving their authentication approach, particularly in response to Google and Yahoo's 2024 sender requirements.
Verify your total lookup count with the SenderClarity SPF Checker.
DKIM Configuration
Klaviyo's primary authentication mechanism. This is required for DMARC alignment.
- In Klaviyo, go to Settings → Domains (or Settings → Email → Domains).
- Click Add domain and enter your sending domain.
- Klaviyo will provide CNAME records for DKIM:
Type: CNAME
Host: k1._domainkey
Value: dkim.klaviyo.com
Type: CNAME
Host: k2._domainkey
Value: dkim2.klaviyo.com
- Klaviyo may also provide a CNAME for custom return-path:
Type: CNAME
Host: kl._domainkey or similar
Value: (provided by Klaviyo)
- Add all records to your DNS.
- Return to Klaviyo and click Verify.
The exact records may vary — always use the values shown in your Klaviyo dashboard.
DMARC Configuration
Start with monitoring mode:
Type: TXT
Host: _dmarc
Value: v=DMARC1; p=none; rua=mailto:your-address@reports.senderclarity.com; fo=1
Progress to enforcement:
p=quarantine; pct=25p=quarantine; pct=100p=reject
Verification
- Check your SPF record →
- Send a test campaign from Klaviyo
- Check email headers for
dkim=passaligned with your domain - Monitor DMARC reports in SenderClarity
Common Issues
Google/Yahoo sender requirements: Since February 2024, Google and Yahoo require DKIM authentication and DMARC records for bulk senders. If you're sending more than 5,000 messages per day through Klaviyo, you must have all three protocols configured.
Shared sending domain: On Klaviyo's free plan, emails may be sent from a shared domain. Custom domain authentication typically requires a paid plan.
E-commerce platform interactions: If you use Klaviyo alongside Shopify, WooCommerce, or BigCommerce, those platforms may also send email as your domain. Check that each platform's authentication is configured separately, and monitor DMARC reports for any failing sources.
SPF Lookup Impact
| Include | Estimated Lookups |
|---|---|
send.klaviyo.com |
1–2 |
Klaviyo's SPF footprint is lightweight. However, confirm the current required include in your dashboard, as Klaviyo's authentication setup has been evolving.