Setup Guide

How to Set Up SPF, DKIM, and DMARC for Mailchimp

Mailchimp is widely used by small and mid-size businesses for email marketing. If you're sending campaigns through Mailchimp using your own domain, configuring SPF, DKIM, and DMARC ensures your messages reach inboxes rather than spam folders — and prevents others from spoofing your domain.

SPF Configuration

Mailchimp's SPF include covers their shared sending infrastructure across all plans.

DNS Record:

Type:  TXT
Host:  @
Value: v=spf1 include:servers.mcsv.net ~all

Combined with other services:

v=spf1 include:_spf.google.com include:servers.mcsv.net ~all

Note: Mailchimp's SPF include is relatively lightweight, consuming approximately 1–2 DNS lookups. Verify your total with the SenderClarity SPF Checker.

DKIM Configuration

Mailchimp supports custom DKIM signing so that your messages are signed with your domain rather than Mailchimp's default domain.

  1. In Mailchimp, go to Account → Domains.
  2. Click Add & Verify Domain and enter your sending domain.
  3. Mailchimp will verify domain ownership via a confirmation email or DNS record.
  4. Once verified, click Authenticate next to your domain.
  5. Mailchimp will provide a CNAME record for DKIM:
Type:  CNAME
Host:  k1._domainkey
Value: dkim.mcsv.net
  1. Add the CNAME to your DNS.
  2. Return to Mailchimp and verify the record.

Once authenticated, Mailchimp will sign outgoing messages with a DKIM signature aligned to your domain.

DMARC Configuration

Start with monitoring mode:

Type:  TXT
Host:  _dmarc
Value: v=DMARC1; p=none; rua=mailto:your-address@reports.senderclarity.com; fo=1

Move toward enforcement after reviewing reports:

  1. p=quarantine; pct=25
  2. p=quarantine; pct=100
  3. p=reject

Verification

  • Check your SPF record →
  • Send a test campaign to an address you control and check the email headers
  • Confirm dkim=pass with your domain (not mcsv.net) in the Authentication-Results header
  • Monitor DMARC reports in SenderClarity

Common Issues

DKIM shows mcsv.net instead of your domain: You haven't completed domain authentication in Mailchimp. Without it, Mailchimp signs messages with its own domain, which won't align with your DMARC policy.

SPF alignment failures in DMARC reports: Mailchimp uses its own return-path domain for bounces. In strict SPF alignment mode (aspf=s), this will fail. Use relaxed alignment (aspf=r, the default) or rely on DKIM alignment for DMARC to pass.

Free plan limitations: Mailchimp's free plan has limited authentication options. Custom DKIM domain authentication may require a paid plan.

SPF Lookup Impact

Include Estimated Lookups
servers.mcsv.net 1–2