How to Add a DMARC Record for Shopify

If you run a Shopify store with a custom domain, you need a DMARC record to protect your brand from email spoofing and improve deliverability. Shopify sends transactional emails (order confirmations, shipping updates, etc.) on your behalf, so proper authentication matters.

How Shopify Email Works

Shopify sends several types of email from your store's domain:

• Order confirmations and receipts
• Shipping notifications
• Abandoned cart emails
• Customer account emails (password resets, welcome emails)
• Shopify Email marketing campaigns (if enabled)

These emails show your custom domain in the From address, which means SPF, DKIM, and DMARC apply.

Prerequisites

Before adding DMARC:

• A custom domain connected to your Shopify store
• Access to your domain's DNS settings (at your registrar or DNS provider — not in Shopify)
• Shopify's sender authentication configured

Step 1: Verify SPF and DKIM

Before adding DMARC, confirm your existing authentication is working.

Check SPF

Use SPF Record Check to verify your SPF record includes Shopify's sending servers.

Check DKIM

Use DKIM Test to verify DKIM is configured for your domain.

Authenticate Your Sender Domain in Shopify

If you haven't already:

1. In your Shopify admin, go to Settings → Notifications
2. Under Sender email, click your email address
3. Follow the prompts to authenticate your domain
4. Add the DNS records Shopify provides (CNAME records for DKIM)
5. Click Verify once the records are added

Step 2: Create Your DMARC Record

Start with monitoring to make sure everything works:

v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com

Replace dmarc@yourdomain.com with a dedicated email address for DMARC reports.

Use DMARC Creator to customize additional options.

Step 3: Add the DNS Record

You add the DMARC record at your DNS provider, not in Shopify. Shopify doesn't provide DNS management for TXT records like DMARC.

Go to your domain's DNS management:

• If your domain is registered with Shopify: Go to Settings → Domains → Manage domain → DNS settings
• If your domain is at an external registrar: Log in to that provider's DNS settings

Add a TXT record:

Note: Some DNS providers require the full hostname _dmarc.yourdomain.com while others auto-append the domain.

Step 4: Verify Your Record

Wait a few minutes to a few hours for DNS propagation, then verify:

Step 5: Monitor and Enforce

Review Reports (2-4 Weeks)

After adding your DMARC record with p=none, monitor the reports. Look for:

• Shopify's sending IPs passing SPF and DKIM
• Any third-party email services you use (Klaviyo, Mailchimp, etc.) passing authentication
• Unauthorized senders attempting to use your domain

Move to Quarantine

Once reports look clean:

v=DMARC1; p=quarantine; rua=mailto:dmarc@yourdomain.com

Move to Reject

After quarantine runs without issues:

v=DMARC1; p=reject; rua=mailto:dmarc@yourdomain.com

Third-Party Email Services

Most Shopify stores use additional email services. Each needs proper authentication:

Klaviyo

Klaviyo requires you to authenticate your sending domain:

1. In Klaviyo, go to Settings → Domains
2. Add and verify your domain
3. Add the DNS records Klaviyo provides

Mailchimp

1. In Mailchimp, go to Settings → Domains
2. Verify your domain
3. Add their DKIM and SPF DNS records

Other Services

Any service sending email from your domain needs:

• Its sending servers included in your SPF record (or using their own authenticated domain)
• DKIM configured to sign with your domain
• Proper alignment with your From address

Check each service's documentation for their specific DNS records.

Shopify-Managed Domains

If you purchased your domain through Shopify:

1. Go to Settings → Domains in your Shopify admin
2. Click your domain
3. Click DNS settings
4. Add a TXT record with _dmarc as the name and your DMARC value

Shopify's domain management supports TXT records, so you can add DMARC directly.

Troubleshooting

DMARC Record Not Found

• Verify you added the record at your DNS provider (not in Shopify's email settings)
• Check the hostname is _dmarc (not _dmarc.yourdomain.com if your provider auto-appends)
• Wait for DNS propagation

Shopify Emails Failing DMARC

• Verify Shopify's sender authentication is complete in Settings → Notifications
• Check that DKIM CNAME records from Shopify are correctly added
• Make sure SPF includes Shopify's servers

Third-Party App Emails Failing

• Identify which app is sending the failing email (check DMARC reports)
• Configure that app's email authentication
• Some apps send from their own domain — these won't affect your DMARC

Marketing Emails Failing

• If using Shopify Email: authentication is handled automatically
• If using Klaviyo, Mailchimp, etc.: authenticate your domain within that service
• Check the From address matches your authenticated domain

Complete Checklist

• [ ] Shopify sender domain authentication completed
• [ ] SPF verified with SPF Record Check
• [ ] DKIM verified with DKIM Test
• [ ] DMARC TXT record added at _dmarc.yourdomain.com
• [ ] Record verified with DMARC checker
• [ ] Third-party email services authenticated (Klaviyo, Mailchimp, etc.)
• [ ] Monitoring reports for 2-4 weeks before enforcing

Monitor Your DMARC Records

Checking once is good. Monitoring continuously is better. The Email Deliverability Suite watches your SPF, DKIM, DMARC, and MX records daily and alerts you when something breaks.