NL
Shopify
·Thom
  • Shopify
  • Email
  • Dns

Setting Up Email on Shopify: SPF, DKIM, and DMARC Explained

A practical guide to authenticating your sender domain on Shopify so your transactional emails actually land in the inbox.

Getting Shopify order confirmations and marketing emails delivered reliably comes down to one thing: proving to email providers that you own the domain you're sending from. Without it, your messages end up in spam — or get blocked entirely.

Here's what you need to set up, and why each part matters.

What is email authentication?

When a customer's inbox receives an email that claims to be from [email protected], the receiving server checks whether your domain has authorised that sending source. Three DNS records handle this:

  • SPF — lists which mail servers are allowed to send on your behalf
  • DKIM — adds a cryptographic signature to each message so tampering is detectable
  • DMARC — tells receiving servers what to do when SPF or DKIM fails (monitor, quarantine, or reject)

Shopify requires SPF and DKIM to be in place before it will let you use a custom sender address. DMARC is optional but strongly recommended.

Step 1 — Authenticate your domain in Shopify

  1. Go to Settings → Notifications in your Shopify admin
  2. Under Sender email, click Authenticate your domain
  3. Shopify will show you CNAME records to add to your DNS

Add those CNAME records at your DNS provider (Cloudflare, your registrar, etc.). Changes propagate within minutes on Cloudflare; up to 48 hours on slower providers.

Step 2 — Add a DMARC record

Even if Shopify doesn't require DMARC, mailbox providers increasingly use it as a signal. A minimal policy to start:

_dmarc.yourdomain.com  TXT  "v=DMARC1; p=none; rua=mailto:[email protected]"

p=none means monitor only — you'll receive reports but nothing gets blocked. Once you've reviewed a few weeks of reports and confirmed legitimate mail passes, move to p=quarantine or p=reject.

Step 3 — Verify with our DNS Checker

Once your records are in place, use our DNS Checker tool to confirm SPF, DKIM, and DMARC are resolving correctly for your domain.

Common mistakes

  • Setting SPF twice — DNS only allows one SPF record per domain. If you already have one for another service (e.g. Google Workspace), you need to merge them, not add a second record.
  • CNAME conflicts — you cannot add a CNAME at the root (@) of your domain. The Shopify DKIM records go on a subdomain, so this shouldn't be an issue — but watch for conflicts on mail._domainkey.
  • Not checking propagation — Shopify's admin will show a verification status. If it stays pending, check that the records are actually live using our DNS Checker before assuming something else is wrong.

If you'd rather hand this off, get in touch — DNS and email deliverability setup is something we handle for Shopify merchants regularly.