Shopify tips: Setting up DMARC on your e-mail address

Introduction

It has become a requirement of Shopify that if you want to use your own e-mail address with store notifications to customers (e.g. order confirmations and dispatch notifications) it must be DMARC compliant. Although this will seem like a hassle it's actually a good thing as we surely all want our e-mail to be as secure as possible - we don't want someone that isn't us sending e-mails using our address and posing as us. DMARC helps with that.

Diagnostic tool

You could use this tool before and after you make changes, to check up on how the DNS for your e-mail is looking - good or bad! You simply enter your domain into a box and it'll spit out a report: mxtoolbox.com/SuperTool.aspx

Before you change anything

Following the instructions on this page will involve making changes / additions to the DNS entries for the domain where your e-mail address lives. Before making any changes it is always advisable to keep a record of the current settings so that you can quickly and easily change them back if you experience any unexpected or undesired consequences of the changes you make. Then you'll be back where you were beforehand and not left in a panic.

Keeping a copy of the settings before you start making changes could involve you copying and pasting everything into a file to keep (a screenshot might not capture everything e.g. if it continues past what you can see in a text entry box, and you can't necessarily copy and paste the text from a screenshot making it harder to re-instate if you need to).

Ready?

In the notifications area of the Shopify admin system is the e-mail address your store will use to sent notifications to customers. It's this e-mail address (not necessarily the one you use to login to your Shopify store) that needs DMARC set up (although I would recommend setting up DMARC for all your e-mail domains as a matter of course).

Shopify notifications e-mail screenshot

For the purposes of these instructions I will use the e-mail address:

hello@myshopifystore.com

...for my examples. Obviously you should replace this with your own e-mail address. Similarly with the domain used in it:

myshopifystore.com

Go to your domain management at the place that hosts your domain (in our example, the place that hosts myshopifystore.com for you).

DMARC relies on one of two methods for it to work. We will be using the spf method. Look for a DNS entry similar to this amongst your entries:

myshopifystore.com TXT v=spf1 +a +mx include:shops.shopify.com ~all

What you're specifically looking for is an entry of type TXT where the content begins v=spf1. You should find one entry. You don't want more than one entry, so if you already have an entry it might need adjusting, and if you don't have an entry at all you will need to add one. To know what to do you need to understand a bit about what this entry does.

The spf DNS record basically specifies which places are authorised to send e-mail from e-mail addresses at your domain - so any e-mail addresses you have @myshopifystore.com. You will probably want two places specified:
1. Shopify (so that it can send notifications to your customers on your behalf e.g. order confirmation and dispatch notification).
2. The mail server where your e-mail is hosted - where you read and reply to your e-mail.

It may be that you find you already have an existing spf DNS entry, but it doesn't include the Shopify server, only your e-mail hosting server, for example:

myshopifystore.com TXT v=spf1 +a +mx include:my.email.hosting ~all

You can easily edit this to include both by adding another "include" with the Shopify information, so the above line would become:

myshopifystore.com TXT v=spf1 +a +mx include:my.email.hosting include:shops.shopify.com ~all

Make that change and you're then ready to enable DMARC. If you don't already have an spf entry though you'll need to add one. But, you'll need to contact the place where your e-mail is hosted to find out what you should put instead of "my.email.hosting" for the spf entry for them - so that you can continue to reply to and send e-mail. Once you know that information you can add the new DNS entry to match the one detailed just now - with both your hosting and Shopify included.

Now you can add your DMARC DNS record. It should be of type TXT and look like this when complete:

_dmarc.myshopifystore.com TXT v=DMARC1; p=quarantine; rua=mailto:hello@myshopifystore.com

The e-mail address is where any automatically generated DMARC reports can be sent. In this entry we have specified that e-mails that fail the DMARC check will be quarantined / sent to a spam or junk folder, but if you're feeling brave you can say p=reject instead of p=quarantine and the e-mails will be completely rejected. If you like the sound of reject than you might want to try quarantine for a while first just to be confident things are working correctly before going for the uncompromising reject!

(If you need to enter a number for TTL for your DNS record please don't worry about this, just use the default value that is filled in - it is simply a value of time - or a number like 3600 or 86400 will both be fine.)

You've finished. You should now have these two records in your DNS (and only one of each):

e-mail DNS entries for spf and DMARC

Remember that changes might not take affect immediately (although they can), and that you can use the diagnostic tool I mentioned at the start to help check on the changes you've made.

Found this useful?

If this guide has helped you - saving you time, money (in employing someone to do it for you) or stress, please consider buying me a coffee via Ko-Fi as a thank you, as you might if a friend helped you out. Thank you :)

If you want to suggest other things you'd like me to write a Shopify guide about please do let me know.

 

Back to blog

Leave a comment

Please note, comments need to be approved before they are published.