Mailchimp DKIM setup: authenticate your email domain
Set up Mailchimp DKIM by verifying your domain, publishing Mailchimp's two CNAME records, adding DMARC, and checking authentication status.
Mailchimp DKIM setup happens through Mailchimp’s email domain authentication flow.
Mailchimp’s email domain authentication documentation says manual setup requires DNS changes, including two CNAME records for DKIM and one TXT record for DMARC.
Those records are account-specific. Do not copy CNAME values from another Mailchimp account or from a generic tutorial.
Before you start
You need:
- Access to the Mailchimp account that sends campaigns.
- DNS access for the From domain.
- A verified email domain in Mailchimp.
- A DMARC reporting address if you are publishing DMARC for the first time.
Mailchimp cannot authenticate public mailbox domains like gmail.com or yahoo.com. You need a domain your organization owns.
Step 1: verify the email domain
Before authentication, Mailchimp requires domain verification. This proves you can receive mail at the sender address.
In Mailchimp, go to Account & billing > Domains and verify the email domain if it is not already verified.
Verification and authentication are different. Verification proves access. Authentication publishes DNS records so receivers can trust mail sent through Mailchimp.
Step 2: start authentication
On the Domains page, click Start authentication next to the verified domain.
Mailchimp may offer automatic DNS setup through Entri. If your DNS provider is supported and you are comfortable granting access, that can reduce manual copying mistakes.
For manual setup, choose the manual authentication option and select your DNS provider or Other.
Step 3: publish the DKIM CNAME records
Mailchimp shows two CNAME records. Copy the Host/Name and Value/Points To fields exactly.
They conceptually look like DKIM selectors under _domainkey, but the exact values come from Mailchimp.
| Type | Host | Value |
|---|---|---|
| CNAME | Mailchimp CNAME 1 host | Mailchimp CNAME 1 value |
| CNAME | Mailchimp CNAME 2 host | Mailchimp CNAME 2 value |
Some DNS providers append your domain automatically. If Mailchimp shows k2._domainkey.example.com, your provider may only need k2._domainkey.
Mailchimp specifically warns that doubled hostnames, such as k2._domainkey.example.com.example.com, can prevent authentication.
Step 4: add or review DMARC
Mailchimp’s current flow also prompts for a DMARC TXT record at _dmarc.
If you already have a DMARC record, do not create a second one. Update the existing record only if you need to add a reporting destination.
For first-time monitoring:
v=DMARC1; p=none; rua=mailto:[email protected];
Use the DMARC generator to create a safe value.
Step 5: confirm authentication
Return to Mailchimp and wait for validation. Mailchimp says DNS records often update quickly but can take up to 48 hours.
Once Mailchimp shows the domain as authenticated, send a test campaign to a mailbox you control.
Check the message headers:
- DKIM passes.
- The signing domain aligns with your From domain.
- DMARC passes.
Then use DMARCTrust to check your public DNS and watch reports after the next campaign send.
Common mistakes
Skipping domain verification. Mailchimp requires verification before authentication.
Copying only one CNAME. Publish both DKIM CNAME records.
Creating a second DMARC record. DMARC allows one record at _dmarc.
Using a free mailbox From domain. You cannot authenticate a domain you do not control.
FAQ
What DKIM records does Mailchimp use?
Mailchimp generates two account-specific CNAME records during email domain authentication.
Does Mailchimp need SPF?
For Mailchimp domain authentication, follow Mailchimp’s current DNS flow. DKIM and DMARC are the useful setup targets for DMARC alignment.
How long does Mailchimp authentication take?
Mailchimp says validation can take up to 48 hours, depending on DNS propagation.
