F.A.Q.

What are Klaviyo’s SPF and DKIM records?

  • 30 March 2021
  • 12 replies
  • 2983 views

Userlevel 4
Badge

Klaviyo automatically applies the necessary SPF (sender policy framework) and DKIM (DomainKeys Identified Mail)records when you have a dedicated sending domain set up for your account. When the CNAME records are added to your DNS, a subdomain is created and delegated over to Klaviyo to control and make use of. At this point, Klaviyo automatically adds the necessary SPF/DKIM records to set your account up to send emails using your own dedicated domain. On your end, you only need to add the prescribed CNAMEs; no records are required.

For additional resources, you can learn How to Set up a Dedicated Sending Domain in this article.


12 replies

Userlevel 1
Badge

Awesome!

Badge

If I have the Klaviyo dedicated sending set up, the Klaviyo plugin installed in wooComm and the integration set up in Klaviyo can I use Klaviyo as my SMTP for native WooComm emails or do I still need a separate SMTP?  

Userlevel 4
Badge

Hi @Nuetron! Thank you for your comment. The dedicated sending domain you set up on Klaviyo is only meant for your Klaviyo email sends. Your WooCommerce emails would still need to be sent on a separate SMTP.

Badge

Got it! Thanks for the prompt reply.

I’m currently adding the SPF/DKIM records to my domain for Google Workspace. Haven’t yet configured a dedicated sending domain through Klaviyo. Is there an spf record I can add for now to allow klaviyomail in addition to Google?

Userlevel 4
Badge

Hi @Drewdle81! Nope, we only make use of CNAME records to allow you to authenticate your Klaviyo account to send on your domain. The CNAME record will pass over the subdomain you plan on using to Klaviyo to take control off and send emails from. In doing so, we will automatically apply the necessary SPF and DKIM records onto that subdomain. 

Hi @Drewdle81! Nope, we only make use of CNAME records to allow you to authenticate your Klaviyo account to send on your domain. The CNAME record will pass over the subdomain you plan on using to Klaviyo to take control off and send emails from. In doing so, we will automatically apply the necessary SPF and DKIM records onto that subdomain. 

 

Thank you. Follow up question: Once I have completed the setup for Google Workspace SPF and DKIM for my domain, will my Klaviyo emails be adversely affected since they aren’t specified as a “permitted sender” in the SPF record? Or should that remain the same?

 

I will authenticate the domain through Klaviyo soon, but need to do it at a good time when I can go through the whole warm-up process.

Userlevel 4
Badge

Hi @Drewdle81! The SPF and DKIM records for your Google Workspace will not affect your sending on Klaviyo in anyway. However, if your domain currently have a DMARC policy in place, it will affect your unauthenticated Klaviyo email sends.

Hi @wei.he - question: what is an unauthenticated Klaviyo email send?

Working on an account that is about to set up SPF / DKIM in their Google workspace, and want to know how it’s going to impact their Klaviyo sends. (They’re on a shared domain.) 
 

Userlevel 4
Badge

Hi @Page V, thank you for your question! 

 

An unauthenticated email send is when your email’s From-Address domain does not align with the sending domain that it is sending on. For example, your From-Address is hello@domainA.com while your sending domain is send.domainB.com. This misalignment is often seen as potential spoofing as the sending domain is not authenticated to send on behalf of the From-Address domain and can result in filtering.

 

The SPF/DKIM that you set on your Google Workspace would not impact their Klaviyo send.

 

 

So if I want to use my TLD as I migrate from another ESP. Klaviyo does not allow that TLD to be authenticated with SPF/DKIM? You HAVE to use a sub domain off the TLD? Please advise as that seems counterintuitive to adhering to best practices.   

Userlevel 4
Badge

@American BenchCraft Thank you for your questions!

 

Yes, you would need to authenticate your Klaviyo account to a subdomain of the root domain (TLD) that you are planning to use for your email sends. When you enter in the CNAME records for the subdomain you are planning to use, you are passing over the subdomain to Klaviyo to allow us to place in the appropriate SPF and DKIM records. 

If you authenticated your Klaviyo account with your root domain, your root domain would no longer be pointed at your website, thus, resulting in errors when someone tries to visit your site. 

Do note that if you authenticate your account to a subdomain, your From-Address can still make use of the root domain. For example, if your dedicated sending domain is send.website.com, your From-Address can be hello@website.com. 

Reply