You've written a great email, built your list properly, and hit send in Mailchimp — but your campaigns keep landing in spam. You've checked your content, avoided spam trigger words, and still the problem persists. The issue almost certainly isn't your content — it's your DNS authentication setup. Here's exactly what's happening and how to fix it.
When you send a campaign through Mailchimp, the emails don't come from your own mail server — they come from Mailchimp's servers on your behalf. This means the receiving mail server needs to verify that Mailchimp is actually authorised to send email for your domain.
If your DNS records aren't set up to authorise Mailchimp, the receiving server sees an email claiming to be from yourcompany.ca but arriving from Mailchimp's IP addresses. That mismatch is a major red flag for spam filters — and it's why your beautifully written campaigns end up in the junk folder regardless of their content.
The three DNS records you need to configure are SPF, DKIM, and DMARC. Most Mailchimp users have heard of these but haven't set them up correctly for their Mailchimp sending specifically.
⚠️ Common misconception Many business owners set up SPF, DKIM, and DMARC for their regular email (e.g. Google Workspace or Microsoft 365) and assume that covers everything. It doesn't. Mailchimp requires its own separate authentication setup in your DNS — and without it, every campaign you send is at risk.
By default, when you send a Mailchimp campaign, the DKIM signature on your email is signed by Mailchimp's domain — not yours. This means the email arriving in your recipient's inbox has a DKIM signature from mcsv.net (Mailchimp's domain), not from yourcompany.ca.
For DMARC to pass, the domain in the DKIM signature needs to match the domain in your "From" address. When Mailchimp signs with their own domain and you're sending from yours, DMARC alignment fails — even if DKIM technically passes.
The fix is to set up custom domain authentication in Mailchimp. This involves adding two CNAME records to your DNS that allow Mailchimp to sign your emails with your domain instead of theirs. Once this is done, DKIM alignment will pass and your deliverability will improve significantly.
💡 Tip The CNAME records Mailchimp gives you look something like k1._domainkey.yourdomain.ca. Make sure you add them exactly as shown — including the subdomain prefix. A common mistake is adding the full host name when your DNS provider already appends your domain automatically, which results in a record like k1._domainkey.yourdomain.ca.yourdomain.ca — double the domain, broken authentication.
Your SPF record tells receiving mail servers which servers are authorised to send email on behalf of your domain. If Mailchimp isn't listed in your SPF record, emails sent through Mailchimp will fail the SPF check.
To include Mailchimp in your SPF record, your TXT record needs to include Mailchimp's SPF include:
v=spf1 include:servers.mcsv.net include:_spf.google.com ~allIf you already have an SPF record for Google Workspace or another email provider, you need to add Mailchimp to the same record — not create a second SPF record. You can only have one SPF record per domain. Having two will cause SPF to fail entirely.
⚠️ The two SPF record mistake This is one of the most common DNS mistakes we see. A business sets up SPF for their Google Workspace email, then later adds Mailchimp and creates a second SPF record. Having two SPF records causes an immediate SPF failure — both records are ignored. Always combine everything into one SPF record.
Even after setting up SPF and DKIM, you may still have DMARC alignment issues if your setup isn't quite right. Here's why:
DMARC requires that the domain in your "From" address matches the domain that passed either SPF or DKIM — this is called alignment. When you send through Mailchimp there are actually two different "from" addresses in play:
| Address type | What it is | Alignment requirement |
|---|---|---|
| Header From | What your recipients see — e.g. hello@yourcompany.ca | Must match DKIM or SPF domain |
| Envelope From | The technical sending address — often a Mailchimp subdomain | Used for SPF alignment check |
Without custom domain authentication, the DKIM signature is from Mailchimp's domain — not yours — so DMARC alignment fails on the DKIM side. And the envelope from address is a Mailchimp subdomain, so DMARC alignment also fails on the SPF side. The result is a complete DMARC failure on every campaign you send.
Once you set up custom domain authentication (the CNAME records described above), Mailchimp signs your emails with your domain's DKIM key — fixing the alignment issue.
DMARC alignment issues with Mailchimp can be tricky to diagnose. I'll audit your full setup and tell you exactly what's wrong — and how to fix it.
Get my Mailchimp issue fixed →Flat fee $200–$500 · 24–48hr turnaround · No login credentials required
This is the most important step. Log into Mailchimp, go to Account & Billing → Domains, and authenticate your sending domain. Add the two CNAME records to your DNS exactly as shown.
Make sure your SPF record includes include:servers.mcsv.net. If you already have an SPF record, add it to the existing one — don't create a second record.
If you don't have a DMARC record, add one. Start with p=none to monitor without affecting delivery:
v=DMARC1; p=none; rua=mailto:dmarc@yourcompany.caAfter a few weeks of clean reports, escalate to p=quarantine and eventually p=reject for maximum protection.
Once your CNAME records have propagated (up to 48 hours), return to Mailchimp's domain authentication page and confirm the domain shows as authenticated with a green checkmark.
Before your next campaign, send a test email through Mailchimp to a mail-tester.com address. Aim for 9/10 or higher. Check that SPF, DKIM, and DMARC all show as passing.
Since February 2024, Google requires valid DMARC alignment for bulk senders — anyone sending more than 5,000 emails per day to Gmail addresses. But even below that threshold, Gmail's spam filters heavily penalise emails that fail DMARC alignment.
If your Mailchimp campaigns are going to spam specifically in Gmail but arriving fine in Outlook or other providers, DMARC alignment failure is almost certainly the cause. Gmail enforces this more aggressively than most other providers.
The fix is the same — set up custom domain authentication in Mailchimp so your DKIM signature uses your domain, and ensure your SPF record includes Mailchimp.
✅ How to check DMARC alignment in Gmail Ask someone with a Gmail account to open one of your Mailchimp emails, click the three dots (⋮) and select "Show original." At the top you'll see a summary showing SPF, DKIM, and DMARC results. If DMARC shows FAIL — that's your problem right there.
Use this checklist before every Mailchimp campaign to make sure your authentication is in order:
include:servers.mcsv.netp=noneI'll audit your domain authentication, SPF, DKIM, and DMARC alignment and tell you exactly what needs to change. No jargon, no guesswork — just a clear written report and step-by-step fix instructions.
Get my setup audited →From $200 flat fee · 24–48hr turnaround · 23 years IT experience