This visual guide shows you (step-by-step) how to authenticate a domain name on MailChimp while using CloudFlare as your DNS manager (free plan). The solution includes a workaround for the CNAME flattening problem.
If you are trying to authenticate your domain name on MailChimp so that your domain appears in the "from" field of MailChimp emails, this guide answers that question completely. The visual guide includes mostly pictures to walk you through the entire process.
If you are tech savvy and know what you are doing then the TL;DR version below will suffice.
If you are not experienced with DNS zone files or nervous about breaking something, I recommend reading the entire guide. If you like, you can skip the preface and go directly to the steps portion.
If you need help or found something wrong with my guide, please leave a comment at the bottom and I will try to address it.
TL;DR Version: How to authenticate your domain on MailChimp using CloudFlare
Below is a table of steps for how to complete the domain authentication quickly and easily.
I recently set up a new personal MailChimp account to send mass emails to people on my list. To keep my email inbox tidy and avoid too many replies in my personal inbox I set up a generic email address through my domain - bobandedovic.com.
I also wanted to have MailChimp show my @bobandedovic.com email address to recipients of my emails. When I sent out my first test email, I noticed that the emails didn’t come from my domain name. Instead, they came from a default MailChimp server address: “mail192.atl81.rsgsv.net.”
Example of a MailChimp email without domain verification
I went to my MailChimp dashboard to address this and saw that there was a whole domain verification process you had to go through. Basically, MailChimp asked for two things in order to verify the domain name belongs to me:
- Verification. Verification is simply confirming that the domain name that you are sending emails from belongs to you. This is a simple process of clicking a confirmation link in your email from the intended @domainname.com address.
- Authentication. This step proved to be a little more tricky. They asked me to create a few DNS records to prove that I also have control over the domain name.
The following guide will explain step-by-step how to verify and authenticate your domain name while using CloudFlare, a popular DNS manager.
Why you should authenticate your domain name for MailChimp
I debated whether it was worth the trouble in the first place to authenticate it, so I did more research and found out that it was a really good idea indeed. Here are the main reasons why you should authenticate your domain name (some information from MailChimp included).
- Domain authentication improves the likelihood that your emails will be sent to your recipients in the first place (and not in spam or junk folders)
- The authentication acts as a “license plate” for your sent email and ensures you are a legitimate party
- It removes the default MailChimp server information (as seen in the first screenshot) Domain authentication helps brand your emails with your domain name, boosting credibility
Email providers are beefing up security standards
Additionally, popular emails clients such as Gmail are starting to take email related verification and security very seriously. In February of 2016 Google rolled out padlock alerts in Gmail, which is designed to tell users that the email address of the sender is not encrypted using TLS.
As the image shows, emails that don’t pass Google’s encryption standards show the red “?” and may display a warning when you try to reply. If you try to send mail and the sender is unverified, the person’s inbox may show an additional warning:
When users get inbox warnings like this they will be less likely to open your emails (if they see them at all). Additionally, users that are not email savvy may report it as phishing - which will surely hurt your email open rates.
The drawbacks of other guides I tried to solve this problem
Before taking the time to write this post, I tried to follow the other guides I could find online about how to add these records and authenticate the domain name in MailChimp. Let’s review what other guides have instructed about doing this.
MailChimp’s KB Article
MailChimp’s KB article on setting up custom domain authentication is pretty comprehensive, but it doesn’t take into account the nuances of CloudFlare’s DNS defaults and settings.
CloudFlare’s support articles on adding DKIM and SPF records
CloudFlare’s documentation (for SPF records and DKIM records) also include step-by-step instructions on adding these records, but it fails to mention one important nuance related to CNAME flattening (which is important for MailChimp setup).
Simon East’s MailChimp DKIM verification guide
Simon East published a post on Medium where he detailed steps to bypass the CNAME problem that CloudFlare has with domain name verification. However, the steps in his post don’t apply to free CloudFlare users because free users don’t get CNAME options.
I must admit that I thought Simon's post was the best I read and it did give me enough information to find the remainder of the solution. Hats off to Simon!
Steps to authenticate your domain name in MailChimp using CloudFlare (free plan)
As I mentioned in the title of the post, this guide applies to users who use CloudFlare as their DNS provider. However, this guide may work for other DNS providers as well. If you are using CloudFlare Pro or higher, you can skip step 5a.
Step 1: Log into MailChimp and verify your email address
The first thing you need to do is log into MailChimp.com by going to their website and clicking the “Log in” button on the top-right of the screen.
Next, click on your name on the top-right and a drop-down menu will appear where you have to click on “Account.”
Once you are on your account dashboard, click Settings > Verified Domains.
Then, click on “Verify A Domain” at the bottom of the page.
In the popup, enter the email address you have access to and ensure it has the correct domain name that you want to verify (@yourdomain.com).
After clicking "Send Verification Email", go to your email and find the email from MailChimp Account Services. There should be a code at the bottom. You can now verify your email address in one of two ways:
- 1. Click the “Verify domain button”
- 2. Copy and paste the verification code into MailChimp
The pictures below shows both ways of doing it.
Either way you choose, it does the same thing.
At this point, you should be on the MailChimp account > domains page and you should see a green checkmark next to the “verification” list item. This means that your email is verified and it’s time to move on to the authentication portion.
Step 2: Begin the process of domain “authentication”
On the same screen as before, click on the “View setup instructions” button and another popup will come up. It will ask you to authenticate your domain by entering two records in your DNS zone file:
- DKIM: CNAME entry for k1._domainkey.yourdomain.com
- SPF: TXT record for yourdomain.com
If you try to click authenticate without taking any action, you will see the following error:
So, we now have to log into CloudFlare and set up the required records.
Step 3: Log into CloudFlare and go to DNS settings
Go to CloudFlare.com and click the “Login” button on the top-right of the screen.
Once you are logged in, click on the blue “DNS” icon in the top menu area:
You should now be looking at the DNS page as shown below:
A few words of caution
DNS zone records are extremely important for your website to work properly, so if you don’t know what you are doing do not click anything other than what is listed in this guide. You can break something and if you don’t know how to fix it ASAP you may be in some trouble.
Additionally, if you have a stranger helping you set this up and they ask for your zone file never send them your origin IP address (internet address where your server is). Always redact it, otherwise someone can DDoS you and CloudFlare won’t be able to “stand in front of your site.”
Finally, never disable the orange cloud on the record where your server IP address is. This is how CloudFlare hides it for you in the first place.
Step 4: Enter the correct DNS records into CloudFlare’s zone file
Now it’s time to enter your new DNS records that MailChimp previously provided you. For your convenience, the records are displayed below. Just replace “yourdomain.com” with the actual domain name you verified in the email step.
MailChimp domain authentication - DNS records
Use the DNS values below when entering them into CloudFlare. Do NOT use a TXT record for the DKIM value and do NOT use an SPF record for the SPF value (use TXT instead).
||v=spf1 include:servers.mcsv.net ?all
Step 4a. Entering the DKIM record
For the DKIM record, select CNAME from the add record part of the page and enter your values. It should look like this before you click “Add Record.”
Once you have added it, click the little orange cloud on the right. After you click it, it should be gray.
Important note: When you enter CNAME records in CloudFlare the second half of the “Name” portion doesn’t get displayed. I initially thought that CloudFlare was stripping out the “yourdomain.com” portion, but it just truncates the entry.
To verify this is the case, you can click on the black “X” next to the records and you will see a confirmation box that lists the entire record.
You can safely click Cancel on this screen.
Now, some guides say that you don’t have to enter a CNAME record for DKIM values and can use a TXT record instead. I tried this and it did not work, so stick with the CNAME.
Step 4b. Entering the SPF record
For the SPF record, select TXT from the add record part of the page and enter your values. It should look like this before you click “Add Record.”
CloudFlare lists SPF as an option in the record type. Do not select SPF as the record type. I tried it and it did not work. Once you entered the correct value, click "Add Record" and you are completed with this portion.
You may think that you are done, but when you try to verify your new records through MailChimp, you may receive this fatal error.
This is because we are not done yet. There’s a few more steps to go through.
Step 5: Disable CNAME flattening
This is the part that most guides neglect to mention. You have to disable CNAME flattening through CloudFlare. It turns out that CloudFlare started flattening CNAMEs by default as of March 31, 2014. You can read their blog post about it here.
So, you have to go back to CloudFlare’s DNS page and scroll down to the bottom portion where it says CNAME Flattening. It should look like the image below:
Skip this step if you are already on CloudFlare Pro (or above): If you are already a CloudFlare Pro or above user, you can skip 5a and go directly to 5b.
If you are like me, you didn’t see any options there. If you are a CloudFlare free user then you don’t have CNAME controls like the other plans do (tricky, huh?).
I did not find a workaround for bypassing this on the free tier, so here is my recommendation: sign up for a CloudFlare Pro account ($20/month) and downgrade after you have completed MailChimp’s verification.
MailChimp’s verification seems to stick even after you downgrade (and revert back to CNAME flattening).
5a. Free users only - sign up for CloudFlare Pro and downgrade later because you only have to authenticate the domain once
Now, as a free user you don’t have any CNAME options at your disposal. So, you need to go through the steps to sign up for a Pro account.
Click on the pricing page and select GET PRO from the options table to start the checkout process. If you are already logged in to CloudFlare and are redirected back to the “Overview” page, scroll down to the bottom under Subscription and click on the blue “Change Plan” button on the right.
Go through the three steps of the checkout process and get back to your DNS page.
Now that you are a CloudFlare Pro user, you can head back to the DNS page and scroll down to the bottom CNAME Flattening portion.
5b. Change your CloudFlare DNS settings to “Do not flatten CNAMEs”
Now, from the CNAME options drop-down, select “Do not flatten” as your option. The changes save automatically so there is nothing else you need to do.
Step 6: Confirm proper settings
Before moving forward, let’s confirm that you have done everything correctly. Below is the checklist you should go through to ensure that you are ready for MailChimp to run its authentication.
- 1. CNAME record with gray cloud
- 2. TXT record (NOT SPF) with SPF value
- 3. CNAME flattening is disabled
If you have confirmed that everything is correct, head back over to MailChimp’s domain authentication page and click “Authenticate Domain.”
If you entered everything correctly, clicking the button should close the popup and you should see a green checkmark next to the “Authentication” list item.
If this worked for you, then skip to step 7 for the last item.
Troubleshooting: You may have to wait between 5 to 60 minutes for the DNS changes to propagate
This was a problem for me, so you may need to wait some time. I conducted several experiments to see how long it takes to authenticate after changing the CloudFlare settings to the right ones.
DNS propagation with the right settings took between 5 - 60 minutes after doing several tests.
So, if it didn’t work initially just grab a coffee or call your mother to pass the time. After time has passed, try it again and it should work.
Important note: If you are impatient like me and tried to change the settings on CloudFlare back and forth (over and over again), it will just take longer. You are better off trying the solution with the wait time.
Step 7: Flatten CNAME again
Great, you have authenticated your domain name! But don’t leave just yet, we have to do some security-housekeeping first. Keep in mind that CloudFlare has default and recommended security settings for a reason: to keep your website safe.
So, you should go back to your CloudFlare DNS page and do the following two items:
- Click the orange cloud next to your newly created CNAME entry to flow the traffic through CloudFlare and not the IP address
- Flatten CNAMEs again by selecting it from the CNAME drop-down
Note that doing this will not break the authentication from MailChimp. This may change in the future, but as of this writing it works.
Now, you have the option to downgrade to CloudFlare free again, and I believe that they will only pro-rate your charges for a day out of the month (not sure though). However, I strongly recommend any person serious about their website to use CloudFlare Pro.
Here are some good reasons to keep it:
- Page rules: You get an upgrade from 3 to 20 twenty page rules. These are really handy for quick 301s and other settings. Cache bypass is great while projects are in development mode for example.
- Web application firewall: This is great for security.
- Image optimization with Polish: This is a nice speed feature.
- Faster support: Median two-hour support reply as opposed to 13 hours.
- And more…
You can compare the features here, but I strongly recommend sticking with the Pro plan.
So, you are now done with the guide. When you blast your next email campaign your recipients will surely see a beautiful “from” value:
Help me improve this guide
If you liked this guide, consider helping me improve it by leaving a comment at the bottom. If there was a mistake or something didn’t work correctly, let me know as well so that I can update this guide for other people to use.
If you liked this post and would like other useful ones, please consider signing up for my email newsletter and .