Summary
To ensure reliable deliverability for Klaviyo and BigCommerce transactional emails, prioritize proper configuration of SPF, DKIM, and DMARC. Begin by setting up SPF and DKIM records in your DNS with values provided by Klaviyo. For SPF, include all authorized sending sources, staying mindful of the 10 DNS lookup limit. DKIM involves key generation and DNS publication. Implement DMARC, starting with a 'p=none' policy to monitor traffic before gradually increasing restriction. Consider using dedicated sending domains and ensure all websites use TLS encryption. Validate your setup using tools like Mail-tester.com. Transactional emails require the same level of authentication as marketing emails, and be aware of how subdomain DMARC policies interact with the root domain.
Key findings
- Authentication: SPF and DKIM authentication are critical; prioritize DKIM if choosing only one.
- DMARC: Implement DMARC gradually, starting with 'p=none' to avoid blocking legitimate emails.
- SPF Record: Include all authorized sending sources in your SPF record, staying within the 10 DNS lookup limit.
- SSL/TLS: Use SSL/TLS on all websites.
- Validation: Test SPF, DKIM and DMARC using available tools.
Key considerations
- ISP Filtering: Some ISPs reject emails without DKIM.
- Subdomains: Be mindful of the interactions between DMARC for the root domain and subdomains.
- Dedicated Domains: Consider using dedicated sending domains for transactional emails.
- BigCommerce Reliance: BigCommerce relies on email providers like Klaviyo to handle authentication.
- DMARC Policy Impact: Improper DMARC deployment can cause delivery issues.
What email marketers say
11 marketer opinions
To properly configure SPF, DKIM, and DMARC for Klaviyo and BigCommerce transactional emails, it's crucial to authenticate your sending domains. This involves creating SPF records that include all authorized sending sources, such as Klaviyo and any other third-party email services, and DKIM records for email signing. Implementing DMARC with a gradual policy shift from 'p=none' to 'p=reject' helps protect against spoofing. Using dedicated sending domains, deploying SSL, and validating sending subdomains are also recommended. Tools like Mail-tester.com can be used to verify the setup.
Key opinions
- Authentication: Full SPF and DKIM authentication and alignment are beneficial for deliverability.
- DMARC Policy: Implement DMARC, starting with a 'p=none' policy and gradually moving to 'p=reject'.
- SSL Deployment: Deploy SSL on all possible domains and subdomains.
- Website Validation: Ensure sending domains resolve to a legitimate website.
- Multiple Services: When using multiple email services include all authorized sending sources in SPF record.
Key considerations
- ISP Rejection: Some ISPs might reject emails without DKIM.
- DMARC Risks: Incorrect DMARC implementation can cause delivery issues.
- Dedicated Domains: Using dedicated sending domains can isolate reputation.
- SPF Limit: Avoid exceeding the 10 DNS lookup limit in SPF records.
- Testing: Use tools to validate SPF, DKIM, and DMARC setup.
Marketer view
Email marketer from Mailerlite explains that DMARC helps protect your brand from email spoofing and phishing attacks. By implementing DMARC, you instruct email providers on how to handle emails that fail SPF and DKIM checks, reducing the risk of malicious emails being sent from your domain.
13 Mar 2022 - Mailerlite
Marketer view
Email marketer from EmailGeek Forum explains that start with a DMARC policy of 'p=none' to monitor your email traffic and identify any issues with SPF and DKIM. Then, gradually move to 'p=quarantine' and eventually 'p=reject' once you are confident in your email authentication setup.
8 Aug 2021 - EmailGeek Forum
What the experts say
7 expert opinions
Configuring SPF, DKIM, and DMARC for Klaviyo and BigCommerce transactional emails requires careful attention to authentication and alignment. While spam filters may not directly prioritize SPF or DKIM, they contribute to building a positive sender reputation. Either SPF or DKIM alignment is essential, with DKIM being the preferred option. Transactional emails need as much authentication as marketing emails. Subdomain interactions with root domain DMARC policies need consideration. Avoid exceeding the SPF 10 DNS lookup limit, and start with a 'p=none' DMARC policy to monitor traffic before implementing stricter policies. Ensure all websites use TLS encryption.
Key opinions
- Authentication Importance: SPF and DKIM are crucial for building a positive sender reputation, even if spam filters don't directly rely on them.
- DKIM Preference: Prioritize DKIM alignment if choosing between SPF and DKIM.
- Transactional Email Authentication: Ensure transactional emails are authenticated as strongly as marketing emails.
- TLS Encryption: All websites should use TLS encryption.
Key considerations
- Subdomain DMARC: Consider interactions between DMARC policies for the root domain and subdomains.
- SPF Lookup Limit: Avoid exceeding the 10 DNS lookup limit in SPF records to prevent failures.
- DMARC Deployment: Start with a 'p=none' DMARC policy and monitor traffic to avoid blocking legitimate emails.
Expert view
Expert from Spamresource explains that for SPF records it's important to understand the 10 DNS lookup limit. Including too many services in your SPF record can cause it to exceed this limit, leading to SPF failures.
24 Jan 2025 - Spamresource
Expert view
Expert from Email Geeks shares you shouldn’t be deploying any website that’s not using TLS as it’s 2020, certificates are free.
6 Jan 2023 - Email Geeks
What the documentation says
5 technical articles
Configuring SPF, DKIM, and DMARC for Klaviyo and BigCommerce transactional emails requires setting up SPF and DKIM records in your DNS settings using TXT records with specific values provided by Klaviyo. DKIM involves generating a private key, signing emails, and publishing the public key in DNS. Microsoft recommends Powershell and CNAME records for DKIM configuration. BigCommerce relies on the email provider (like Klaviyo) for authentication. DMARC records define policies (none, quarantine, reject) for handling authentication failures.
Key findings
- SPF/DKIM Setup: Klaviyo requires setting up SPF and DKIM records via TXT records in DNS.
- DKIM Key Generation: DKIM involves generating a private key and publishing a public key in DNS.
- DMARC Policy: DMARC records specify policies for handling email authentication failures.
Key considerations
- BigCommerce Reliance: BigCommerce relies on the chosen email provider (e.g., Klaviyo) for SPF/DKIM management.
- Microsoft DKIM: Microsoft DKIM setup may require Powershell and CNAME records.
Technical article
Documentation from AuthSMTP shares that DKIM involves generating a private key, using it to sign your emails, and then publishing the corresponding public key in your DNS as a TXT record. This allows receiving servers to verify the authenticity of your emails.
26 Mar 2024 - AuthSMTP
Technical article
Documentation from BigCommerce explains how to set up transactional emails. While they don't manage SPF/DKIM they recommend ensuring that your chosen email provider (like Klaviyo) has proper authentication in place.
3 Mar 2023 - BigCommerce
Are SPF, DKIM, and DMARC records necessary for transactional email servers not used for marketing?
How can I ensure email compliance with Yahoo/Google rules including DMARC, SPF, and FcrDNS?
How do SPF, DKIM, and DMARC affect email deliverability with Cvent?
How do SPF records and DKIM keys work with multiple email services like Klaviyo and Shopify?
How do I properly set up SPF and DKIM records for email marketing, including handling multiple SPF records, IP ranges, bounce capturing, and Google Postmaster Tools verification?
What are SPF, DKIM, and DMARC, and when are they needed?
