Jump to content

DMARC AUTHENTICATION ISSUE: Squarespace Customer Notification Emails not passing dkim/spf authentication

Recommended Posts

I've got a problem, we have setup or dmarc settings and have our third-party services like google workspace authenticating just fine. So our customer emails are going through no problem, but our squarespace emails for store purchases are not authenticating. The problem is, if we change our dmarc policy to something like quarantine, that will cause all our store emails to be caught in spam. What SPF and DKIM settings should I add to our custom dns to ensure these emails get delivered?

Link to comment

Request:
We need help obtaining custom SPF and DKIM records for DMARC authentication of emails originating from squarespace representing emails from our domain.

Background:
We've gone through the steps to setup DMARC to protect our domain and prevent spoofing and spam from others. Our third-party solutions, like google workspace, are all passing both DKIM and SPF authentication, however, squarespace sends emails to customers following their checkout (i.e. email receipts, digital downloads). Squarespace calls these Customer Notification Emails and these are very important emails. The issue is that none of these emails, which appear to originate from squarespace.info pass DKIM and SPF authentication.

Issue:
If we update our DMARC policy to "quarantine" or "reject" as is advised to protect your domain, Squarespace Customer Notification Emails will be treated accordingly for not passing authentication and will either be sent to spam or not delivered.

Squarespace Customer Service Response:
Squarespace rep suggested we change the Customer Notification Email sender to no-reply@squarespace.info.

My view of Squarespace's response:
Since having a DMARC policy in the first place is all about building trust in our brand and emails, these emails should come from our domain. Squarespace give us the option to have Customer Notification Emails sent on our behalf using our desired email addresses (our domain). Squarespace should be able to provide us with the necessary DKIM/SPF records required to validate the server from which these emails originate.

Attached is a screenshot that shows that all of our emails from third-party solutions are passing authentication, but 100% of Squarespace is not. We've only been tracking for the last three days, but the only emails not passing authentication are the Squarespace Customer Notification emails.Screenshot2024-02-16093940.thumb.jpg.268f3408ec4cd11cee5480a1a100a512.jpg

Edited by dualr11
typos
Link to comment
  • 2 weeks later...
  • 2 weeks later...
  • 1 month later...

I feel your pain. After reviewing a number of my DMARC reports the vast number of failures are tagged with a SPF DMARC Result fail-aligned with a SPF pass result. DMARC is aligned.

Unaligned DMARC on SPF means that the RFC 5321 & RFC 5322 address domains don’t match.
https://forum.dmarcian.com/t/aws-ses-spf-raw-pass-but-dmarc-fail-unaligned/1646

In my case I have:
Return-Path: 6522.82.c3ba000454eade.f50118645701fc228fe04c024e1fb314@event.a1e0.squarespace-mail.com
From: "Packard Realty" <info@packardrealty.com>

To be in alignment the Return-Path needs to be from my domain packardrealty.com. I currently do NOT see a way to change the Return-Path in Squarespace.

Therefore the only valid DMARC setting is p=none which should allow emails to be delivered with the side effect of also allowing spoofing. This is a major reason DMARC exists.

Hopefully Squarespace can advise on this.

Edited by JoelFRodriguez
typo
Link to comment
  • 3 weeks later...

You should be able to get by with just a DKIM entry.  For any service beyond your own email service, the return path with never be properly aligned.  That's where SPF comes in.  Even if you add the proper SPF record, it will still fail SPF.  With a proper DKIM entry, it should pass. (I'm using a similar method for MailChimp.)

Go with these DKIM entries.

Host: squarespace._domainkey
Value: squarespace-domainkey.squarespace-mail.com

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

×
×
  • Create New...

Squarespace Webinars

Free online sessions where you’ll learn the basics and refine your Squarespace skills.

Hire a Designer

Stand out online with the help of an experienced designer or developer.