authenticating MailChimp?

ClubMilonga

New Member
Messages
8
Reaction score
0
Points
1
We have a domain which we have owned for many years. I migrated it to your free hosting service a few months ago while our club is still shut down and unable to justify paying the renewal fee for our old hosting arrangement.

We also have a (free) Mailchimp account for sending out Club newsletter mailings, which uses our domain's main email address (not the free one from you) as the "from" address for mailings. The email address was verified 5 years ago when the MailChimp account was first set up, but was never authenticated. So I had a go at authenticating it this week.

Mailchimp requires installing a couple of CNAME records for the domain, basically setting up DKIM for mailings sent from MailChimp on our behalf.

I tried installing those records in the DNS list at the domain registrar. That did not work. I called the registrar's support, and was informed that they should really be installed on the host where our domain is based ("where the NS records point to").

So on X10hosting, I went into Account Manager -> DNS Management in DirectAdmin for our domain (clubmilonga.com) and added the two records there, with the name and value fields copied directly from MailChimp except for periods at the ends to prevent auto suffixing with the domain name again. Apparently it is still not working. Running a DKIM check for one of the MailChimp DKIM selectors at the MX Toolbox Supertool site says your name server reports no DKIM records have been published.

Is there a trick to getting the required CNAME records set up properly so the MailChimp authentication will work?

Thanks.
 

Anna

I am just me
Staff member
Messages
11,755
Reaction score
583
Points
113
I'm not familiar with MailChimp, so I'm not sure what they are looking for.

I do see you have a couple extra cname records to that domain however, as well as a DKIM txt record.

If you provide information about what exactly you are supposed to add we may be able to better assist you in achieving what you need.
 

ClubMilonga

New Member
Messages
8
Reaction score
0
Points
1
The DKIM TXT record is the one that was generated when I (successfully) installed the Let's Encrypt SSL certificate for our domain (clubmilonga.com) on x10hosting.

You may be aware that MailChimp is a bulk emailing service which tends to be popular for consultants, online educators and such for staying in contact with their followers/students/prospects, and also for newsletter mailings. In our case, we have been using it mainly for a weekly newsletter to our Club members and other followers, letting them know about interesting stuff relating to the Club and their Tango, as well as (until we had to shut down because of COVID) upcoming happenings planned for each week at the Club. MailChimp offers some premium level services, but they also have a free-version service which is more than enough for our limited purposes.

Mailings from MailChimp are sent out on our behalf by MailChimp, with our address in the reply-to. They also collect statistics on opening and click rates, so we can know what is getting seen and what topics are or are not seeing interest as we go along, and they also handle mailing bounces and unsubscribes for us. Our mailing list consists mainly of Club members and others who have attended the Club at various times since the 1990s and have signed up (usually in person at the Club) to receive the newsletter as a way of keeping in contact with us. The mailing list is not huge.

Our MailChimp account was set up for us by one of the other then-Board members about 5 years ago, before passing it over to me for regular use. I recently had a look around in some of the settings I hadn't actually gone into before (even though I was in it at least weekly for a long time to set up and send our newsletter mailings). MailChimp has a 2-step process for validating the email address we set up for the reply-to, and the domain it is in. First, the address gets "verified", which basically checks to be sure we are using a reply-to address we actually have access to, by sending us an email with a confirmation code to parrot back as proof. It then wants to "authenticate" our domain, which involves setting up a pair of DKIM CNAME records to match their DKIM selectors with our domain. The required CNAME records have to be set up at the "domain provider", and then we wait for "up to 48 hours" while MailChimp checks to confirm that the records can be found associated with our domain.

On looking around, I see a bunch of articles talking about authenticating with a DKIM CNAME record and an SPF TXT record (or include) provided by MailChimp, with few articles being fully in agreement. They often have examples suggesting that Mailchimp at one time provided both a DKIM CNAME and an SPF TXT record to set up, although they in fact don't anymore. I also found an article explaining that since MailChimp has to receive stuff for us to be able to track open and click rates and such, using SPF is awkward enough that they can't really do that anymore. It seems that they are not using an SPF setting now, but are instead using a pair of DKIM selectors rather than just one.

The email domain setup I found a week or two ago in MailChimp showed that it had been verified by the guy who originally set the account up, but apparently was never authenticated. (Or i suppose it may have been authenticated for our old web site hosting which had to be allowed to expire this past summer, which is why I have put our website on x10hosting now, although I suspect it was not. Hey, I'm just getting into this site setup stuff.)

I have had a few people over the past 3 years or so complaining that they didn't seem to be receiving our newsletters, so the lack of DKIM could have been leading some of the receiving email servers to bounce them as possible spam (which they are not).

In our case, MailChimp wants a pair of CNAME records referencing DKIM selectors k2 and k3 on MailChimp's DKIM servers. The authentication step in MailChimp generates the required values to use for these records, and asks for CNAME records with them to be added "to your domain. These records are managed on your domain provider's website or interface. They help Mailchimp direct your email to the right place." Specifically, as given by MailChimp:

(1) Name = k2._domainkey.clubmilonga.com
value = dkim2.mcsv.net

(2) Name = k3._domainkey.clubmilonga.com
value = dkim3.mcsv.net

The TTL on both is to be set to either the default setting or the "lowest value offered".

I originally tried setting these up in the DNS settings at our domain registrar (happens to be Netfirms.com), but that didn't work. Their support person I talked to said that these records should actually be set up on in the hosting site for our domain, which is why I tried setting them up for clubmilonga.com here in the x10hosting account. Names and values have been copied and pasted directly from the values presented by MailChimp, with extra periods at the end because DirectAdmin apparently wants that to prevent automatically adding an extra "clubmilonga.com" at the end of each string.

I have done exactly what has been asked for, so far as I can tell, but MailChimp is apparently still failing to find them to complete the authentication process. Is there some reason why they are not getting published properly in a way that is likely to work?

Thanks.

Happy New Year
 

Eric S

Administrator
Staff member
Messages
1,099
Reaction score
153
Points
63
I believe the DKIM you installed will not work if you are utilizing mailchimp to send out your newsletters. They would have their own DKIM signed as in order for the DKIM to be signed it must be sent from the origin server or the DKIM would need to be setup with the providing DNS for the mail.

How are you using Mailchimps service? Are you using them to fully SMTP and send out your emails in which you just want them to use your reply-to alias? Or are you attempting to use the tracking features and other service and use our SMTP to send out your newsletters? ( the second option would not be viable with our free hosting limits)

If you are using them fully I believe the process is two parts which I can assume you followed both but never hurts to ask https://mailchimp.com/help/set-up-email-domain-authentication/ and then https://mailchimp.com/help/verify-a-domain/ .

I have also changed your CNAME to the default TTL as well. for DNS records you want to make sure most of them match to prevent any issues.

The process with MailChimp also indicates there should be errors or more information to help you troubleshoot why it is failing on the mailchimp said of things when you authenticate.

I believe at this time your next step would be to reach out to Mailchimp support to see what you may be missing.

Feel free to report any findings from them here and we will gladly assist you where we can.
 

ClubMilonga

New Member
Messages
8
Reaction score
0
Points
1
Full use of MailChimp to fully SMTP and send the newsletter emails on our behalf, as per their regular basic service. Involves logging into Mailchimp, setting up a campaign, copying the newsletter text into the mailing text editor on mailchimp, and then queuing it to be sent out by mailchimp. Newsletters are not being sent using your SMTP, and I am not trying to do anything tricky our out of the ordinary.

(Our newsletters have not been sent out using our own email SMTP since about 2015, before we switched to mailchimp. Last time I had to do that myself was in 2009, and good riddance to that because of the whole day of fussing around involved in sending out to what was then a much smaller distribution list.)

re errors and more information to help you troubleshoot on the mailchimp side: This consists of a note that gets inserted on their setup page just before repeating the same instructions of how to copy the required information into the new CNAME records. The error note I am seeing is:

"Uh oh, something went wrong. It looks like something didn't get copied and pasted correctly when you added the CNAME records to your domain. Delete or edit those records to try copying and pasting again."

Very helpful. I have already deleted and re-copied them a few times.

Mailchimp support doesn't apparently provide much in the way of technical support without it being paid for. (Apparently they are considered pretty good for those who are willing and able to pay for it.)

But they do have a "support assist" automated chat, which did mention a few interesting points, before helpfully suggesting I contact you guys (again) for help:

- "Free email providers like gmail, yahoo or hotmail don't allow authentication." I'm assuming our own registered domain that is set up on your (free) hosting service is not in the same camp, so this should not be a problem. Correct?

(I'm guessing this is simply because we have to have access to the server to be able to set up the required DNS records for our domain.)

- "Before the domain can be authenticated, it first needs to be verified." It was verified in 2016. (The site is no longer hosted on the same old server, but the domain and email addresses are the same as they have always been since late 2008.)

- "The domain can only be authenticated if your domain host allows underscores in the CNAME file." DirectAdmin didn't seem to balk at the underscores while I was copying the name and value fields into place, and did show the underscores as I reviewed the entries in the DNS list there, so I'm guessing this is not a problem. Correct?

- "You may need to add a period at the end of your CNAME record." I'm guessing this is referring to the period the DNS editor said would prevent adding an extra "clubmilonga.com" to the name and value fields. I did that, so this should not be a problem.

- "Once your records are set up correctly and are publicly available, head back into the mailchimp settings... and test the authentication." The key concept here seems to be the CNAME records getting published so they "are publicly available".

I gather their authentication step is simply them checking to be sure that the CNAME records pointing to their DKIM servers exist to be found, so that recipient email servers have a way to confirm that we consider our mailings sent from mailchimp as trustworthy.

I checked to see what DNS records have in fact been published into the wild for our domain:
https://dnschecker.org/all-dns-records-of-domain.php?query=clubmilonga.com&rtype=ALL&dns=google

...and it is telling me that no CNAME records associated with our domain are getting out. Hence not being able to find them when mailchimp tries to check the authentication.

Both CNAME records were set up correctly, so far as I can tell, and the name and value fields are as specified by mailchimp unless something strange and unnatural has happened to them under the covers.

So why are the CNAME records not getting published, right along with the other DNS records which seem to have all been published without any trouble?
 

ClubMilonga

New Member
Messages
8
Reaction score
0
Points
1
Update: Just came back this morning for another look at this.

- Tried a DKIM lookup using https://powerdmarc.com/power-dmarc-toolbox/:

It DOES find the separate DKIM keys for the selector relating to the Let's Encrypt certificate, AND both of the selectors for Mailchimp. So they are all there. Which is something new from the last time I checked.

- Went back into MailChimp and tried restarting the authentication:

It authenticated without delay and without any trouble at all. So everything is ready to roll now!

Hard to tell at this point why, because I have not changed anything since the last round of tries. So Maybe it just took a couple of weeks for the configuration to finally pick up (as opposed to the couple of days they warned it might take, and their authentication process kept timing out after)?

- Looking up DNS records for our domain using https://dnschecker.org/all-dns-records-of-domain.php:

The CNAME records still don't show up in the list of records found. ** BUT ** the DKIM for MailChimp which they refer to is working now.

So I gather they are getting skipped over in the DNS lookup since they are pointing outside our local domain for the required DKIM keys? The DKIM lookup (as opposed to CNAME record lookup) shows what seem to be from key TXT records which would have to be from the MailChimp server being pointed to.

Ah.

Looks like we are back in business. Thanks.

Cheers
 
Top