FrenoCorp/plans/FRE-650-dns-records.md

DNS Records for Email Marketing Platform

Issue: FRE-650
Domain: scripter.app
Purpose: Email authentication for Mailchimp delivery

---

Add These Records to DNS

Add the following DNS records to your domain registrar (GoDaddy, Namecheap, Cloudflare, etc.). These records authenticate Mailchimp as an authorized sender for your domain, which is critical for email deliverability.

---

1. SPF Record (Required)

Purpose: Authorizes Mailchimp to send emails on behalf of your domain

Type: TXT
Name/Host: @ (or scripter.app)
Value: v=spf1 include:spf.mailchimp.com ~all
TTL: Automatic or 3600

What it does: Tells receiving email servers that Mailchimp is authorized to send emails from @scripter.app domain.

---

2. DKIM Record (Required)

Purpose: Cryptographically signs emails to prove they weren't tampered with

Step 1: Log into Mailchimp and navigate to:

• Account name → Settings → Domains
• Click "Add Domain" or "Authenticate Domain"
• Enter: scripter.app
• Mailchimp will generate a unique DKIM key

Step 2: Add the DKIM record Mailchimp provides:

Type: TXT
Name/Host: k1._domainkey.scripter.app
Value: v=DKIM1; k=rsa; p=[MAILCHIMP-PROVIDED-KEY]
TTL: Automatic or 3600

Note: The exact value will be provided by Mailchimp during domain setup. It looks like:

v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC...

---

3. DMARC Record (Recommended)

Purpose: Tells receiving servers what to do if SPF or DKIM fails

Type: TXT
Name/Host: _dmarc.scripter.app
Value: v=DMARC1; p=quarantine; rua=mailto:dmarc@scripter.app; pct=100; adkim=s; aspf=s
TTL: Automatic or 3600

DMARC Policy Options:

• p=none - Monitor only (start here if cautious)
• p=quarantine - Send suspicious emails to spam (recommended)
• p=reject - Block suspicious emails (use after testing)

Aggregate reports: Sent to dmarc@scripter.app (create this alias or use your email)

---

4. Return-Path Domain (Optional but Recommended)

Purpose: Improves deliverability and branding

Step 1: In Mailchimp → Settings → Domains, enable "Use a custom return-path domain"

Step 2: Add CNAME record:

Type: CNAME
Name/Host: mail.scripter.app (or send.scripter.app)
Value: cname.mailchimp.com
TTL: Automatic or 3600

---

Verification Steps

After adding DNS records:

1. Wait for propagation (5-30 minutes typically, up to 48 hours max)

2. Verify in Mailchimp:

   • Navigate to Account → Settings → Domains
   • Click "Verify" next to your domain
   • All checks should show green ✓

3. Test deliverability:

   • Send test email to gmail.com, outlook.com, yahoo.com
   • Check email headers for "SPF: PASS" and "DKIM: PASS"
   • Use mail-tester.com to check spam score (aim for 9/10+)

---

DNS Provider Instructions

Cloudflare

1. Log into Cloudflare dashboard
2. Select scripter.app
3. Go to DNS → Records
4. Click "Add record"
5. Select type (TXT/CNAME), enter details above
6. Click "Save"
7. Disable Cloudflare proxy (grey cloud) for TXT records

GoDaddy

1. Log into GoDaddy
2. Go to My Products → Domains
3. Click DNS next to scripter.app
4. Click "Add" or "Add Record"
5. Select type, enter details
6. Click "Save"

Namecheap

1. Log into Namecheap
2. Click "Manage" next to scripter.app
3. Go to "Advanced DNS" tab
4. Click "Add New Record"
5. Select type, enter details
6. Click green checkmark to save

---

Troubleshooting

"SPF record not found"

• Ensure record type is TXT (not SPF - deprecated)
• Check for typos in the record value
• Wait 15-30 minutes for propagation
• Use dig TXT scripter.app to verify

"DKIM verification failed"

• Copy the entire DKIM key from Mailchimp (no line breaks)
• Ensure host is k1._domainkey (not k1._domainkey.scripter.app - some providers auto-append domain)
• Check for extra spaces in the value

"Domain already has SPF record"

• If you have existing SPF record (e.g., for Google Workspace), do not create a second one
• Instead, update existing record to include Mailchimp:

  v=spf1 include:_spf.google.com include:spf.mailchimp.com ~all
  

• You can have multiple include: statements but only ONE SPF record

---

Security Notes

• SPF ~all vs -all: Use ~all (soft fail) initially, switch to -all (hard fail) after testing
• DMARC reports: Review weekly to catch unauthorized senders
• Monitor blacklist: Use mxtoolbox.com to check if domain is blacklisted

---

Post-Setup Checklist

• All DNS records added to registrar
• Waited 30+ minutes for propagation
• Verified domain in Mailchimp (all green checks)
• Sent test email to multiple providers (Gmail, Outlook, Yahoo)
• Checked email headers for SPF/DKIM pass
• Ran mail-tester.com scan (score: 9+/10)
• Set up DMARC report monitoring

---

Resources

• Mailchimp Domain Authentication: https://mailchimp.com/help/authentication-domain/
• SPF Basics: https://www.spfwizard.net/
• DMARC Generator: https://dmarcian.com/dmarc-wizard/
• MX Toolbox: https://mxtoolbox.com/ (verify DNS records)
• Mail-Tester: https://www.mail-tester.com/ (check spam score)

---

Status: Ready to execute
Owner: Founder/CTO (requires domain admin access)
Time Required: 15-30 minutes
Priority: High (blocks email sending)