Mike/FrenoCorp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e8687bb6b2d7defa1bfc2dd82c61a6df7f7b785d
FrenoCorp/plans/FRE-650-dns-records.md

199 lines
5.3 KiB
Markdown
Raw Blame History

# DNS Records for Email Marketing Platform
**Issue:** FRE-650
**Domain:** scripter.app
**Purpose:** Email authentication for Mailchimp delivery
---
## Add These Records to DNS
Add the following DNS records to your domain registrar (GoDaddy, Namecheap, Cloudflare, etc.). These records authenticate Mailchimp as an authorized sender for your domain, which is critical for email deliverability.
---
## 1. SPF Record (Required)
**Purpose:** Authorizes Mailchimp to send emails on behalf of your domain
```
Type: TXT
Name/Host: @ (or scripter.app)
Value: v=spf1 include:spf.mailchimp.com ~all
TTL: Automatic or 3600
```
**What it does:** Tells receiving email servers that Mailchimp is authorized to send emails from @scripter.app domain.
---
## 2. DKIM Record (Required)
**Purpose:** Cryptographically signs emails to prove they weren't tampered with
**Step 1:** Log into Mailchimp and navigate to:
- Account name → Settings → Domains
- Click "Add Domain" or "Authenticate Domain"
- Enter: `scripter.app`
- Mailchimp will generate a unique DKIM key
**Step 2:** Add the DKIM record Mailchimp provides:
```
Type: TXT
Name/Host: k1._domainkey.scripter.app
Value: v=DKIM1; k=rsa; p=[MAILCHIMP-PROVIDED-KEY]
TTL: Automatic or 3600
```
**Note:** The exact value will be provided by Mailchimp during domain setup. It looks like:
```
v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC...
```
---
## 3. DMARC Record (Recommended)
**Purpose:** Tells receiving servers what to do if SPF or DKIM fails
```
Type: TXT
Name/Host: _dmarc.scripter.app
Value: v=DMARC1; p=quarantine; rua=mailto:dmarc@scripter.app; pct=100; adkim=s; aspf=s
TTL: Automatic or 3600
```
**DMARC Policy Options:**
- `p=none` - Monitor only (start here if cautious)
- `p=quarantine` - Send suspicious emails to spam (recommended)
- `p=reject` - Block suspicious emails (use after testing)
**Aggregate reports:** Sent to dmarc@scripter.app (create this alias or use your email)
---
## 4. Return-Path Domain (Optional but Recommended)
**Purpose:** Improves deliverability and branding
**Step 1:** In Mailchimp → Settings → Domains, enable "Use a custom return-path domain"
**Step 2:** Add CNAME record:
```
Type: CNAME
Name/Host: mail.scripter.app (or send.scripter.app)
Value: cname.mailchimp.com
TTL: Automatic or 3600
```
---
## Verification Steps
After adding DNS records:
1. **Wait for propagation** (5-30 minutes typically, up to 48 hours max)
2. **Verify in Mailchimp:**
- Navigate to Account → Settings → Domains
- Click "Verify" next to your domain
- All checks should show green ✓
3. **Test deliverability:**
- Send test email to gmail.com, outlook.com, yahoo.com
- Check email headers for "SPF: PASS" and "DKIM: PASS"
- Use mail-tester.com to check spam score (aim for 9/10+)
---
## DNS Provider Instructions
### Cloudflare
1. Log into Cloudflare dashboard
2. Select `scripter.app`
3. Go to DNS → Records
4. Click "Add record"
5. Select type (TXT/CNAME), enter details above
6. Click "Save"
7. **Disable Cloudflare proxy** (grey cloud) for TXT records
### GoDaddy
1. Log into GoDaddy
2. Go to My Products → Domains
3. Click `DNS` next to scripter.app
4. Click "Add" or "Add Record"
5. Select type, enter details
6. Click "Save"
### Namecheap
1. Log into Namecheap
2. Click "Manage" next to scripter.app
3. Go to "Advanced DNS" tab
4. Click "Add New Record"
5. Select type, enter details
6. Click green checkmark to save
---
## Troubleshooting
### "SPF record not found"
- Ensure record type is TXT (not SPF - deprecated)
- Check for typos in the record value
- Wait 15-30 minutes for propagation
- Use `dig TXT scripter.app` to verify
### "DKIM verification failed"
- Copy the entire DKIM key from Mailchimp (no line breaks)
- Ensure host is `k1._domainkey` (not `k1._domainkey.scripter.app` - some providers auto-append domain)
- Check for extra spaces in the value
### "Domain already has SPF record"
- If you have existing SPF record (e.g., for Google Workspace), **do not create a second one**
- Instead, **update** existing record to include Mailchimp:
```
v=spf1 include:_spf.google.com include:spf.mailchimp.com ~all
```
- You can have multiple `include:` statements but only ONE SPF record
---
## Security Notes
- **SPF `~all` vs `-all`:** Use `~all` (soft fail) initially, switch to `-all` (hard fail) after testing
- **DMARC reports:** Review weekly to catch unauthorized senders
- **Monitor blacklist:** Use mxtoolbox.com to check if domain is blacklisted
---
## Post-Setup Checklist
- [ ] All DNS records added to registrar
- [ ] Waited 30+ minutes for propagation
- [ ] Verified domain in Mailchimp (all green checks)
- [ ] Sent test email to multiple providers (Gmail, Outlook, Yahoo)
- [ ] Checked email headers for SPF/DKIM pass
- [ ] Ran mail-tester.com scan (score: 9+/10)
- [ ] Set up DMARC report monitoring
---
## Resources
- **Mailchimp Domain Authentication:** https://mailchimp.com/help/authentication-domain/
- **SPF Basics:** https://www.spfwizard.net/
- **DMARC Generator:** https://dmarcian.com/dmarc-wizard/
- **MX Toolbox:** https://mxtoolbox.com/ (verify DNS records)
- **Mail-Tester:** https://www.mail-tester.com/ (check spam score)
---
**Status:** Ready to execute
**Owner:** Founder/CTO (requires domain admin access)
**Time Required:** 15-30 minutes
**Priority:** High (blocks email sending)
Reference in New Issue View Git Blame Copy Permalink