Recursive loop of Mailchimp domain authentication hell -- need big brains to help

Dear MPUsers

This is not a Mac issue per se but I imagine someone out there in MPU-landia will be able to help.

I’ve had a mailchimp email list (free plan) for a long time but have never attempted to have my domain ( authenticated until the last few months.

Each failure is met with the same information:

You can see from image before that I have indeed added these values. I’m at the stage where I’ve also added an SPF value but have exhausted my limited understanding of what is going on. My email is hosted by Enom and the host records for the site look like this:

Does anyone have experience sorting out Mailchimp domain authentication that might guide me as to what I’m doing wrong and to help get me out of this loop of free plan Mailchimp support?

Thanks in advance all, and happy Sunday.


The TXT record might well need to be wrapped in " (double quotation marks).

Thanks @RosemaryOrchard – I’ll give it a go (then wait 2 days to see if it works!).

Qualifying all of this with the disclaimer that DNS syntax is SUPER-FIDDLE-Y, and when you have web-based editors for these things they confuse the whole mess considerably as they frequently auto-guess and muddle syntax, but…

Agree with Rosemary that the SPF record might need to be enclosed in double-quotes. But also, the hostname - - might need a period after it.

Follow me here.

This is DNS for So when you have a raw DNS record, it looks like this:


See that period at the very end? That indicates that’s the end of a domain name. And note how there’s no “” after “pop” in the first field? That’s because a non-terminated identifier in that first field automatically gets “” appended to it.

The equivalent “complete” record is: IN CNAME

See how the first field is terminated with a period? That tells it that “” is the FULL hostname, and doesn’t need the domain name appended to it. EITHER syntax is perfectly fine, and you can even mix and match them in the same DNS file. But confusing them is a huge cause of issues, even for people who otherwise know better.

Now we go back to your TXT record. “” doesn’t have a period after it, which means that the DNS could very well be reading it as: IN TXT …

And that won’t get you where you need to go.

I’d add the period after in the TXT record, and see if that helps. :slight_smile:


Wow. Thanks @webwalrus for this detailed response. What you say is super clear.

1 Like

No problem. I’m a server guy, so I do a lot of DNS - and every now and then I still have to double back and fix these records as copy/pasting from online instructions frequently omits the ending periods, and it’s tempting to think that “I copy/pasted it, it should be good…right?” :slight_smile:

Best of luck getting your MailChimp thing sorted out!

1 Like

It’s a total minefield for me. Something I’ve never really tried to get my head around other than getting something to work (and not necessarily understanding it).

However, the Enom host record editor did not let me add a period to “The hostname cannot end with a period (.).” AND @RosemaryOrchard it wouldn’t let me add quote marks to the txt record!

I started working with Enom’s SPF wizard: and have sent another version to Mailchimp to likely be returned as an authentication failure in a couple of days time.

Winter is coming. (except in NZ).

If it won’t let you add the period, then it’s enforcing short-form records. And it’s providing its own quotes for the TXT record. Neither of which are inherently a bad thing - just something to note. And one of the many reasons I HATE web-based DNS editing.

Your solution is almost certainly to remove “” and replace it with an “@” (without the quotes). “@” is DNS shorthand for “the root domain”, in this case “”.

Incidentally, you should also figure out your SPF record mods for your PRIMARY mail provider and add them there too. Otherwise adding the SPF for MailChimp could start causing problems for your other email.

Interesting. If you hate web-based DNS editing then I’m a long way from even starting to tolerate it.
Noted re SPF record mods for mail provider.
If I can get this Mailchimp authentication working I’d be pretty chuffed.
Will see how it turns out.
Thanks for your time and energy – it means a lot.

I did a tiny bit of digging. As far as I can tell, your SPF record should be something like:

v=spf1 ~all

That’s saying “include MailChimp servers”, “include servers”, and “be suspicious of email that doesn’t come from these servers, but it’s not a hard fail”.

This assumes you send your email through the servers, and that my Internet searches yielded the correct results for what’s SPF include should be. You should double-check with your email provider. :slight_smile:

The order of the includes doesn’t matter, as long as they’re all there. So if your email provider gives you different info, just grab the “include:_____” part they send you and plug it in using the format above.

It’s one of those things where the web interface, by trying to make it easy, sometimes makes it harder. When there are a bunch of valid ways to do something, and an interface enforces one of them rigidly - with slightly different syntax - I find it adds complexity because the help you’re getting from experts sometimes can’t even be implemented (as you’ve already noticed) :slight_smile:

1 Like

Once again – above and beyond @webwalrus. I’m having flashbacks to the internet before 2.0, and the sense of a burgeoning community that was trustworthy and patient. Or perhaps they are very rose-coloured glasses.

What you’ve written above is clear and makes great sense.

I’ve sent off for re-authentication from Mailchimp. Will let you know and then send cake as thanks. :wink:


Neal Stephenson wrote In The Beginning was The Command Line… before the era of web interfaces, but if he were to revisit the subject today I suspect he’d have a lot to say about them.


Yeah. And the thing is, this isn’t an either/or problem where one side is clearly superior. Web interfaces and GUIs, by design, abstract away some of the manual stuff. Well-done interfaces are very, very helpful. Poorly-done interfaces make it harder. And that’s mostly about the design of the interface.

I remember reading some config thing for (I believe?) Arch Linux where the documentation stated outright that partitioning, formatting, etc. a new drive was “no harder” via the command line than via GUI or menu-based alternatives.

And that’s pure, 100% nonsense.

There’s lots of very specific stuff that you have to know for that process, and lots of points where little mistakes can cause you big problems. The GUI alternatives round off some of the sharpest corners, and make the process far more intuitive. It’s definitely less likely that you’ll partition the wrong drive and lose all of your data. :slight_smile:

hi all.
So, the good news or the bad?
The bad news is that it once again failed Mailchimp’s obviously stringent tests.
The good news is entirely unrelated, but I made it into NZ’s MIQ (managed isolation and quarantine) system and it’s totally surreal.
Don’t want to push my luck with everyone’s generosity here but any final ideas about next possible steps?
Thanks, and all best.

Assuming your domain is, your domain’s SPF looks like what MailChimp should be after. Did you set up your DKIM record?

Directions here, if you haven’t done it yet → Set Up Email Domain Authentication | Mailchimp

If so, can you let me know the DKIM selector you’re using? I can double-check things using some lookup tools.

In general…do you have a paid MailChimp account? If so, any chance they’d be willing to take a look and see what they think is going on?

morning @webwalrus – thanks again here. So, I felt like I was overstaying my welcome in terms of asking for your help (you’ve been so generous). So, I upgraded so I could access Mailchimp support. There was only one problem with the DKIMs. They were seeing x 2 as in:

So it was a matter of making the name: k2._domainkey and then it was all authenticated.

Also, and just for the record if anyone is hunting around for this, Mailchimp no longer requires an SPF record.

Thanks again.


Yeah, that sort of thing is a pretty common error to make. Don’t feel too bad about it. :slight_smile: Glad you got everything worked out!

1 Like