SPF(supported) (dedicated subdomain)DKIM(recommended)
This article covers the SPF and DKIM authentication processes for Klaviyo and how they are managed in Valimail. Because this service leverages SendGrid's email infrastructure, it requires additions to your DNS records outside of the Valimail platform. Adding Klaviyo as an authorized sender in the Valimail platform usually requires a dedicated subdomain to be pointed to the Klaviyo infrastructure and typically the DKIM keys will be added in the Valimail platform.
Configuring DKIM authentication for your Klaviyo emails
Klaviyo requires 3 CNAME records for email authentication, and one TXT record for domain ownership verification.
Please note that, while getting setup is available to all users, only those with Owner, Admin, Manager, and Campaign Coordinator privileges can make changes.
1. Click on your company name in the top right corner of your account.
2. Select Account.
3. Select the Settings dropdown.
4. Choose Domains and Hosting from the main tab.
5. Select Get Started.
6. Input your root domain (e.g., helloworld.com)
7. Specify an arbitrary and unused subdomain (i.e., one that you do not currently have in use elsewhere in your marketing) under Sending Domain (e.g., "send")
8. Click Continue.
9. Hover over and click the text to copy the generated TXT and CNAME records to your clipboard.
In an example where the intended sending domain is send.helloworld.com, with “send” as the subdomain and “helloworld.com” as the root domain, the expected DNS records would be the following:
Host | Value | Record Type |
send.helloworld.com | u161779.wl030.sendgrid.net | CNAME |
kl._domainkey.helloworld.com | kl.domainkey.u161779.wl030.sendgrid.net | CNAME |
kl2._domainkey.helloworld.com | kl.domainkey.u161779.wl030.sendgrid.net | CNAME |
helloworld.com | klaviyo-site-verification=public_API_key | TXT |
If your brand's intended sending domain has two subdomains, such as send.mail.helloworld.com, “send” would be used for the subdomain and “mail.helloworld.com” for the root domain. The expected DNS records would be the following:
Host | Value | Record Type |
send.mail.helloworld.com | u161779.wl030.sendgrid.net | CNAME |
kl._domainkey.mail.helloworld.com | kl.domainkey.u161779.wl030.sendgrid.net | CNAME |
kl2._domainkey.mail.helloworld.com | kl.domainkey.u161779.wl030.sendgrid.net | CNAME |
helloworld.com | klaviyo-site-verification=public_API_key | TXT |
IMPORTANT Note: The 1st CNAME record and the TXT record will need to be added directly in your DNS.
The 2 CNAME DKIM keys will need to be published in Valimail Enforce.
10. Publish all 4 records in the DNS and Valimail Enforce respectively.
11. After all 4 records are published in their respective areas, go back to the Klaviyo account and click Continue to Verify Domain.
12. Review any message that appears. You will see one of the following messages:
If a campaign is conflicting, you will see a notification that the deliverability may be impacted. To avoid any conflicting errors, a best practice is to make sure there are no campaigns actively sending or scheduled to go out soon. It is also best practice (but is not required) to pause flows and campaigns until after you apply and test your changes.
If your records are valid, you will see a success message. This success message may indicate that you need to warm your infrastructure again. Note that this only applies to brand new Klaviyo accounts or newly registered domains (within the last 30 days). If you are an existing account who has at least a 30-day sending history with Klaviyo, you do not have to re-warm.
If your records are not valid, you will see an error indicating what has not been set up correctly.
13. Select Apply Domain.
14. Check the box indicating that you understand that you must warm your infrastructure by changing your sending behavior. If you are an existing Klaviyo account who has a 30 day sending history, you do not need to warm your infrastructure again to move to a dedicated sending domain.
15. Click Apply Domain.
Klaviyo will now apply your dedicated sending domain to your account, and produce a success message when completed.
You can also find the instructions on how to set up DKIM in Klaviyo here.
Add a Klaviyo DKIM key in Valimail
You can find more detailed information on how to add a DKIM key in Valimail, here:
Configuring SPF authentication for your Klaviyo emails
Once you establish that Klaviyo is an authorized sender for your domain, you will need to add the service in your Enabled Senders.
You will find more detailed information on how to add a service for your domain in Valimail, here:
Note: We encourage you to use the comment section for any useful information about your sending service, such as the name of the service owner, change request ticket numbers, etc.