cancel
Showing results for 
Search instead for 
Did you mean: 

ShipStation DMARC Compliance

Manager-Erin
Alumni
Alumni

Hey Community!

You may have heard about the Google and Yahoo! email updates, we have, too.

If you use ShipStation’s default tracking email for customer shipment notifications (tracking@shipstation.com), your emails are already configured to pass DMARC checks. You do not need to take any further action.

While ShipStation doesn’t currently support domain verification, we are working on a solution so that when your brand’s email is used to send notifications, the recipient’s mail server does not filter the email as spam. You can find additional updates or changes in this article. If you have any questions or concerns you are welcome to reach out to support or post below. 

Happy Shipping!


-Erin: Your Friendly Neighborhood ShipStation Community Manager 

12 REPLIES 12

WishShipStation
Contributor

Your article basically says your company failed to meet the Dmarc compliance requirements.  Your company had years to do it.

shipshipper
Contributor

So, what is the solution that you were working on? The article linked has no updates or solution...

This is a major issue. There used to be a huge discussion here with tons of shipstation customers begging for a solution for years and years. That thread was locked for no reason. What is going on with this?

WishShipStation
Contributor

my opinion. They locked the last last discussion because they thought everyone should adopt their work around solution. The work around was silly and never a solution.  It was there to make it seem like they fixed something, when they did not and stop people from complaining.

Agreed.

The ShipStation Way:

  1. Customers provide input.
  2. ShipStation ignores all input and does their own thing.
  3. Customers are required to adapt.

UniquelyGeekly
Contributor

Great to see that ShipStation has provided a solution to this just in the nick of time!

However the instructions provided for setting up the DNS seem to be incorrect.  Or at least they've proved to be wrong for two domain providers that I use so far.

The host names if inputted as, for example ss2._domainkey.example-site.com will resolve as ss2._domainkey.example-site.com.example-site.com so really the domain shouldn't be within the host name.  I'm not sure if this will apply to all hosting solutions but you should mention it or you may have a flood of people failing to set up / authenticate the new settings. 🙂

I've run into this before.. and I set them up leaving the example-site.com out. But it still won't authenticate - even after a couple hours.

I tried using exactly what Shipstation suggested and Shipstation is showing it authenticated in that "Sender Mails" screen.

Test emails are delivered to my own gmail inbox, but my own email addresses are already trusted in my gmail. Not sure how to test sending to other people since test emails only go to my shipstation account's email address.

Likely a problem: checking headers of a test email for DMARC compliance in mxtoolbox is showing fail on SPF and DKIM authentication, and fail on overall DMARC compliant. Specifically it is showing errors for "DKIM Signature" and "DKIM-Signature Body Hash Not Verified." (It is showing pass on SPF and DKIM alignment only.)

Emails I send from my domain (non shipstation) get full pass/success on DMARC and DKIM/SPF.

So something still seems wrong here...

How can a company like ours that dropshipps for many customers and connects their sites to our SS account as stores even do this? I can't verify every email and domain and i don't expect all my customers to do this either. Plus if they try, they are asked to log into SS but they do not have accounts so they can't. This is a complete mess. 

They don't need to log in to ShipStation. They need to change the settings wherever they have their domain held.  I ship for artists and have had to get them to change their domain settings.

GoFishMedia
Occasional Contributor

The link to the article mentioned by @Manager-Erin is currently non-existent.

So for those interested here are the links that were sent to me by ShipStation Support via email that address the issue:

I just set up Domain Authentication and it seemed to go smoothly. Hopefully the emails will now pass DKIM and SPF authentication. Guess I'll find out after my next shipment.

That's where I'm at. I did try the Send Test mail option in the Email Templates area. When I paste the received email header into an email deliverability tool (mxtoolbox) it is saying fail on DMARC, DKIM authentication, SPF authentication. Dkim signature gives an error and "DKIM Body Hash did not verify." However it did pass on DKIM alignment and SPF alignment.

Not sure how else to test, but it doesn't seem to be set up correctly. Even though in Shipstation it displays authenticated in Sender Emails.

MelanieV
Community Manager
Community Manager

Hello Community!

We are thrilled to share an exciting update, ShipStation now supports domain authentication to ensure your branded emails pass DMARC checks seamlessly and improve your deliverability rates.

We appreciate all your valuable feedback and suggestions. To set up and benefit from this feature, please review the feature requirements and steps in our "Configure Domain Authentication in ShipStation" article. For more insights into email authentication policies and protocols, explore our guide on Email Domain Authentication (DMARC).

As always, if you have any questions or concerns, please don't hesitate to reach out to us.