Sendgrid vs mailchimp dmarc (un-) compliance

I use sendgrid for transactional emails, but its automations are expensive.
So I use mailchimp for marketing.

At the moment sendgrid uses a return path with my domain, and a cname record to be able to get my bounces.
Thus all sendgrif email are 100% DKIM and SPF compliant.

Mailchimp uses their own return path, thus failing SPF (see here: Mailchimp failing SPF)

Is there a company that uses the same CNAME record method as Sendgrid, and is more marketing oriented like Mailchimp)? at the moment Sendgrid seems to be the only one with full DKIM and SPF compliance.

Hi @ropetales, As far as DMARC is concerned, you only need* either DKIM or SPF to pass and align. So, MailChimp could continue to be a suitable solution for you.

Two similar solutions to MailChimp are HubSpot and ConstantContact, though they also restrict their own return path because their ‘average’ customer isn’t all that technical.

You may want to give AutoPilot and SendinBlue a look.

*DMARC allows you to optionally require ‘strict’ alignment among other nuances in your record, which would add some complexity to your situation.

I am testing Sendinblue. They also have their own return path, but spf appears as aligned.

I am puzzled.

We are using MailChimp with our domain, using DKIM to pass DMARC authentication. Works great, no issues. Just have to go through the setup process with Mailchimp.

We are at policy=reject with DMARC and all Mailchimp mail validates with DKIM and successfully passes DMARC.

Hi @ropetales, I’ll reach out on a separate thread to address your issue.

@eric , thanks for the follow up and great achievement on getting to reject. Don’t forget to look at your inactive/defensively registered domains too. Those are susceptible to abuse as well.


@ropetales, Sendinblue is probably using a subdomain of your’s that is CNAMEd to their servers (much like Sendgrid does). A subdomain sender will DMARC align in relaxed mode (default), but not in strict mode.

SPF raw fail/pass is determined against the SPF record for the domain used in return-path/RFC5321-Mail.From.