Re: SPF and DKIM Records - Square Needs To Stop Pl...

nsilvialafrance · ‎03-04-2024

Square Support has no clue about SPF / DKIM / DMARC. No matter who you ask, they refer you to someone else, and at the end of the day it seems nobody in this company contains knowledge of what this stuff is or how to properly configure it.

Square lets you send mail from your own domain, but provides no information to get this mail authenticated so it passes SPF / DMARC. It is completely unacceptable how uninformed everyone at Square support is on this subject. Even Square Online support / Weebly directly will argue with you that they do not need to provide you any SPF / DMARC information.

This is unacceptable and I wish someone from Square will realize that in 2024 we cannot ignore this stuff, especially for a seller like me with several locations and mail flowing through a company domain. Someone will just respond to this thread telling me to contact Square Online support, and they will provide no help on this matter at all. I wish a senior admin or someone with actual knowledge of how SPF and DMARC works could chime in here for once. There are many threads about this topic, but Square seems to not be interested in addressing it.

Screenshots below show just how much mail in a one week time is not passing DMARC due to how Square is ignoring SPF/DKIM and still sending mail using sendgrid as my domain via weebly.

Untitled 2.jpg

CColotti · ‎08-10-2024

Shipstation also used sendgrid and for years ignored this too. They finally added the ability to authenticate mail to your domain for shipment notifications. Yet. Square is not even saying it’s being worked on as a priority. Then again neither did shipstation. The thread there was 4 years old and PAGES long with no corp replies.

Hellen-Charless

This frustration is completely valid. Email authentication (SPF, DKIM, DMARC) works like the Letter Boxed puzzle every side must connect properly, or the solution fails. Square lets users send email from their own domain but doesn’t provide clear SPF/DKIM details, especially while sending via SendGrid, which causes DMARC failures.

Redirecting users between Square, Square Online, and Weebly doesn’t solve the issue. Only Square can officially document the required SPF includes, DKIM selectors, and DMARC alignment. In 2024, this isn’t optional, and clearer technical guidance is overdue.

usmanu23s

SPF and DKIM records need to be set up properly—Square really needs to stop making this more confusing than it should be.
Fixing email authentication improves deliverability, and tools like jjsploit can help you understand the setup better.

rtfulk

The problem is Square doesn't own Sendgrid, Twilio does and Square just white labels it to us. After a little research I found this, it may help or may not. Below is a copy/paste so I wouldn't type anything wrong. (Disclaimer I have not tried this myself.)

Bypass Square and force-authenticate SendGrid at the DNS level.

Step 1 – Add SendGrid to your SPF

In your DNS:

v=spf1 include:sendgrid.net include:_spf.squareup.com ~all

(keep any existing includes — don’t replace them)

Step 2 – Force DKIM alignment (this is the critical one)

Add BOTH of these CNAME records:

These two records force DKIM signing for any SendGrid mail using your domain, including Square Online / Weebly.

(Square should provide these. They don’t. But SendGrid accepts wildcard DKIM for your domain — so this works.)

Step 3 – Lock DMARC properly

v=DMARC1; p=quarantine; rua=mailto:[email protected]; ruf=mailto:[email protected]; fo=1; adkim=s; aspf=s

This makes your domain trusted again.

Step 4 – Watch your DMARC reports

Within 24–48 hours you will see:

• SPF = PASS
• DKIM = PASS
• DMARC = PASS
• Inbox placement normalize
• Google Postmaster score rise
• No more “unauthenticated sender” penalties

Hopefully this will work for you.

Randy Fulk
Korie's Kloset
Korie's Kloset Facebook
Korie's Kloset X
Korie's Kloset TikTok
Korie's Kloset Instagram
Big Bows & Sassy Clothes

SPF and DKIM Records - Square Needs To Stop Playing Games With This