AWeber authenticates with DKIM and DMARC only, no SPF — so until you add its three DKIM CNAMEs your broadcasts have nothing your domain's DMARC policy can align to.
AWeber doesn't use SPF at all — it authenticates with DKIM and DMARC only. Add three rotating CNAMEs — aweber_key_a._domainkey, aweber_key_b._domainkey and aweber_key_c._domainkey — each pointing to the matching host under send.aweber.com, so AWeber can rotate keys without you touching DNS again. Because there's no SPF, your DMARC pass rides entirely on that DKIM signature. Source: docs.aweber.com · verified 2026-07-15
p=none and a rua address, watch reports for a week, confirm this sender shows 100% pass.No. Adding SPF includes and DKIM records only adds authentication — it never blocks existing mail. The only risky step is tightening your DMARC policy, and that comes later, after reports confirm everything passes.
Send yourself a test email and inspect the headers for spf=pass, dkim=pass and dmarc=pass — or just watch your DMARCKeeper dashboard: the sender's pass rate should hit 100% within a day or two.
Yes. SPF and DKIM authenticate mail; DMARC is what tells receivers to BLOCK mail that fails, and it's the piece Gmail, Yahoo and Outlook now check for explicitly.