Campaign Monitor mail stays unaligned with your DMARC policy until you authenticate your domain — and because it doesn't support SPF alignment, DKIM is the only thing that gets you there.
Campaign Monitor's SPF include is _spf.createsend.com (v=spf1 include:_spf.createsend.com ~all) and its DKIM is a TXT record at selector cm._domainkey. The catch, straight from its docs: Campaign Monitor does not support SPF alignment, so DKIM is the only path to DMARC compliance — get the cm key right or DMARC won't pass no matter how clean your SPF is. Source: help.campaignmonitor.com · verified 2026-07-15
p=none and a rua address, watch reports for a week, confirm this sender shows 100% pass.No. Adding SPF includes and DKIM records only adds authentication — it never blocks existing mail. The only risky step is tightening your DMARC policy, and that comes later, after reports confirm everything passes.
Send yourself a test email and inspect the headers for spf=pass, dkim=pass and dmarc=pass — or just watch your DMARCKeeper dashboard: the sender's pass rate should hit 100% within a day or two.
Yes. SPF and DKIM authenticate mail; DMARC is what tells receivers to BLOCK mail that fails, and it's the piece Gmail, Yahoo and Outlook now check for explicitly.