Shopify emailed you (or shows a banner) saying “Authenticate and add a DMARC record to continue sending emails from your domain,” or your store's emails now arrive from a shopifyemail.com address.
This traces back to Gmail and Yahoo's 1 February 2024 sender rules. If your Shopify sender domain isn't authenticated with a DMARC record, Shopify rewrites your From address to store+123@shopifyemail.com so your mail keeps sending — but you lose your brand in the inbox. To keep sending as your own domain you need CNAME records that configure both DKIM and SPF, plus a DMARC record of at least v=DMARC1; p=none. Two things quietly cause the rewrite to persist: a DMARC record using strict alignment (adkim=s or aspf=s), and having more than one DMARC record — both make validation fail. Source: Shopify Help — Displaying your store's sending email · verified 2026-07-18.
v=DMARC1; p=none — that minimum is what Shopify checks for.adkim=s or aspf=s (strict alignment breaks Shopify sending).Usually not by name — HIPAA, most legal-sector rules and UK charity guidance don't cite DMARC specifically. But they require protecting communications and preventing impersonation, and DMARC is the standard technical control that regulators, insurers and auditors expect you to use to meet that.
No, not if you start correctly. A p=none policy is monitoring only and changes nothing about delivery. You only move to quarantine or reject after aggregate reports confirm every legitimate sender already passes — so real mail is never caught by surprise.
Yes. The DNS side is a handful of records added once. The ongoing part is reading aggregate reports, which a plain-English monitoring tool does for you instead of leaving you to parse XML. Start with the free check below to see where you stand.