MailChimp DKIM Domain Verification Fails with CloudFlare CNAME Flattening

MailChimp now require you to add DKIM and SPF records to domains you own. Unfortunately when you’re using CloudFlare CNAME flattening the DKIM verification fails since MailChimp’s servers are looking for their CNAME record, and CloudFlare’s nameservers are returning the actual TXT record.

This is perfectly valid for DKIM, but it’s just a problem with MailChimp.

The only solution we found was to:

  1. Temporarily disable CNAME flattening in CloudFlare settings
  2. Verify the domain in MailChimp
  3. Re-enable CNAME flattening

Apparently the verification should still stick. This is the response I got back from MailChimp support:

While we can’t alter our verification script, what I was able to confirm is that as long as the CNAME record is not flattened during the initial authentication setup within MailChimp, it will pass. You can then re-enable flattening and your campaigns should still pass, though we do definitely recommend thorough testing to be sure.

Hope that helps some others out there.