Squarespace is a website builder that also handles transactional emails for online stores — order confirmations, shipping updates, and form submission notifications. If you're running a Squarespace store with a custom domain, authentication ensures your transactional emails reach customers.
SPF Configuration
Squarespace's email sending uses the following SPF include:
Type: TXT
Host: @
Value: v=spf1 include:_spf.squarespace.com ~all
Combined with your email provider:
v=spf1 include:_spf.google.com include:_spf.squarespace.com ~all
Note: Squarespace handles website-generated emails (form submissions, commerce emails). If you use Google Workspace through Squarespace or a separate email provider, you'll need their SPF include as well.
Verify your total lookup count with the SenderClarity SPF Checker.
DKIM Configuration
Squarespace supports DKIM for custom domains.
- In your Squarespace admin, go to Settings → Domains and select your domain.
- Navigate to the Email section or DNS settings.
- If Squarespace provides DKIM records, they will appear as CNAME or TXT entries to add to your DNS.
If your domain's DNS is managed by Squarespace, some records may be configured automatically. If your DNS is managed elsewhere, you'll need to manually add the records Squarespace provides.
DMARC Configuration
Start with monitoring mode:
Type: TXT
Host: _dmarc
Value: v=DMARC1; p=none; rua=mailto:your-address@reports.senderclarity.com; fo=1
Progress to enforcement:
p=quarantine; pct=25p=quarantine; pct=100p=reject
DMARC Considerations for Squarespace
Limited authentication controls compared to dedicated ESPs: Squarespace is a website builder first and an email sender second. Their DKIM and SPF configuration options are more basic than dedicated email platforms. If your DMARC reports show Squarespace traffic failing alignment, your options for fixing it may be limited to what Squarespace exposes in their admin panel.
Low email volume can make DMARC reports misleading: Squarespace typically sends a small volume of transactional emails (order confirmations, form notifications). With low volume, a single failing email represents a large percentage of your Squarespace traffic in DMARC reports. Don't overreact to high failure rates — look at absolute numbers.
Google Workspace purchased through Squarespace is still Google: If you added Google Workspace through Squarespace's integration, your business email runs on Google's infrastructure and follows Google Workspace's authentication rules. Squarespace's SPF include only covers Squarespace-originated emails (commerce, forms), not your Google-hosted mailbox.
Verification
- Check your SPF record →
- Submit a test order or form on your Squarespace site
- Check the resulting email headers for authentication results
- Monitor DMARC reports in SenderClarity
Common Issues
Squarespace email vs. Google Workspace: Squarespace offers Google Workspace as an add-on for business email. If you use this, you need Google's SPF include (_spf.google.com) for your regular email and Squarespace's include for transactional commerce emails. These are separate systems.
DNS managed by Squarespace: If Squarespace manages your DNS, you'll add records through their domain settings panel. Be aware that Squarespace's DNS management interface is more limited than dedicated DNS providers — some record types may not be supported.
Form notification emails: Squarespace form submissions generate notification emails. These may come from Squarespace's infrastructure and need to be covered by your SPF record.
SPF Lookup Impact
| Include | Estimated Lookups |
|---|---|
_spf.squarespace.com |
1–2 |