Page MenuHomePhabricator
Create Task
Maniphest T355835

Ensure that store.wikimedia.org complies with Google's new email sender guidelines
Closed, ResolvedPublic
Actions

Description

Google has announced new requirements for sending email to gmail accounts effective 2024-02-01. This is a tracking task to define what is required for the public Wikimedia Shopify instance (store.wikimedia.org) to be compliant.

According to Shopify Support, we need to add the 4 CNAME records below to our DNS records to authenticate our domain and allow Shopify to impersonate it. We need to do the same with 4 other CNAME records for our internal Shopify instance, wikimediafoundation.myshopify.com (https://phabricator.wikimedia.org/T355833).

Record #1:
Type: CNAME
Host name: n1j._domainkey
Value: dkim1.327bdf87d37c.p413.email.myshopify.com

Record #2:
Type: CNAME
Host name: n1j2._domainkey
Value: dkim2.327bdf87d37c.p413.email.myshopify.com

Record #3:
Type: CNAME
Host name: n1j3._domainkey
Value: dkim3.327bdf87d37c.p413.email.myshopify.com

Record #4:
Type: CNAME
Host name: mailern1j
Value: 327bdf87d37c.p413.email.myshopify.com

I've attached the instructions from Shopify Support for reference. I have admin access to both Shopify instances, so I can "authenticate the domain" on the Shopify admin console once the CNAME records are added.

shopify support instructions.pdf343 KBDownload

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
wikimedia.org: fix store.wm.org recordsoperations/dnsmaster+4 -4
wikimedia.org: add DKIM selectors for store.wm.orgoperations/dnsmaster+5 -0
Customize query in gerrit

Related Objects
Search...

Event Timeline

bcampbell created this task.Jan 24 2024, 11:42 PM
bcampbell mentioned this in T355833: Ensure that wikimediafoundation.myshopify.com complies with Google's new email sender guidelines.
Peachey88 added a project: DNS.Jan 25 2024, 8:41 AM
Maintenance_bot added a project: SRE.Jan 25 2024, 9:29 AM
Maintenance_bot added a project: Traffic.
gerritbot added a comment.Jan 25 2024, 2:54 PM

Change 992936 had a related patch set uploaded (by Ssingh; author: Ssingh):

[operations/dns@master] wikimedia.org: add DKIM selectors for store.wm.org

https://gerrit.wikimedia.org/r/992936

gerritbot added a project: Patch-For-Review.Jan 25 2024, 2:54 PM
gerritbot added a comment.Jan 25 2024, 4:52 PM

Change 992936 merged by Ssingh:

[operations/dns@master] wikimedia.org: add DKIM selectors for store.wm.org

https://gerrit.wikimedia.org/r/992936

Stashbot added a comment.Jan 25 2024, 4:52 PM

Mentioned in SAL (#wikimedia-operations) [2024-01-25T16:52:57Z] <sukhe> running authdns-update for CR 992936: T355835

ssingh subscribed.Jan 25 2024, 5:04 PM

@bcampbell: The changes have been merged, please try the authenticate domain part now. Thanks.

bcampbell added a comment.Jan 25 2024, 5:25 PM

@ssingh Thank you, I just initiated the process, which Shopify says may take 24 hours to complete. I'll follow up here when the process finishes.

Maintenance_bot removed a project: Patch-For-Review.Jan 25 2024, 5:30 PM
gerritbot added a comment.Jan 25 2024, 5:48 PM

Change 993008 had a related patch set uploaded (by Ssingh; author: Ssingh):

[operations/dns@master] wikimedia.org: fix store.wm.org records

https://gerrit.wikimedia.org/r/993008

gerritbot added a project: Patch-For-Review.Jan 25 2024, 5:48 PM
gerritbot added a comment.Jan 25 2024, 6:00 PM

Change 993008 merged by Ssingh:

[operations/dns@master] wikimedia.org: fix store.wm.org records

https://gerrit.wikimedia.org/r/993008

Stashbot added a comment.Jan 25 2024, 6:01 PM

Mentioned in SAL (#wikimedia-operations) [2024-01-25T18:01:06Z] <sukhe> running authdns-update for CR 993008: T355835

ssingh added a comment.Jan 25 2024, 6:07 PM
$ dig n1j._domainkey.wikimedia.org +short
dkim1.327bdf87d37c.p413.email.myshopify.com.
n1j.domainkey.u13505235.wl236.sendgrid.net.
$ dig n1j2._domainkey.wikimedia.org +short
dkim2.327bdf87d37c.p413.email.myshopify.com.
n1j2.domainkey.u13505235.wl236.sendgrid.net.
$ dig n1j3._domainkey.wikimedia.org +short
dkim3.327bdf87d37c.p413.email.myshopify.com.
$ dig mailern1j.wikimedia.org +short
327bdf87d37c.p413.email.myshopify.com.
u13505235.wl236.sendgrid.net.

Sorry about the earlier commit, this should be fixed now.

@jhathaway: adding you for the additional check on your end, given your questions on the other task.

Maintenance_bot removed a project: Patch-For-Review.Jan 25 2024, 6:30 PM
bcampbell added a comment.Jan 29 2024, 4:47 PM

Thanks @ssingh. All looks good on the Shopify end for this instance. It says are domain is authenticating now.

ssingh closed this task as Resolved.Jan 29 2024, 4:49 PM
ssingh claimed this task.

Thanks for letting us know @bcampbell. I am marking this as resolved; in case there are any further concerns, please let us know.

bcampbell added a comment.Jan 29 2024, 4:52 PM

Thanks @ssingh . The other Shopify instance still needs the CNAME records added it looks like, but we are good-to-go on this one.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits