Shopify Email for Store Admins: What You Can and Can't Control

Shopify abstracts email away from merchants. You do not pick an SMTP provider. You do not see bounce logs. You barely see the template source. For a majority of stores this is exactly right — one fewer thing to break. But when deliverability slips, the abstraction becomes a wall.

The wall has doors. Shopify exposes a small set of levers that meaningfully change inbox placement, and a larger set of things you think you control but do not. Confusing the two is the most common reason Shopify admins spend weeks changing the wrong knobs.

Quick map

You control: the sender domain (with DNS), the template HTML, the From name, the reply-to. You do not control: the sending IP, the bounce handling, feedback loops, per-message logs, or the Shopify "via" disclaimer unless you authenticate.

What you actually control

Sender email and display name: Settings → Notifications → Sender email. Put your domain here. Until you authenticate, Shopify still envelopes it via shopifyemail.com.
DNS authentication: Shopify gives you the SPF include, two DKIM CNAMEs and an optional DMARC TXT. This is the single biggest lever you own.
Notification templates: each of the 20+ transactional templates has an Edit code button. Liquid + HTML, full source access.
Which events fire: toggle Customer notifications on/off. Disabling the review request or abandoned cart email is a legitimate deliverability decision.
Reply-to: keep it at a monitored mailbox.no-reply@ hurts trust more than it saves support hours.

What Shopify owns and you cannot change

Sending IP: Shopify uses a pool of shared IPs across all stores. You share reputation with every other Shopify merchant. Usually fine, occasionally painful.
MTA choice: you cannot swap out Shopify's native transactional path for SendGrid/Postmark/SES — not for the built-in notification flow. Apps with Flow triggers can re-route, but that is a different architecture.
Bounce and complaint handling: Shopify silently suppresses hard-bounced customers. You cannot export the list. You cannot see per-message delivery logs.
Feedback loops: there is no Gmail Postmaster Tools dashboard for your Shopify volume, because you do not own the sending IP or the return-path domain.
Rate limits: Shopify enforces its own caps. Flash sales sometimes hit them and emails queue for hours.

The via disclaimer

Before you authenticate, Gmail shows orders@yourstore.com via shopifyemail.com in the From line. Customers notice. Authentication removes the via. This alone is worth the 10 minutes of DNS work.

DNS setup in practice

From Shopify admin → Settings → Notifications → Authenticate, you will see three DNS rows. Copy each into your registrar. Example output:

; SPF — merge into existing record at apex
yourstore.com.   TXT  "v=spf1 include:shops.shopify.com ~all"

; DKIM — two CNAMEs
shopify1._domainkey.yourstore.com.   CNAME  shopify1.dkim.shopify.com.
shopify2._domainkey.yourstore.com.   CNAME  shopify2.dkim.shopify.com.

; DMARC — start permissive, tighten later
_dmarc.yourstore.com.   TXT  "v=DMARC1; p=none; rua=mailto:dmarc@yourstore.com; fo=1"

Wait 15 minutes to an hour. Return to admin and click verify. If anything stays yellow, DNS has not propagated or there is a typo — usually a trailing dot missing in the CNAME target.

Template control

Shopify's default transactional template is heavy. Header image, product grid, footer with shop links. That is Promotions bait. For the order confirmation and shipping notification, simplify.

Open Settings → Notifications → Order confirmation → Edit code.
Remove the hero image block. Keep the logo only if under 10 KB.
Strip promotional modules: upsells, newsletter signup, "you may also like", referral programs.
Verify the plain-text alternative is generated. Shopify does this automatically but custom theming sometimes breaks it.

Apps that bypass Shopify's sending

Klaviyo, Omnisend, Postscript and similar apps do not route through Shopify's MTA. They use their own IPs and their own auth. For those you configure SPF/DKIM for the app's domain separately. Do not assume that authenticating Shopify covers Klaviyo — it does not.

Klaviyo: Klaviyo gives you two DKIM CNAMEs and an SPF include. Different from Shopify's. Add both.
Postscript (SMS): does not affect email, but their transactional confirmations (password reset for shop app) do — audit those separately.
Gorgias / Zendesk / Shopify Inbox: support replies are a different domain path again. Ifsupport@yourstore.com is sending through Gorgias, add Gorgias's SPF and DKIM.

Testing against the 20-provider wall

Shopify's "Send test" button sends to one mailbox. That is useful for layout. It tells you nothing about placement. The only honest measure is a seed test across Gmail, Outlook, Yahoo, iCloud, Mail.ru, Yandex, GMX, ProtonMail — the mailboxes your actual customers use.

Free inbox placement for Shopify

Run a test after every template change. 20+ seed mailboxes, real screenshots, SPF/DKIM/DMARC verdict per provider.

→ Run Free Test · → Join the Shopify app beta

FAQ

Can I use a dedicated SMTP relay for Shopify order emails?

Not for the native notification flow. You can use Shopify Flow to trigger a webhook and send via Postmark or SendGrid, but that is a parallel system and you lose Shopify's variable substitution.

Why does Gmail still show 'via shopifyemail.com' after I changed sender email?

Because you changed the header From only. The envelope MAIL FROM is still shopifyemail.com until you authenticate. Add the SPF include and DKIM CNAMEs, verify green, and the via goes away.

Do I need DMARC on a Shopify store?

Strictly speaking no, but Gmail/Yahoo bulk sender rules now expect it, and publishing even p=none improves placement. Tighten to quarantine once alignment is clean.

Can Shopify show me bounce logs?

No. Shopify silently suppresses hard-bounced addresses and does not expose per-message delivery logs. To get that visibility, move the email stream to Klaviyo or a custom Flow + relay setup.

Shopify email: what admins can and can't control