Square Online sends order confirmation emails to our customers from our business email address on our own domain associated with our Square account and there's no way to configure it otherwise. Here's a screenshot of an order confirmation email from our Square Online store:
As you can see, the order confirmation email is sent FROM an email address on our business domain (see screenshot), but it is MAILED-BY promote.weebly.com and SIGNED-BY weebly.com. That means Square Online (weebly.com) is a sending server of emails from an email address on our business domain, so these emails will not pass DMARC unless Square Online (weebly.com) provides DKIM authentication DNS entries for us to add to our domain's DNS settings.
This report confirms that all of the emails sent FROM an email address on our own domain that are MAILED-BY and SIGNED-BY the Weebly server fail DMARC:
This paragraph from Sendgrid, which Square Online uses under the hood for email communication, provides a good explanation of how this is supposed to work so that emails pass DMARC alignment with proper DKIM records in place:
"DKIM employs the concept of a domain owner who controls the DNS records for a domain. When sending email with DKIM enabled, the sending server signs the messages with a private key. A domain owner also adds a DKIM record, which is a modified TXT record, to the DNS records on sending domain. This TXT record will contain a public key that's used by receiving mail servers to verify a message's signature. The DKIM public-key cryptography process allows recipients to be confident of a sender's authenticity."
In this case, Square Online (weebly.com) is the sending server that sends emails from an address on our domain. We are the domain owner that needs to add a DKIM record to the DNS records on our own sending domain, but Square Online must provide us with the record that has the correct public keys. Until Square Online provides this to its sellers, order confirmation emails are likely to be marked as SPAM and we are also prevented from properly implementing a DMARC policy, because doing so would ensure that Square Online order confirmation emails would never be delivered since they're not DMARC-aligned.
Surely someone at Square Online has the technical knowledge to understand this issue and how much of a glaring omission it is that Square Online does not provide DKIM records to its sellers to add to our domain's DNS settings. Please make this a high priority for Square Online or stop sending order confirmation emails from our domain email address and instead send them from a weebly.com email address.