Domain verification troubleshooting

At Rentman the service used to send emails is Mailgun. Mailgun is specialized in the maintenance and the spam-reputation of email servers. 

For the domain verification there are two records added to the DNS settings of a domain:

  1. SPF - Mailgun explanation
  2. DKIM - Mailgun explanation 

These two records communicate to the spam filters: “It is alright that this server (Mailgun) is sending emails using an email address with this domain.”

Rules about SPF for mailgun:

  1. There is only one record per (sub)domain
  2. It is a TXT record that starts with: v=spf1 and ends with -all, +all, ~all, or ?all
  3. The SPF record should include: include:mailgun.org

Test if SPF record is correct

Note: when changing DNS records, the changes may not be visible immediately. At most, it may take up to 24 hours for the changes to propagate to DNS servers across the world.

To test if the SPF records are correctly set up complete the following steps:

  1. Go to: https://mxtoolbox.com/spf.aspx
  2. Enter your domain in the search box and leave IP empty
  3. Press the "SPF Record Lookup" button

If the SPF records are set up correctly, you should see the following:

Domain_Verification.png

The table on the page should contain at least one row with identical to the row highlighted in green above (description can vary).

Each row should have a green check.

Most common errors relating to SPF records

Multiple SPF records for your domain

To fix this error the two records need to be merged:

Merge record 1:

v=spf1 a mx ip4:121.123.123.123 include:spf.protection.outlook.com -all

with record 2: 

v=spf1 include:mailgun.org -all

Together, they should look like this:

v=spf1 a mx ip4:121.123.123.123 include:spf.protection.outlook.com include:mailgun.org -all

The SPF record is not set for the right (sub) domain (The host is incorrect) 

Make sure the host (sometimes called name) field has one of the following values. These depend on the DNS host:

  • @
  • the full domain itself: yourdomain.com or sub.yourdomain.com
  • empty

The end result should be that the record is placed under the preferred domain you will be sending from. A subdomain is also allowed.

There are double quotes in the value

Sometimes the DNS host requires to add quotes to the value part of the DNS records, sometimes they don’t.

Please try both.

There is a typo in the value

While this seems obvious, please check if there is not a typo in the SPF record. For example: include:mailgun.org> or include:mailgun.com

 

Rules about DKIM Records

Please note that when changing DNS records, this can take a while till they are propagated to all DNS servers all over the world. So it might be the case that the changes are not visible directly.

  • It is a TXT type record placed under a subdomain: xxxx._domainkey.yourdomain.com where xxxx is a custom name, called the "selector".

     

  • There can be only a single DKIM record for the supplied selector.

     

  • You can have multiple DKIM records but they have to be on a different selector.

     

  • They start with k=rsa; p=(lots of characters)…

     

  • The value is unique for each domain.

     

  • The value is generated by Mailgun and therefore has to be provided after adding the domain to Mailgun

 

Test if DKIM records are correct

  1. Go to: https://mxtoolbox.com/dkim.aspx
  2. Enter your domain in the Domain name field
  3. Enter the selector in the Selector field. The selector is the part before ._domainkey.yourdomain.com provided in the setup instruction, for example: smtp or mailo
  4. Press the "DKIM Lookup" button

It should look like this, if the DKIM records are correct:

unnamed.png

Make sure each row has a green check.

 

Most common errors relating to DKIM records

There are multiple DKIM records for the same selector

In the rare case that the selector is already used by another service. Please contact Rentman to ask for a different selector.

 

There are double quotes in the value

Sometimes the DNS host requires to add quotes to the value part of the DNS records, sometimes they don’t and if you then provide them, this will result in double quotes.

 

There is a typo in the domain name or value of the DKIM record

Although this seems obvious, please check if both the selector as well as the record provided in the instructions match the entered details.

 

You have entered an incorrect value in the “host/name” field (record is not found) 

Many DNS hosts only require you to enter selector._domainkey as the TXT record name instead of the full domain, as they automatically added your domain to the end. If this is the case with your host, and you've entered the full domain, your TXT record name will actually be selector._domainkey.yourdomain.com.yourdomain.com instead of the intended selector._domainkey.yourdomain.com

In this case, the DKIM is in the wrong place and both Mailgun as well as the MXToolbox checker will think the record is not there.

 

Special cases

Mailgun can only verify that domain once, so if Rentman wants to use it, it cannot be used for anything else (e.g. website or different SaaS product) together with Mailgun. The solution then is to use a subdomain for verification.

Let's say your domain is: yourdomain.com. You can then verify the domain: .yourdomain.com with Mailgun. In that case you can still email from addresses like: johndoe@yourdomain.com without the email ending up in a spam filter.

To make this possible you provide rentman.yourdomain.com as your domain name.

This will have the following consequences:

  • The SPF record should then have the host/name: rentman
    (or rentman.yourdomain.com for some DNS hosts).
  • The DKIM record should then added with host/name value selector._domainkey.rentman
    (or selector._domainkey.rentman.yourdomain.com for some DNS hosts)

 

Using a specific subdomain for Rentman will always work. However, it is more complicated to set up therefore Rentman does not do this by default.

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.