At Rentman the service used to send emails is Mailgun. Mailgun is specialized in the maintenance and the spam-reputation of email servers.
For the domain verification there are two records added to the DNS settings of a domain:
- SPF - Mailgun explanation
- DKIM - Mailgun explanation
These two records communicate to the spam filters: “It is alright that this server (Mailgun) is sending emails using an email address with this domain.”
Rules about SPF for mailgun:
- There is only one record per (sub)domain
- It is a TXT record that starts with:
v=spf1
and ends with-all
,+all
,~all
, or?all
- The SPF record should include:
include:mailgun.org
.
Test if SPF record is correct
Note: when changing DNS records, the changes may not be visible immediately. At most, it may take up to 24 hours for the changes to propagate to DNS servers across the world.
To test if the SPF records are correctly set up complete the following steps:
- Go to: https://mxtoolbox.com/spf.aspx
- Enter your domain in the search box and leave IP empty
- Press the "SPF Record Lookup" button
If the SPF records are set up correctly, you should see the following:
The table on the page should contain at least one row with identical to the row highlighted in green above (description can vary).
Each row should have a green check.
Most common errors relating to SPF records
Multiple SPF records for your domain
To fix this error the two records need to be merged:
Merge record 1:
v=spf1 a mx ip4:121.123.123.123 include:spf.protection.outlook.com -all
with record 2:
v=spf1 include:mailgun.org -all
Together, they should look like this:
v=spf1 a mx ip4:121.123.123.123 include:spf.protection.outlook.com include:mailgun.org -all
The SPF record is not set for the right (sub) domain (The host is incorrect)
Make sure the host
(sometimes called name
) field has one of the following values. These depend on the DNS host:
@
- the full domain itself:
yourdomain.com
orsub.yourdomain.com
- empty
The end result should be that the record is placed under the preferred domain you will be sending from. A subdomain is also allowed.
There are double quotes in the value
Sometimes the DNS host requires to add quotes to the value
part of the DNS records, sometimes they don’t.
Please try both.
There is a typo in the value
While this seems obvious, please check if there is not a typo in the SPF record. For example: include:mailgun.org>
or include:mailgun.com
Rules about DKIM Records
Please note that when changing DNS records, this can take a while till they are propagated to all DNS servers all over the world. So it might be the case that the changes are not visible directly.
-
It is a
TXT
type record placed under a subdomain:xxxx._domainkey.yourdomain.com
wherexxxx
is a custom name, called the "selector". -
There can be only a single DKIM record for the supplied selector.
-
You can have multiple DKIM records but they have to be on a different selector.
-
They start with
k=rsa; p=(lots of characters)…
-
The value is unique for each domain.
-
The value is generated by Mailgun and therefore has to be provided after adding the domain to Mailgun
Test if DKIM records are correct
- Go to: https://mxtoolbox.com/dkim.aspx
- Enter your domain in the Domain name field
- Enter the selector in the Selector field. The selector is the part before
._domainkey.yourdomain.com
provided in the setup instruction, for example:smtp
ormailo
- Press the "DKIM Lookup" button
It should look like this, if the DKIM records are correct:
Make sure each row has a green check.
Most common errors relating to DKIM records
There are multiple DKIM records for the same selector
In the rare case the selector is already used by another service. Please contact Rentman to ask for a different selector.
There are double quotes in the value
Sometimes the DNS host requires to add quotes to the value part of the DNS records, sometimes they don’t, and if you then provide them, this will result in double quotes.
There is a typo in the domain name or value of the DKIM record
Although this seems obvious, please check if both the selector as well as the record provided in the instructions match the entered details.
You have entered an incorrect value in the “host/name” field (record is not found)
Many DNS hosts only require you to enter selector._domainkey
as the TXT record name instead of the full domain, as they automatically added your domain to the end. If this is the case with your host, and you've entered the full domain, your TXT record name will actually be selector._domainkey.yourdomain.com.yourdomain.com
instead of the intended selector._domainkey.yourdomain.com
In this case, the DKIM is in the wrong place, and both Mailgun as well as the MXToolbox checker will think the record is not there.
Special cases
Mailgun can only verify that domain once, so if Rentman wants to use it, it cannot be used for anything else (e.g. website or different SaaS product) together with Mailgun. The solution then is to use a subdomain for verification.
Let's say your domain is: yourdomain.com
. You can then verify the domain: .yourdomain.com
with Mailgun. In that case you can still email from addresses like: johndoe@yourdomain.com
without the email ending up in a spam filter.
To make this possible you provide rentman.yourdomain.com
as your domain name.
This will have the following consequences:
- The SPF record should then have the host/name:
rentman
(orrentman.yourdomain.com
for some DNS hosts). - The DKIM record should then added with host/name value
selector._domainkey.rentman
(orselector._domainkey.rentman.yourdomain.com
for some DNS hosts).
Using a specific subdomain for Rentman will always work. However, it is more complicated to set up; therefore, Rentman does not do this by default.