Why do I need to verify my domain?
Mail250 needs Domain verification for two foremost reasons. First, it verifies that you are the owner of the domain, blocking unauthorized senders from using your domain in our platform. Second, the SPF and DKIM records authorize our SMTP servers to send on behalf of your domain. This improves your deliverability with your recipients.
DNS records can be a bit tricky but with a few best practices, proper DNS query tools, and a little patience, working with DNS can be a breeze.
I created my records, but Mail250 does not see them.
It is good practice to always double check your DNS record changes via a local and public query. Local queries can be performed using built-in utilities like dig (Linux/Unix) and nslookup (Windows)
Verify via Dig – The syntax for dig is: dig -t <record type> <hostname>
dig -t TXT domain.tld ; <<>> DiG 9.8.3-P1 <<>> -t TXT domain.tld ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64695 ;; QUESTION SECTION: ;domain.tld. IN TXT ;; ANSWER SECTION: domain.tld. 600 IN TXT "v=spf1 include:_spf.username-d2353.swp23.com ~all"
Verify via Nslookup – The syntax for nslookup is: nslookup -q=<record type> <hostname>
nslookup -q=TXT domain.tld Server: 18.104.22.168 Address: 22.214.171.124#53 Non-authoritative answer: domain.tld text = "v=spf1 include:_spf.username-d2353.swp23.com ~all"
In some instances, there may be a local DNS server inside your network that will take preference over public queries. Even if you don’t have a local DNS server, we suggest making a secondary public query for your domain. One great tool is What’s My DNS. What’s My DNS will query multiple servers around the globe to best gauge the propagation of your changes.
Enter your hostname and select the record type.
- If the correct value is returned, congratulations the record was successfully created.
- If you are not seeing the correct value or all red X’s, then there’s something wrong, review and correct the DNS records.
The DKIM record is verified, but SPF is not
With situations like these, there are a couple of things to verify.
- There can only be 1 SPF record per hostname. If your hostname has more than 1 SPF record, the records will need to be merged into a single value.
dig -t TXT domain.tld "v=spf1 include:_spf.username-d2353.swp23.com ~all" "v=spf1 ip4:126.96.36.199 include:smtp.domain.tld ~all"
The new value would be: v=spf1 ip4:188.8.131.52 include:smtp.domain.tld include:_spf.username-d2353.swp23.com ~all
- With hostnames that have a CNAME and any other record type (i.e. TXT, A, etc), the CNAME will take precedence.
dig domain.tld domain.tld. 300 IN CNAME mail250.com domain.tld. 300 IN TXT "v=spf1 include:_spf.username-d2353.swp23.com ~all"
To resolve this, the CNAME would need to be removed from the hostname or another sending subdomain would need to be used with the Mail250 account.
The records are resolving, but Mail250 still says that the domain is “Unverified” Depending on the DNS hosting provider, the records can take up to 24-48 hours to fully propagate. A manual verification can be attempted if 24 hours have already passed, the records are confirmed correct via local and public queries.