How Can We Help?

< Back
You are here:

Why do I need to verify my domain?

Mail250 needs Domain verification for two foremost reasons. First, it verifies that you are the owner of the domain, blocking unauthorized senders from using your domain in our platform. Second, the SPF and DKIM records authorize our SMTP servers to send on behalf of your domain. This improves your deliverability with your recipients.

DNS records can be a bit tricky but with a few best practices, proper DNS query tools, and a little patience, working with DNS can be a breeze.

I created my records, but Mail250 does not see them.

It is good practice to always double check your DNS record changes via a local and public query. Local queries can be performed using built-in utilities like dig (Linux/Unix) and nslookup (Windows)

Verify via Dig – The syntax for dig is: dig -t <record type> <hostname>


dig -t TXT domain.tld 

; <<>> DiG 9.8.3-P1 <<>> -t TXT domain.tld
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64695

;domain.tld. IN TXT

domain.tld. 600 IN TXT "v=spf1 ~all"

Verify via Nslookup – The syntax for nslookup is: nslookup -q=<record type> <hostname>


nslookup -q=TXT domain.tld


Non-authoritative answer:
domain.tld text = "v=spf1 ~all"

In some instances, there may be a local DNS server inside your network that will take preference over public queries. Even if you don’t have a local DNS server, we suggest making a secondary public query for your domain. One great tool is What’s My DNS. What’s My DNS will query multiple servers around the globe to best gauge the propagation of your changes.

Enter your hostname and select the record type.

  • If the correct value is returned, congratulations the record was successfully created.
  • If you are not seeing the correct value or all red X’s, then there’s something wrong, review and correct the DNS records.

The DKIM record is verified, but SPF is not

With situations like these, there are a couple of things to verify.

  • There can only be 1 SPF record per hostname. If your hostname has more than 1 SPF record, the records will need to be merged into a single value.
    • Example:
dig -t TXT domain.tld 
"v=spf1 ~all"
"v=spf1 ip4: include:smtp.domain.tld ~all"

The new value would be: v=spf1 ip4: include:smtp.domain.tld ~all

  • With hostnames that have a CNAME and any other record type (i.e. TXT, A, etc), the CNAME will take precedence.
    • Example:
dig domain.tld
domain.tld.   300 IN CNAME
domain.tld.   300 IN TXT "v=spf1 ~all"

To resolve this, the CNAME would need to be removed from the hostname or another sending subdomain would need to be used with the Mail250 account.

The records are resolving, but Mail250 still says that the domain is “Unverified” Depending on the DNS hosting provider, the records can take up to 24-48 hours to fully propagate. A manual verification can be attempted if 24 hours have already passed, the records are confirmed correct via local and public queries.

Table of Contents