Question

Failed to verify domain on Mailgun

Posted October 16, 2013 52.5k views
I can't seem to get verified on mailgun.com due to the two TXT DNS records. I have added double quotes for the value fields. The other records (CNAME and MX) are fine.
Add a comment
tianbo
By:
tianbo
Add a comment
1 comment

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

12 answers
lukas.white March 27, 2014
This had me stumped at first, too.

In addition to putting the values in double-quotes, what solved it for me was using @ as the hostname for the first record (instead of the full domain name, as indicated by Mailgun) and for the second, smtp._domainkey instead of smtp._domainkey.yourdomain.com.
Reply Report
info272244 October 18, 2013
Put the TXT values in " (double quotes), this should fix the problem.
Reply Report
pablo October 16, 2013
DNS records can take up to 48 hours to propagate through the Internet. What are the TXT records you needed to add?
Reply Report
nottinhill November 4, 2013
Faced the same problem, will see if this is fixing it. Also I noticed, the only way to edit your values is to press enter, there is no button to invoke the save process. This is a feautre you should really add in a future release of the front end.
Reply Report
martinelli January 6, 2015

Also you need to drop the domain name from the cname entry for tracking clicks. From this: email.<your domain> to just email. That validated for me as well where as it had not before. Yes, they need to update their docs.

Reply Report
mattgreenwolfe May 29, 2015

After reading the above discussion, I still find this confusing to follow. Is there someone who can verify the following? If it’s wrong, please leave an example of what works so that anyone else who comes here gets a clear explanation. For example, should I be dropping the domain name from the cname entry?

RECORD TYPE NAME VALUE
TXT my.domain.com “v=spf1 include:mailgun.org ~all”
TXT pic._domainkey.my.domain.com “k=rsa; p=165CHARACTERPASSWORDSTRING”
CNAME email.my.domain.com mailgun.org
Reply Report
  • mattgreenwolfe June 1, 2015

    Here’s a table showing what finally worked for me. The discussion above was very helpful, but below the table, I note the other tweaks I had to make. Other syntaxes may well work. I am just reporting what worked for me. Also, some of the stuff I’m writing may have just been obvious to others, but I hope this helps someone else going through this process for the first time.

    my.domain.com

    RECORD TYPE NAME VALUE
    A @ 123.45.678.901
    TXT @ “v=spf1 include:mailgun.org ~all”
    TXT pic._domainkey “k=rsa; p=165CHARACTERPASSWORDSTRING”
    CNAME email mailgun.org.
    NS ns1.digitalocean.com
    NS ns2.digitalocean.com
    NS ns3.digitalocean.com

    A: my.domain.com is the subdomain that I registered at mailgun. 123.45.678.901 is the IP address provided by mailgun (i.e. not the IP address of my DO droplet)

    TXT (spf1): entering my.domain.com produced my.domain.com.my.domain.com in the zone file at the bottom. Entering @ produced just my.domain.com. (note trailing dot), which validated. The quotes around the value were necessary.

    TXT (pic): Had to enter just pic.domainkey (no trailing dot) to produce pic.domainkey.my.domain.com in the zone file.

    CNAME: email (no dot) mailgun.org. (note trailing dot)

    With a turn-around up to 48 hours to see if the changes had propagated and were verified at mail gun, several steps of tweaking and waiting to see if it validated took quite a while. However, the printout of the zone file at the bottom of the digital ocean dns page was very helpful. When I finally got it to report back the fields as stated by mailgun, then it validated fairly quickly after that.

    Reply Report
    • treeofkungi November 13, 2015

      Why do you have “pic.domainkey” ? For me they say to put “krs.domainkey”..
      Should I replace _domainkey with something specific or its this exact string?

      Could you post your zone file with private things left out or *****ed?

      Reply Report
      • mattgreenwolfe November 14, 2015

        Here’s my zone file.

        $ORIGIN my.subdomain.my.domain.com.
        $TTL 1800
        my.subdomain.my.domain.com. IN SOA ns1.digitalocean.com. hostmaster.my.subdomain.my.domain.com. #### a bunch of numbers here ###
        my.subdomain.my.domain.com. 1800 IN NS ns1.digitalocean.com.
        my.subdomain.my.domain.com. 1800 IN NS ns2.digitalocean.com.
        my.subdomain.my.domain.com. 1800 IN NS ns3.digitalocean.com.
        my.subdomain.my.domain.com. 1800 IN A #### IP address here ####

        Unfortunately, I have no idea what pic._domainkey means in the txt entry, although I believe I entered that exact string when registering. I’m sorry I can’t be more helpful, but I do not have a very high level understanding of the process, so just followed directions and kept tweaking things until it worked. If someone knows a tutorial that would explain the relationships among the various components in this process, that would be very helpful.

        Reply Report
    • shane727310 January 7, 2016

      Thanks for the heads up at looking at the produced zone file at the bottom. In my case, the problem I had was that I registered a mail subdomain (e.g., mail.company.com) with Mailgun but was creating the records for company.com (not mail.company.com). Instead of creating a mail.company.com domain I entered the records as follows (taking from your example):

      company.com

      RECORD TYPE NAME VALUE
      A @ 123.45.678.901
      TXT mail “v=spf1 include:mailgun.org ~all”
      TXT pic._domainkey.mail “k=rsa; p=165CHARACTERPASSWORDSTRING”
      CNAME email.mail mailgun.org.
      NS ns1.digitalocean.com
      NS ns2.digitalocean.com
      NS ns3.digitalocean.com

      Thankfully it only took a few minutes before these changes took effect and were verified by Mailgun.

      Reply Report
GabrielM August 28, 2015

I try all the methods described above…without success.

Reply Report
yellowlab September 1, 2015

@GabrielM I would double check what the actual zone file shows in the area underneath where you enter DNS changes . Also make sure to use “ on the pic._domainkey

Reply Report
  • gpapasergio February 1, 2016

    Hi! i have same problem with 2nd txt record.
    This my zone file.

    forodiablo.com.ar. 1800 IN A IP here
    www.forodiablo.com.ar. 1800 IN CNAME forodiablo.com.ar.
    *.forodiablo.com.ar. 1800 IN CNAME forodiablo.com.ar.
    forodiablo.com.ar. 1800 IN TXT “v=spf1 include:mailgun.org ~all”
    pic._domainkey.mail.forodiablo.com.ar. 1800 IN TXT “k=rsa; Code here”
    email.forodiablo.com.ar. 1800 IN CNAME mailgun.org.
    forodiablo.com.ar. 1800 IN MX 10 mxa.mailgun.org.
    forodiablo.com.ar. 1800 IN MX 10 mxb.mailgun.org.

    Can anybody help me?

    Reply Report
gpapasergio February 1, 2016
[deleted]
Reply Report
dacgray April 4, 2016

To add my answer:

I added the following records - including the quotes:

Name Text
example.com “v=spf1 include:mailgun.org ~all”
krs._domainkey “k=rsa;

p=165CHARACTERPASSWORDSTRING”
@ | “v=spf1 include:mailgun.org ~all”
krs._domainkey.litecampus.com
“k=rsa; | p=165CHARACTERPASSWORDSTRING”

I think that just the first two are needed, but now that it is working I’m not editing.

*how to add rows to the table in this editor?

Reply Report
galbanes48 July 8, 2018

Also for pic._domainkey, REMOVE ALL SPACES. This thread is a goldmine! thanks everyone!

Reply Report
movanet December 29, 2018

Mine is not hosted at digitalocean but Hetzner. This is to CONFIRM that removing the domain name after key string WORKS both on GoDaddy AND Namecheap.

So I only put: krs.domainkey (for my godaddy one, without the domain name)
and mailo.domainkey (for my namecheap one).

Actually mailgun have put them on bold (which I guess it means that we only need to insert the blacked letters but this is not really clear.

Reply Report
Submit an Answer

Looking for something else?

Ask a new question Search for more help