Failed to verify domain on Mailgun

October 16, 2013 35.8k views
I can't seem to get verified on mailgun.com due to the two TXT DNS records. I have added double quotes for the value fields. The other records (CNAME and MX) are fine.
1 comment
10 Answers
This had me stumped at first, too.

In addition to putting the values in double-quotes, what solved it for me was using @ as the hostname for the first record (instead of the full domain name, as indicated by Mailgun) and for the second, smtp._domainkey instead of smtp._domainkey.yourdomain.com.
  • This worked! I had to use the @ sign and I had to drop the .yourdomain.com, just as described by lukas.white.

  • Thank you so much for what you posted. This solved it for me as well.

  • The fix for the first TXT record (using @) works, but the second does not. Also, when I switch to using smtp._domainkey instead of krs._domainkey for the second TXT record (as instructed in the "Domain Verification & DNS" section on mailgun), the first TXT no longer works.

    The change for the first fix occurred instantly, so I'll leave it with krs._domainkey for 48 hours to see if it decides to change its mind.

    Thanks for the help!

Put the TXT values in " (double quotes), this should fix the problem.
DNS records can take up to 48 hours to propagate through the Internet. What are the TXT records you needed to add?
Faced the same problem, will see if this is fixing it. Also I noticed, the only way to edit your values is to press enter, there is no button to invoke the save process. This is a feautre you should really add in a future release of the front end.

Also you need to drop the domain name from the cname entry for tracking clicks. From this: email.<your domain> to just email. That validated for me as well where as it had not before. Yes, they need to update their docs.

After reading the above discussion, I still find this confusing to follow. Is there someone who can verify the following? If it's wrong, please leave an example of what works so that anyone else who comes here gets a clear explanation. For example, should I be dropping the domain name from the cname entry?

TXT my.domain.com "v=spf1 include:mailgun.org ~all"
TXT pic._domainkey.my.domain.com "k=rsa; p=165CHARACTERPASSWORDSTRING"
CNAME email.my.domain.com mailgun.org
  • Here's a table showing what finally worked for me. The discussion above was very helpful, but below the table, I note the other tweaks I had to make. Other syntaxes may well work. I am just reporting what worked for me. Also, some of the stuff I'm writing may have just been obvious to others, but I hope this helps someone else going through this process for the first time.


    A @ 123.45.678.901
    TXT @ "v=spf1 include:mailgun.org ~all"
    TXT pic._domainkey "k=rsa; p=165CHARACTERPASSWORDSTRING"
    CNAME email mailgun.org.
    NS ns1.digitalocean.com
    NS ns2.digitalocean.com
    NS ns3.digitalocean.com

    A: my.domain.com is the subdomain that I registered at mailgun. 123.45.678.901 is the IP address provided by mailgun (i.e. not the IP address of my DO droplet)

    TXT (spf1): entering my.domain.com produced my.domain.com.my.domain.com in the zone file at the bottom. Entering @ produced just my.domain.com. (note trailing dot), which validated. The quotes around the value were necessary.

    TXT (pic): Had to enter just pic.domainkey (no trailing dot) to produce pic.domainkey.my.domain.com in the zone file.

    CNAME: email (no dot) mailgun.org. (note trailing dot)

    With a turn-around up to 48 hours to see if the changes had propagated and were verified at mail gun, several steps of tweaking and waiting to see if it validated took quite a while. However, the printout of the zone file at the bottom of the digital ocean dns page was very helpful. When I finally got it to report back the fields as stated by mailgun, then it validated fairly quickly after that.

    • Why do you have "pic.domainkey" ? For me they say to put "krs.domainkey"..
      Should I replace _domainkey with something specific or its this exact string?

      Could you post your zone file with private things left out or *****ed?

      • Here's my zone file.

        $ORIGIN my.subdomain.my.domain.com.
        $TTL 1800
        my.subdomain.my.domain.com. IN SOA ns1.digitalocean.com. hostmaster.my.subdomain.my.domain.com. #### a bunch of numbers here ###
        my.subdomain.my.domain.com. 1800 IN NS ns1.digitalocean.com.
        my.subdomain.my.domain.com. 1800 IN NS ns2.digitalocean.com.
        my.subdomain.my.domain.com. 1800 IN NS ns3.digitalocean.com.
        my.subdomain.my.domain.com. 1800 IN A #### IP address here ####

        Unfortunately, I have no idea what pic._domainkey means in the txt entry, although I believe I entered that exact string when registering. I'm sorry I can't be more helpful, but I do not have a very high level understanding of the process, so just followed directions and kept tweaking things until it worked. If someone knows a tutorial that would explain the relationships among the various components in this process, that would be very helpful.

    • Thanks for the heads up at looking at the produced zone file at the bottom. In my case, the problem I had was that I registered a mail subdomain (e.g., mail.company.com) with Mailgun but was creating the records for company.com (not mail.company.com). Instead of creating a mail.company.com domain I entered the records as follows (taking from your example):


      A @ 123.45.678.901
      TXT mail "v=spf1 include:mailgun.org ~all"
      TXT pic._domainkey.mail "k=rsa; p=165CHARACTERPASSWORDSTRING"
      CNAME email.mail mailgun.org.
      NS ns1.digitalocean.com
      NS ns2.digitalocean.com
      NS ns3.digitalocean.com

      Thankfully it only took a few minutes before these changes took effect and were verified by Mailgun.

      • Shane, briliant, thanks for sharing! This is exactly what worked for me after all the other guidance failed to solve the problem.

I try all the methods described above...without success.

@GabrielM I would double check what the actual zone file shows in the area underneath where you enter DNS changes . Also make sure to use " on the pic._domainkey

  • Hi! i have same problem with 2nd txt record.
    This my zone file.

    forodiablo.com.ar. 1800 IN A IP here
    www.forodiablo.com.ar. 1800 IN CNAME forodiablo.com.ar.
    *.forodiablo.com.ar. 1800 IN CNAME forodiablo.com.ar.
    forodiablo.com.ar. 1800 IN TXT "v=spf1 include:mailgun.org ~all"
    pic._domainkey.mail.forodiablo.com.ar. 1800 IN TXT "k=rsa; Code here"
    email.forodiablo.com.ar. 1800 IN CNAME mailgun.org.
    forodiablo.com.ar. 1800 IN MX 10 mxa.mailgun.org.
    forodiablo.com.ar. 1800 IN MX 10 mxb.mailgun.org.

    Can anybody help me?

To add my answer:

I added the following records - including the quotes:

Name Text
example.com "v=spf1 include:mailgun.org ~all"
krs._domainkey "k=rsa;

@ | "v=spf1 include:mailgun.org ~all"

I think that just the first two are needed, but now that it is working I'm not editing.

*how to add rows to the table in this editor?

Have another answer? Share your knowledge.