Failed to verify domain on Mailgun

October 16, 2013 38.1k views
I can't seem to get verified on due to the two TXT DNS records. I have added double quotes for the value fields. The other records (CNAME and MX) are fine.
1 comment
11 Answers
This had me stumped at first, too.

In addition to putting the values in double-quotes, what solved it for me was using @ as the hostname for the first record (instead of the full domain name, as indicated by Mailgun) and for the second, smtp._domainkey instead of
  • This worked! I had to use the @ sign and I had to drop the, just as described by lukas.white.

  • Thank you so much for what you posted. This solved it for me as well.

  • The fix for the first TXT record (using @) works, but the second does not. Also, when I switch to using smtp._domainkey instead of krs._domainkey for the second TXT record (as instructed in the "Domain Verification & DNS" section on mailgun), the first TXT no longer works.

    The change for the first fix occurred instantly, so I'll leave it with krs._domainkey for 48 hours to see if it decides to change its mind.

    Thanks for the help!

  • Thanks, I use GoDaddy and it worked for me too

Put the TXT values in " (double quotes), this should fix the problem.
DNS records can take up to 48 hours to propagate through the Internet. What are the TXT records you needed to add?
Faced the same problem, will see if this is fixing it. Also I noticed, the only way to edit your values is to press enter, there is no button to invoke the save process. This is a feautre you should really add in a future release of the front end.

Also you need to drop the domain name from the cname entry for tracking clicks. From this: email.<your domain> to just email. That validated for me as well where as it had not before. Yes, they need to update their docs.

After reading the above discussion, I still find this confusing to follow. Is there someone who can verify the following? If it's wrong, please leave an example of what works so that anyone else who comes here gets a clear explanation. For example, should I be dropping the domain name from the cname entry?

TXT "v=spf1 ~all"
  • Here's a table showing what finally worked for me. The discussion above was very helpful, but below the table, I note the other tweaks I had to make. Other syntaxes may well work. I am just reporting what worked for me. Also, some of the stuff I'm writing may have just been obvious to others, but I hope this helps someone else going through this process for the first time.

    A @ 123.45.678.901
    TXT @ "v=spf1 ~all"
    TXT pic._domainkey "k=rsa; p=165CHARACTERPASSWORDSTRING"
    CNAME email

    A: is the subdomain that I registered at mailgun. 123.45.678.901 is the IP address provided by mailgun (i.e. not the IP address of my DO droplet)

    TXT (spf1): entering produced in the zone file at the bottom. Entering @ produced just (note trailing dot), which validated. The quotes around the value were necessary.

    TXT (pic): Had to enter just pic.domainkey (no trailing dot) to produce in the zone file.

    CNAME: email (no dot) (note trailing dot)

    With a turn-around up to 48 hours to see if the changes had propagated and were verified at mail gun, several steps of tweaking and waiting to see if it validated took quite a while. However, the printout of the zone file at the bottom of the digital ocean dns page was very helpful. When I finally got it to report back the fields as stated by mailgun, then it validated fairly quickly after that.

    • Why do you have "pic.domainkey" ? For me they say to put "krs.domainkey"..
      Should I replace _domainkey with something specific or its this exact string?

      Could you post your zone file with private things left out or *****ed?

      • Here's my zone file.

        $TTL 1800 IN SOA #### a bunch of numbers here ### 1800 IN NS 1800 IN NS 1800 IN NS 1800 IN A #### IP address here ####

        Unfortunately, I have no idea what pic._domainkey means in the txt entry, although I believe I entered that exact string when registering. I'm sorry I can't be more helpful, but I do not have a very high level understanding of the process, so just followed directions and kept tweaking things until it worked. If someone knows a tutorial that would explain the relationships among the various components in this process, that would be very helpful.

    • Thanks for the heads up at looking at the produced zone file at the bottom. In my case, the problem I had was that I registered a mail subdomain (e.g., with Mailgun but was creating the records for (not Instead of creating a domain I entered the records as follows (taking from your example):

      A @ 123.45.678.901
      TXT mail "v=spf1 ~all"
      TXT pic._domainkey.mail "k=rsa; p=165CHARACTERPASSWORDSTRING"
      CNAME email.mail

      Thankfully it only took a few minutes before these changes took effect and were verified by Mailgun.

      • Shane, briliant, thanks for sharing! This is exactly what worked for me after all the other guidance failed to solve the problem.

I try all the methods described above...without success.

@GabrielM I would double check what the actual zone file shows in the area underneath where you enter DNS changes . Also make sure to use " on the pic._domainkey

  • Hi! i have same problem with 2nd txt record.
    This my zone file. 1800 IN A IP here 1800 IN CNAME
    * 1800 IN CNAME 1800 IN TXT "v=spf1 ~all" 1800 IN TXT "k=rsa; Code here" 1800 IN CNAME 1800 IN MX 10 1800 IN MX 10

    Can anybody help me?

To add my answer:

I added the following records - including the quotes:

Name Text "v=spf1 ~all"
krs._domainkey "k=rsa;

@ | "v=spf1 ~all"

I think that just the first two are needed, but now that it is working I'm not editing.

*how to add rows to the table in this editor?

Also for pic._domainkey, REMOVE ALL SPACES. This thread is a goldmine! thanks everyone!

Have another answer? Share your knowledge.