Failed to verify domain on Mailgun

October 16, 2013 44.1k views
tianbo
By:
tianbo
I can't seem to get verified on mailgun.com due to the two TXT DNS records. I have added double quotes for the value fields. The other records (CNAME and MX) are fine.
1 comment
Log In to Comment
12 Answers
lukas.white March 27, 2014
This had me stumped at first, too.

In addition to putting the values in double-quotes, what solved it for me was using @ as the hostname for the first record (instead of the full domain name, as indicated by Mailgun) and for the second, smtp._domainkey instead of smtp._domainkey.yourdomain.com.
Reply
  • brad.mccormick September 19, 2014

    This worked! I had to use the @ sign and I had to drop the .yourdomain.com, just as described by lukas.white.

  • Noob August 13, 2015

    Thank you so much for what you posted. This solved it for me as well.

  • tdkohlbeck October 21, 2015

    The fix for the first TXT record (using @) works, but the second does not. Also, when I switch to using smtp._domainkey instead of krs._domainkey for the second TXT record (as instructed in the "Domain Verification & DNS" section on mailgun), the first TXT no longer works.

    The change for the first fix occurred instantly, so I'll leave it with krs._domainkey for 48 hours to see if it decides to change its mind.

    Thanks for the help!

  • buhafran June 6, 2018

    Thanks, I use GoDaddy and it worked for me too

  • pikitgb September 18, 2018

    Thank you really save my day!

info272244 October 18, 2013
Put the TXT values in " (double quotes), this should fix the problem.
Reply
pablo October 16, 2013
DNS records can take up to 48 hours to propagate through the Internet. What are the TXT records you needed to add?
Reply
nottinhill November 4, 2013
Faced the same problem, will see if this is fixing it. Also I noticed, the only way to edit your values is to press enter, there is no button to invoke the save process. This is a feautre you should really add in a future release of the front end.
Reply
martinelli January 6, 2015

Also you need to drop the domain name from the cname entry for tracking clicks. From this: email.<your domain> to just email. That validated for me as well where as it had not before. Yes, they need to update their docs.

Reply
mattgreenwolfe May 29, 2015

After reading the above discussion, I still find this confusing to follow. Is there someone who can verify the following? If it's wrong, please leave an example of what works so that anyone else who comes here gets a clear explanation. For example, should I be dropping the domain name from the cname entry?

RECORD TYPE NAME VALUE
TXT my.domain.com "v=spf1 include:mailgun.org ~all"
TXT pic._domainkey.my.domain.com "k=rsa; p=165CHARACTERPASSWORDSTRING"
CNAME email.my.domain.com mailgun.org
Reply
  • mattgreenwolfe June 1, 2015

    Here's a table showing what finally worked for me. The discussion above was very helpful, but below the table, I note the other tweaks I had to make. Other syntaxes may well work. I am just reporting what worked for me. Also, some of the stuff I'm writing may have just been obvious to others, but I hope this helps someone else going through this process for the first time.

    my.domain.com

    RECORD TYPE NAME VALUE
    A @ 123.45.678.901
    TXT @ "v=spf1 include:mailgun.org ~all"
    TXT pic._domainkey "k=rsa; p=165CHARACTERPASSWORDSTRING"
    CNAME email mailgun.org.
    NS ns1.digitalocean.com
    NS ns2.digitalocean.com
    NS ns3.digitalocean.com

    A: my.domain.com is the subdomain that I registered at mailgun. 123.45.678.901 is the IP address provided by mailgun (i.e. not the IP address of my DO droplet)

    TXT (spf1): entering my.domain.com produced my.domain.com.my.domain.com in the zone file at the bottom. Entering @ produced just my.domain.com. (note trailing dot), which validated. The quotes around the value were necessary.

    TXT (pic): Had to enter just pic.domainkey (no trailing dot) to produce pic.domainkey.my.domain.com in the zone file.

    CNAME: email (no dot) mailgun.org. (note trailing dot)

    With a turn-around up to 48 hours to see if the changes had propagated and were verified at mail gun, several steps of tweaking and waiting to see if it validated took quite a while. However, the printout of the zone file at the bottom of the digital ocean dns page was very helpful. When I finally got it to report back the fields as stated by mailgun, then it validated fairly quickly after that.

    • treeofkungi November 13, 2015

      Why do you have "pic.domainkey" ? For me they say to put "krs.domainkey"..
      Should I replace _domainkey with something specific or its this exact string?

      Could you post your zone file with private things left out or *****ed?

      • mattgreenwolfe November 14, 2015

        Here's my zone file.

        $ORIGIN my.subdomain.my.domain.com.
        $TTL 1800
        my.subdomain.my.domain.com. IN SOA ns1.digitalocean.com. hostmaster.my.subdomain.my.domain.com. #### a bunch of numbers here ###
        my.subdomain.my.domain.com. 1800 IN NS ns1.digitalocean.com.
        my.subdomain.my.domain.com. 1800 IN NS ns2.digitalocean.com.
        my.subdomain.my.domain.com. 1800 IN NS ns3.digitalocean.com.
        my.subdomain.my.domain.com. 1800 IN A #### IP address here ####

        Unfortunately, I have no idea what pic._domainkey means in the txt entry, although I believe I entered that exact string when registering. I'm sorry I can't be more helpful, but I do not have a very high level understanding of the process, so just followed directions and kept tweaking things until it worked. If someone knows a tutorial that would explain the relationships among the various components in this process, that would be very helpful.

    • shane727310 January 7, 2016

      Thanks for the heads up at looking at the produced zone file at the bottom. In my case, the problem I had was that I registered a mail subdomain (e.g., mail.company.com) with Mailgun but was creating the records for company.com (not mail.company.com). Instead of creating a mail.company.com domain I entered the records as follows (taking from your example):

      company.com

      RECORD TYPE NAME VALUE
      A @ 123.45.678.901
      TXT mail "v=spf1 include:mailgun.org ~all"
      TXT pic._domainkey.mail "k=rsa; p=165CHARACTERPASSWORDSTRING"
      CNAME email.mail mailgun.org.
      NS ns1.digitalocean.com
      NS ns2.digitalocean.com
      NS ns3.digitalocean.com

      Thankfully it only took a few minutes before these changes took effect and were verified by Mailgun.

      • joey.peloquin May 10, 2016

        Shane, briliant, thanks for sharing! This is exactly what worked for me after all the other guidance failed to solve the problem.

GabrielM August 28, 2015

I try all the methods described above...without success.

Reply
yellowlab September 1, 2015

@GabrielM I would double check what the actual zone file shows in the area underneath where you enter DNS changes . Also make sure to use " on the pic._domainkey

Reply
  • gpapasergio February 1, 2016

    Hi! i have same problem with 2nd txt record.
    This my zone file.

    forodiablo.com.ar. 1800 IN A IP here
    www.forodiablo.com.ar. 1800 IN CNAME forodiablo.com.ar.
    *.forodiablo.com.ar. 1800 IN CNAME forodiablo.com.ar.
    forodiablo.com.ar. 1800 IN TXT "v=spf1 include:mailgun.org ~all"
    pic._domainkey.mail.forodiablo.com.ar. 1800 IN TXT "k=rsa; Code here"
    email.forodiablo.com.ar. 1800 IN CNAME mailgun.org.
    forodiablo.com.ar. 1800 IN MX 10 mxa.mailgun.org.
    forodiablo.com.ar. 1800 IN MX 10 mxb.mailgun.org.

    Can anybody help me?

gpapasergio February 1, 2016
[deleted]
Reply
dacgray April 4, 2016

To add my answer:

I added the following records - including the quotes:

Name Text
example.com "v=spf1 include:mailgun.org ~all"
krs._domainkey "k=rsa;

p=165CHARACTERPASSWORDSTRING"
@ | "v=spf1 include:mailgun.org ~all"
krs._domainkey.litecampus.com
"k=rsa; | p=165CHARACTERPASSWORDSTRING"

I think that just the first two are needed, but now that it is working I'm not editing.

*how to add rows to the table in this editor?

Reply
galbanes48 July 8, 2018

Also for pic._domainkey, REMOVE ALL SPACES. This thread is a goldmine! thanks everyone!

Reply
movanet December 29, 2018

Mine is not hosted at digitalocean but Hetzner. This is to CONFIRM that removing the domain name after key string WORKS both on GoDaddy AND Namecheap.

So I only put: krs.domainkey (for my godaddy one, without the domain name)
and mailo.domainkey (for my namecheap one).

Actually mailgun have put them on bold (which I guess it means that we only need to insert the blacked letters but this is not really clear.

Reply
Have another answer? Share your knowledge.