DNS record setup not working (SPF, DKIM, DMARC)
Step-by-step troubleshooting for DNS authentication records:
- Propagation delay — DNS changes can take 24-48 hours to take effect globally. If you just added records, wait and re-check.
2) SPF record issues:
- Only ONE SPF record per domain is allowed. If you have multiple, merge them into one.
- Format: v=spf1 include:_spf.google.com include:other.provider.com ~all
- Check at: MXToolbox SPF Lookup or dig TXT yourdomain.com
- Common mistake: Adding a second SPF record instead of editing the existing one.
3) DKIM record issues:
- DKIM records are usually CNAME or TXT records at a specific subdomain (e.g., google._domainkey.yourdomain.com).
- The record name and value are provided by your email provider — use their exact values.
- Common mistake: Adding the record to the wrong subdomain or including extra characters.
4) DMARC record issues:
- DMARC goes at _dmarc.yourdomain.com as a TXT record.
- Start with: v=DMARC1; p=none; rua=mailto:[email protected]
- The 'p=none' setting is monitor-only (recommended for start).
- Common mistake: Missing the underscore in _dmarc.
5) Verification in WarmySender:
- Go to Analytics > Mailboxes to see SPF/DKIM/DMARC status per domain.
- Green checkmark = configured correctly.
- Red X = missing or misconfigured — hover for details.
6) Still failing?
• Flush DNS cache: nslookup -type=txt yourdomain.com 8.8.8.8
• Check your DNS provider did not add extra quotes around TXT values.
• Verify you are editing the correct domain (not a subdomain).
• Contact your DNS provider support if records appear correct but still fail verification.