- My DNS records aren’t validating
- Where is my domain hosted?
- Can I authenticate multiple domains?
- Domain authentication application logic
After you add your CNAME, TEXT or MX records to your DNS host, you need to validate them in the SendGrid UI. If your DNS records aren’t validating, try these steps:
Some DNS providers take longer than others to update your DNS records with the CNAME files or TEXT and MX files that we ask you to add. Give it up to 48 hours to validate.
Some DNS hosts will automatically add your top-level domain to the end of DNS records you create, which can turn a CNAME for “email.domain.com” into “email.domain.com.domain.com”.
Be sure to follow the convention on existing records in your DNS panel when adding new ones, as sometimes you will only need to add what is to the left of the top-level domain.
For example, a CNAME for “email.” becomes “email.domain.com”
If you get an error like this, the problem is that the text record has been split up. The solution is to combine the key back together into one set of quotes, which looks something like this:
Some DNS providers don’t automatically prevent you from duplicating a DNS file. For example, there might be an MX and TEXT record where you are trying to set up a CNAME file. If your DNS files aren’t validating, check to make sure there are no other DNS records that could be a duplication.
SendGrid requires underscores for sender authentication, but some DNS providers do not support underscores in zone file entries.
If your provider does not allow you to use underscores in zone files, consider changing your DNS hosting provider.
You can also disable automated security - this allows you to set up TXT and CX records that don’t have underscores. For more information about setting up automated security, see Using automated security.
Sometimes there is no other option but to manually validate your DNS records. This can be caused by certain DNS providers or by customizations you add to your records.
To manually validate you DNS files:
To validate a DNS record manually, use the Unix command
DIG. These examples use Terminal on a Mac platform.
These tables show specific validations. If the ANSWER section of the dig return is empty, that usually means that either the record does not exist or has yet to propagate.
|dig cname sub.domain.com||CNAME||u123456.wl.sendgrid.net|
|dig cname s1._domainkey.sub.domain.com||CNAME||s1.domainkey.u123456.wl.sendgrid.net|
|dig cname s2._domainkey.domain.com||CNAME||s2.domainkey.u123456.wl.sendgrid.net|
|dig mx sub.domain.com||MX||mx.sendgrid.net|
|dig txt m1._domainkey.sub.domain.com||TXT||k=rsa; t=s; p=MIGfMA0GC…|
|dig txt sub.domainkey.domain.com||TXT||v=spf1 include:sendgrid.net ~all|
|dig cname links.domain.com||CNAME||sendgrid.net|
|dig cname 123456.domain.com||CNAME||sendgrid.net|
|dig a o1.default.domain.com||A||18.104.22.168 (your SendGrid IP address)|
You can also use the DNSLookup tool provided by MxToolbox: enter the record you would like to check, and hit enter.
If you can successfully verify your DNS changes manually, but it won’t validate in the tool, contact Support, and we can help you investigate.
If you aren’t sure what DNS provider hosts your domain use this command to find out:
Yes, it’s possible to authenticate multiple domains. When multiple authenticated domains exist on your account, SendGrid will use the from address for each email you send through SendGrid and match it to a domain and branded link. If the from address does not match an existing authenticated domain, SendGrid will fall back to the domain you have chosen as the default.
Run through the application logic to understand why your sent emails may not be using
SendGrid.net instead of the domain you authenticated.
If SendGrid cannot match your email to a valid authenticated domain,
SendGrid.net is used.
For any account, SendGrid attaches authenticated domain information in the following order, starting at the top of the list and applying the domain when the criteria are matched:
- Valid authenticated domain that matches the domain in the FROM address.
- Valid default authenticated domain.
If no valid authenticated domains can be found, your mail domain defaults to sendgrid.net.
For subusers, SendGrid attaches authenticated domain information in the following order, starting at the top of the list and applying the domain when the criteria are matched:
- Authenticated domain for this subuser that matches the domain in the FROM address.
- Default authenticated domain for this subuser.
- Authenticated domain assigned by the parent account to this subuser.
If no valid authenticated domains can be found, the sending domain defaults to sendgrid.net.