After you add your CNAME, TEXT or MX records to your DNS host, you need to validate them in the SendGrid UI. If your DNS records aren't validating, try these steps:
Some DNS providers take longer than others to update your DNS records with the CNAME files or TEXT and MX files that we ask you to add. Give it up to 48 hours to validate.
Some DNS hosts will automatically add your top-level domain to the end of DNS records you create, which can turn a CNAME for “email.domain.com” into “email.domain.com.domain.com”.
Be sure to follow the convention on existing records in your DNS panel when adding new ones, as sometimes you will only need to add what is to the left of the top-level domain.
For example, a CNAME for “email.” becomes “email.domain.com”
Error validating domain:
Expected TXT record at "m1._domainkey.example.com" to match "k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHLyl8Wk4J06nv56v5+OeEgp9LW3f/""LOlBjWJ9NS4l9X5UlbPJkKeHDXThTig2CxhVuKmIVvRcc9yJ27Tdthj1C1q0rvRtFpNlHbdrJvD8wpxe5rmFeiRPH1KUYbvtbs84aApMwN6Y3A0dgQE7vGkHnPTjwT7q/xv3mu2CvkVntQIDAQAB", but got the following error: lookup m1._domainkey.example.com: no such hostIf you get an error like this, the problem is that the text record has been split up. The solution is to combine the key back together into one set of quotes, which looks something like this:
"k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHLyl8Wk4J06nv56v5+OeEgp9LW3f/LOlBjWJ9NS4l9X5UlbPJkKeHDXThTig2CxhVuKmIVvRcc9yJ27Tdthj1C1q0rvRtFpNlHbdrJvD8wpxe5rmFeiRPH1KUYbvtbs84aApMwN6Y3A0dgQE7vGkHnPTjwT7q/xv3mu2CvkVntQIDAQAB"Some DNS providers don't automatically prevent you from duplicating a DNS file. For example, there might be an MX and TEXT record where you are trying to set up a CNAME file. If your DNS files aren't validating, check to make sure there are no other DNS records that could be a duplication.
SendGrid requires underscores for sender authentication, but some DNS providers do not support underscores in zone file entries.
If your provider does not allow you to use underscores in zone files, consider changing your DNS hosting provider.
You can also disable automated security - this allows you to set up TXT and CX records that don't have underscores. For more information about setting up automated security, see Using automated security.
Sometimes there is no other option but to manually validate your DNS records. This can be caused by certain DNS providers or by customizations you add to your records.
To manually validate you DNS files:
To validate a DNS record manually, use the Unix command DIG. These examples use Terminal on a Mac platform.
These tables show specific validations. If the ANSWER section of the dig return is empty, that usually means that either the record does not exist or has yet to propagate.
Examples:
| Command | Type | ANSWER |
|---|---|---|
| dig cname sub.domain.com | CNAME | u123456.wl.sendgrid.net |
| dig cname s1._domainkey.sub.domain.com | CNAME | s1.domainkey.u123456.wl.sendgrid.net |
| dig cname s2._domainkey.domain.com | CNAME | s2.domainkey.u123456.wl.sendgrid.net |
| Command | Type | ANSWER |
|---|---|---|
| dig mx sub.domain.com | MX | mx.sendgrid.net |
| dig txt m1._domainkey.sub.domain.com | TXT | k=rsa; t=s; p=MIGfMA0GC... |
| dig txt sub.domainkey.domain.com | TXT | v=spf1 include:sendgrid.net ~all |
| Command | Type | ANSWER |
|---|---|---|
| dig cname links.domain.com | CNAME | sendgrid.net |
| dig cname 123456.domain.com | CNAME | sendgrid.net |
| Command | Type | ANSWER |
|---|---|---|
| dig a o1.default.domain.com | A | 12.34.56.78 (your SendGrid IP address) |
You can also use the DNSLookup tool provided by MxToolbox: enter the record you would like to check, and hit enter.
If you can successfully verify your DNS changes manually, but it won't validate in the tool, contact Support, and we can help you investigate.
If you aren't sure what DNS provider hosts your domain use this command to find out:
dig <<your_domain.com>> nsYes, it’s possible to authenticate multiple domains. When multiple authenticated domains exist on your account, SendGrid will use the from address for each email you send through SendGrid and match it to a domain and branded link. If the from address does not match an existing authenticated domain, SendGrid will fall back to the domain you have chosen as the default.
Run through the application logic to understand why your sent emails may not be using SendGrid.net instead of the domain you authenticated.
If SendGrid cannot match your email to a valid authenticated domain, SendGrid.net is used.
For any account, SendGrid attaches authenticated domain information in the following order, starting at the top of the list and applying the domain when the criteria are matched:
If no valid authenticated domains can be found, your mail domain defaults to sendgrid.net.
For subusers, SendGrid attaches authenticated domain information in the following order, starting at the top of the list and applying the domain when the criteria are matched:
If no valid authenticated domains can be found, the sending domain defaults to sendgrid.net.
Get additional onboarding support. Save time, increase the quality of your sending, and feel confident you are set up for long-term success with SendGrid Onboarding Services.
Check out this Academy Course to access actionable tips on how to build trust with mailbox providers and ensure your authentication is set up correctly.
Go To Course →Let us know how we’re doing! Please rate this page:
If you have a question that needs an answer, please contact support. Otherwise, please open an issue in our GitHub! Thanks for helping us improve our docs!