Skip to main content

Troubleshooting - Domain authentication

In this article, we'll provide solutions for common issues that you may encounter when authenticating your domain.

Before you start

Verify if your domain has been authenticated. To learn more, check our dedicated article Authenticate your domain (Brevo code, DKIM, DMARC), section Verify if your domain has been authenticated.

You are trying to authenticate a free email address 

You can only authenticate a domain name you or your business own and control. This means that you cannot authenticate a free email address created with a public email service like Gmail, Yahoo, or AOL.

➡️ To learn more about why you should avoid using a free email address, check our dedicated article Why you shouldn't send from a free email address.

Your DNS records don't match the ones provided by Brevo

Based on your domain host, the values needed to create the DNS records will be different:

Amazon Route 53, Amen, Bluehost, Gandi, GoDaddy, Google Domains, Hostinger, IONOS, OVH, and Wix 

Brevo provides the exact values needed to create the DNS records for these popular domain hosts. When authenticating your domain on these hosts, we recommend you copy and paste the values directly from Brevo to your domain host to avoid typos or format issues.

➡️ To learn more, check our dedicated article Authenticate your domain (Brevo code, DKIM, DMARC).

Other domain hosts

However, if you are authenticating your domain on another domain host than the ones mentioned above, the values provided by Brevo might not be the ones expected by your domain hosts.

➡️ To learn more, check the next section of this article Your domain host has specific format requirements for DNS records.

Your domain host has specific format requirements for DNS records

Some domain hosts have specific format requirements for DNS records that might differ from the values provided by Brevo:

Your domain host doesn't support the @ symbol

When authenticating a domain, some domain hosts may not accept the @ symbol in the hostname field.

➡️ To fix this, try using your domain name or leaving the field empty.

Your domain host requires a dot (.) at the end of the value

Some domain hosts may require a dot at the end of the value. Without this dot, they consider the entire value as a subdomain and automatically add the root domain at the end. For example, if you enter "mail._domainkey.thegreenyoga" without a dot, it might turn it into "mail._domainkey.thegreenyoga.com.thegreenyoga.com", instead of just " instead of just "mail._domainkey.thegreenyoga.com".

➡️ To fix this, add a dot at the end of the hostname, like "mail._domainkey.thegreenyoga.".

Your domain host only expects the subdomain prefix in the hostname

When authenticating a subdomain, some domain hosts may expect only your subdomain prefix in the hostname field and automatically append the root domain. For example, if you enter "send.thegreenyoga.com", it might turn into "send.thegreenyoga.com.thegreenyoga.com".

➡️ To fix this, only include your subdomain prefix in the hostname field, like "send".

Your DNS host doesn't support values longer than 255 characters

Most DNS providers set a maximum limit of 255 characters for their TXT record field. This isn’t a problem when you use the default 1024-bit DKIM key since it can fit within the allowed character limit easily. However, if you use a 2048-bit DKIM key, it can be a problem as it is longer than 255 characters.

You can easily know if you are using the default 1024-bit DKIM key or the 2048-bit DKIM key by checking the value provided in the hostname field of your DKIM record in Brevo:

1024-bit DKIM key (default) 2048-bit DKIM key
mail._domainkey sib2k._domainkey

➡️ To fix this, split your DKIM value into multiple chunks of 255 characters. To make this easy, you can use a DNS record splitter tool:

  1. Go to DNS record splitter.
  2. Insert your DKIM value into the textbox. It will then split your record into two lines.
    authenticate_split_dkim-value_en-us.jpg
  3. Copy and paste the results into a document.
  4. Enclose the two text strings in double quotes.
    authenticate_enclose_dkim-value_en-us.jpg
  5. Copy the enclosed text strings to your domain host as a TXT record.

A TXT record already exists on your domain

Some domain hosts may not allow adding a record with the same type and name twice. This means that if you already have a TXT record on your domain, your domain host may not allow you to add the records provided by Brevo.

➡️ To fix this, add the extra TXT records on your domain below the first one. Here are two examples of how to do it:

Google Domains
  1. Click + Add more to this record below the first TXT record.
  2. Paste the data of the extra record in the new field.

authenticate_google_add_more_en-us.jpg

Amazon Web Services (AWS)

Enter the value of the extra record on a separate line below the first TXT record.

account_authenticate_aws_extra_record_en-us.jpg

Your domain host doesn't allow you to modify your DNS records

Some domain hosts may not let you modify your DNS records yourself. In this case, contact their support team to ask if they can add the DNS records for you.

You haven't clicked the Authenticate this email domain button in Brevo

Once you have added the values to your domain host, make sure you verify that your domain was authenticated by clicking the Authenticate this email domain button as explained in Step 3: Verify if your domain has been authenticated. Note that it can take up to 48 hours for your domain to show as authenticated.

Your DNS records have not propagated yet

Once you have added the DNS records to your domain host, it can take up to 48 hours for the changes to propagate fully. Note that it is not possible for Brevo to speed up this process.

You deleted the DNS records after your domain was authenticated

After adding the DNS records for domain authentication to your domain host, you need to keep them for as long as you are using Brevo to send emails. Deleting these DNS records may lead to email delivery problems or your emails being delivered to the spam folder.

You authenticated your domain, but your emails still end up in the spam folder

Spam filters consider various factors to decide if an email should go to the inbox. Although authenticating your domain helps your sending reputation, it's not a complete solution or a magic fix.

➡️ To learn more, check our dedicated article Why are emails being delivered to the spam folder?.

⏭️ What's next?

If you've followed our troubleshooting tips and are still having issues authenticating your domain, contact our support team and include a screenshot of the DNS records you have added to your domain host.

For domain host-specific requirements, we recommend you reach out to your domain host support.

🤔 Have a question?

If you have a question, feel free to contact our support team by creating a ticket from your account. If you don't have an account yet, you can contact us here.

💬 Was this article helpful?

11 out of 45 found this helpful