Troubleshooting - Domain authentication (Brevo code, DKIM record, DMARC record)

In this article, we'll provide solutions for common issues that you may encounter when authenticating your domain.

You are trying to authenticate a free email address 

You can only authenticate a domain that you own and have control over. Free email addresses created with public email services like Gmail, Yahoo, or Orange cannot be authenticated. This means that you'll need to purchase your own domain before you can authenticate it.

➡️ To learn more about why you should avoid using a free email address, check our dedicated article Why you need to replace your free email address with a professional one.

Your DNS records don't match the ones provided by Brevo

If you are trying to manually authenticate your domain, the values needed to create the DNS records will be different based on your domain host:

Amazon Route 53, Amen, Bluehost, Gandi, GoDaddy, Google Domains, Hostinger, IONOS, OVH, and Wix 

Brevo provides the exact values needed to create the DNS records for these popular domain hosts. When authenticating your domain on these hosts, we recommend you copy and paste the values directly from Brevo to your domain host to avoid typos or format issues.

➡️ To learn more, check our dedicated article Authenticate your domain (Brevo code, DKIM, DMARC).

Other domain hosts

However, if you are authenticating your domain on another domain host than the ones mentioned above, the values provided by Brevo might not be the ones expected by your domain hosts.

➡️ To learn more, check the next section of this article Your domain host has specific format requirements for DNS records.

Your domain host has specific format requirements for DNS records

Some domain hosts have specific format requirements for DNS records that might differ from the values provided by Brevo:

Your domain host doesn't support the @ symbol

When authenticating a domain, some domain hosts may not accept the @ symbol in the hostname field.

➡️ To fix this, try using your domain name or leaving the field empty.

Your domain host requires a dot (.) at the end of the value

Some domain hosts may require a dot at the end of the value. Without this dot, they consider the entire value as a subdomain and automatically add the root domain at the end. For example, if you enter "mail._domainkey.thegreenyoga" without a dot, it might turn it into "mail._domainkey.thegreenyoga.com.thegreenyoga.com", instead of just " instead of just "mail._domainkey.thegreenyoga.com".

➡️ To fix this, add a dot at the end of the hostname, like "mail._domainkey.thegreenyoga.".

Your domain host only expects the subdomain prefix in the hostname

When authenticating a subdomain, some domain hosts may expect only your subdomain prefix in the hostname field and automatically append the root domain. For example, if you enter "send.thegreenyoga.com", it might turn into "send.thegreenyoga.com.thegreenyoga.com".

➡️ To fix this, only include your subdomain prefix in the hostname field, like "send".

Your DNS host doesn't support values longer than 255 characters

Most DNS providers set a maximum limit of 255 characters for their TXT record field. This isn’t a problem when you use the default 1024-bit DKIM key since it can fit within the allowed character limit easily. However, if you use a 2048-bit DKIM key, it can be a problem as it is longer than 255 characters.

You can easily know if you are using the default 1024-bit DKIM key or the 2048-bit DKIM key by checking the value provided in the hostname field of your DKIM record in Brevo:

1024-bit DKIM key (default) 2048-bit DKIM key
mail._domainkey sib2k._domainkey

➡️ To fix this, split your DKIM value into multiple chunks of 255 characters. To make this easy, you can use a DNS record splitter tool:

  1. Go to DNS record splitter.
  2. Insert your DKIM value into the textbox. It will then split your record into two lines.
    authenticate_split_dkim-value_en-us.jpg
  3. Copy and paste the results into a document.
  4. Enclose the two text strings in double quotes.
    authenticate_enclose_dkim-value_en-us.jpg
  5. Copy the enclosed text strings to your domain host as a TXT record.

A TXT record already exists on your domain

Some domain hosts may not allow adding a record with the same type and name twice. This means that if you already have a TXT record on your domain, your domain host may not allow you to add the records provided by Brevo.

➡️ To fix this, add the extra TXT records on your domain below the first one. Here are two examples of how to do it:

Google Domains
  1. Click + Add more to this record below the first TXT record.
  2. Paste the data of the extra record in the new field.

authenticate_google_add_more_en-us.jpg

Amazon Route 53

Enter the value of the extra record on a separate line below the first TXT record.

account_authenticate_aws_extra_record_en-us.jpg

A DMARC record already exists on your domain

important.png We have detected multiple DMARC records in your domain. For optimal deliverability, keep only one DMARC.

You can only have one DMARC record on your domain. If you already have a DMARC record on your domain and try to add a second one, this will create a conflict. 

We recommend you only add the following DMARC record to your domain:

v=DMARC1; p=none; rua=mailto:rua@dmarc.brevo.com

You are trying to add a rua tag to your DMARC record

important.png Please note that your sender domain's DMARC record lacks a rua tag. To improve your deliverability, we recommend you set up a rua tag for your DMARC record.

If you already have a DMARC record on your domain but it is missing a rua tag, you can update your existing DMARC record and add Brevo's rua tag at the end. Your DMARC record should then have the following value:

v=DMARC1; p=none; rua=mailto:rua@dmarc.brevo.com

Your domain host doesn't allow you to modify your DNS records

Some domain hosts may not let you modify your DNS records yourself. In this case, contact their support team to ask if they can add the DNS records for you.

You haven't verified if your domain is authenticated

Once you have added the values to your domain host, make sure you verify that your domain was authenticated by clicking the Authenticate this email domain button as explained in Step 3: Verify if your domain is authenticated.

Note that it can take up to 48 hours for your domain to show as authenticated.

You have authenticated your domain but it still appears as "Unauthenticated" or you get the message "❌ Value mismastched" in Brevo

When you authenticate your domain, it can take up to 48 hours for the changes to be fully applied. Note that Brevo has no control over this process and cannot speed it up.

If it's been less than 48 hours since you authenticated your domain:

  1. In Brevo, click the account dropdown and go to Senders, Domains, and Dedicated IPs > Domains.
  2. Click Check configuration under your domain.
  3. Click Authenticate this email domain under the DMARC record.
  4. You can repeat this process a few times for the next 48 hours.

If your domain is still not authenticated after 48 hours, check the other sections of this troubleshooting article to find solutions for common issues or contact our support team for help.

You modified or deleted the DNS records after your domain was authenticated

After adding the DNS records for domain authentication to your domain host, you need to keep them as they are for as long as you are using Brevo to send emails. Modifying or deleting these DNS records may lead to email delivery problems or your emails being delivered to the spam folder.

You authenticated your domain, but your emails still end up in the spam folder

Spam filters consider various factors to decide if an email should go to the inbox. Although authenticating your domain helps your sending reputation, it's not a complete solution or a magic fix.

➡️ To learn more, check our dedicated article Why are emails being delivered to the spam folder?.

⏭️ What's next?

If you've followed our troubleshooting tips and are still having issues authenticating your domain, contact our support team and include a screenshot of the DNS records you have added to your domain host.

For domain host-specific requirements, we recommend you reach out to your domain host's support team.

🤔 Have a question?

If you have a question, feel free to contact our support team by creating a ticket from your account. If you don't have an account yet, you can contact us here.

If you’re looking for help with a project using Brevo, we can match you with the right certified Brevo expert partner.

💬 Was this article helpful?

15 out of 77 found this helpful