As of February 1, 2024, Gmail and Yahoo require your domain to be authenticated. This reassures recipients that your emails are genuinely from you or your organization, reducing the risk of spam, phishing, and other malicious activities.
In this article, we'll provide explanations for common issues that you may encounter when authenticating your domain with Brevo.
Here's the list of common issues we'll help you with:
Domain/sender not complying or email address replaced when sending an email
Ideally, your domain should have been authenticated since February 1, 2024, to prevent your emails from being marked as spam or facing delivery issues.
If you haven’t authenticated your domain yet, Brevo will temporarily help maintain your deliverability by replacing the domain part of your email address with @brevosend.com
. This means your email address will appear with a format similar to mycompany@5000001.brevosend.com
in your recipients' inboxes.
We strongly recommend authenticating your domain as soon as possible.
➡️ To learn how to authenticate your domain to prevent your sender domain from being automatically replaced, check our dedicated article Authenticate your domain with Brevo.
Domain is invalid
Expand the accordions below to discover possible reasons why your domain might be invalid:
You can only authenticate a domain that you or your business owns and manages. If your email address is from a public email provider (such as gmail.com, yahoo.com, or orange.fr), this is considered a free domain, which cannot be authenticated. To authenticate, you’ll need to purchase a domain that you own and manage through a service such as GoDaddy or OVH.
➡️ To learn more about why you should avoid using a free email address, check our dedicated article Why you need to replace your free email address with a professional one.
When entering your domain name in Brevo, use a format like domain.com
or sub.domain.com
and do not include special characters, except for -
, .
, and /
.
DNS records mismatch or are not detected
Expand the accordions below to discover possible reasons why your DNS records mismatch or are not detected:
To authenticate your domain, you need to add the following DNS records to your domain host account:
- Brevo code
- DKIM record
- DMARC record
Brevo will provide the required values for each record. Note that if any of these records are missing, your domain authentication won't be complete.
➡️ To learn how to add these DNS records to your domain host, check our dedicated article Authenticate your domain with Brevo.
Once you've added the DNS records to your domain host account, it can take up to 48 hours for the changes to take effect and for your domain to be authenticated. This timing is managed by your domain host, and Brevo cannot control or speed up the process.
If it’s been less than 48 hours, you can manually check your domain's authentication status directly in your Brevo account:
- In Brevo, click the account dropdown and go to Senders, Domains, and Dedicated IPs > Domains.
- Click Authenticate next to the domain you authenticated.
- Select Authenticate the domain yourself.
- Click Continue.
- Click Authenticate this email domain at the bottom of the page.
You can repeat this process a few times in the next 48 hours. If your domain still does not appear as authenticated after 48 hours, contact our support team for help.
Brevo automatically identifies the most popular domain hosts. If your domain host is recognized, we will provide the exact values needed to create the required DNS records. To avoid any typos or formatting errors, we recommend copying and pasting these values directly from Brevo into your domain host.
If we can’t identify your domain host, Brevo will provide generic values that might not fully match your host’s specific requirements. Some hosts have unique formatting rules for DNS records that may differ the values provided by Brevo.
Expand the accordions below to discover solutions that might resolve these formatting issues:
When authenticating a domain, some domain hosts may not accept the "@" symbol in the hostname field.
➡️ To fix this, try using your domain name or leaving the field empty.
Some domain hosts may require a dot at the end of the value. Without this dot, they consider the entire value as a subdomain and automatically add the root domain at the end.
For example, if you enter mail._domainkey.domain
without a dot, it might turn it into mail._domainkey.domain.com.domain.com
, instead of just mail._domainkey.domain.com
.
➡️ To fix this, add a dot at the end of the hostname, like mail._domainkey.domain.
.
When authenticating a subdomain, some domain hosts may expect only your subdomain prefix in the hostname field and automatically append the root domain.
For example, if you enter send.domain.com
, it might turn into send.domain.com.domain.com
.
➡️ To fix this, only include your subdomain prefix in the hostname field, like send
.
When authenticating a domain, some domain hosts, such as Alfahosting, may not accept the ":" symbol in the value fields.
➡️ To fix this, contact your domain host's support team and request their assistance in adding the necessary DNS records on your behalf.
Most domain hosts set a maximum limit of 255 characters for their TXT record field. This isn’t a problem when you use the default 1024-bit DKIM key since it can fit within the allowed character limit easily. However, if you use a 2048-bit DKIM key, it can be a problem as it is longer than 255 characters.
To check if you’re using the default 1024-bit DKIM key or the 2048-bit key, look at the value in the second field of your DKIM record in Brevo:
1024-bit DKIM key (default) | 2048-bit DKIM key |
➡️ To fix this, split your DKIM value into multiple chunks of 255 characters. To make this easy, you can use a DNS record splitter tool:
- Go to DNS record splitter.
- Insert your DKIM value into the textbox. It will then split your record into two lines.
- Copy and paste the results into a document.
- Enclose the two text strings in double quotes.
- Copy the enclosed text strings to your domain host as a TXT record.
After you're done adding the DNS records to your domain host, make sure to click Authenticate this email domain at the bottom of the page. This will allow Brevo to verify if your domain is authenticated. |
If your domain was authenticated successfully but its status later changes to "Not authenticated" after a day or a few days, it's possible that the DNS records you added were modified or deleted.
Once you add the DNS records for domain authentication to your domain host, you need to keep them unchanged for as long as you are using Brevo to send emails. Modifying or deleting these records can result in email delivery issues or cause your emails to be delivered to the spam folder.
➡️ To re-authenticate your domain, check our dedicated article Authenticate your domain with Brevo.
Existing DKIM record with same value
If a DKIM record with the same value as the one provided by Brevo already exists on your domain host, you have two options:
- Replace your existing DKIM record with the value provided by Brevo. This is only recommended if you're no longer using the other service that required the previous DKIM record.
- Contact our support team to request an update to your DKIM record with a new value. If you have multiple domains in your Brevo account, you’ll need to update the DKIM records for all of them with the new value.
2048-bit DKIM key instead of 1024-bit
By default, DKIM records of TXT type use a 1024-bit DKIM key. If you want to use a 2048-bit DKIM key to enhance your email security, contact our support team to activate it for your account. Your 2048-bit DKIM key will then appear in your DNS records with a value starting with sib2k.
1024-bit DKIM key (default) | 2048-bit DKIM key |
If you previously used the 1024-bit DKIM key to authenticate your domain, update your DKIM record in your domain host with the new value.
Multiple DMARC records
To comply with Gmail and Yahoo's requirements for email senders, your domain should have a single DMARC record with a rua tag. Having more than one DMARC record can interfere with domain authentication.
Expand the accordions below to explore the three options for resolving this issue:
To keep only one valid DMARC record and delete any others on your domain:
- Open a new tab in your web browser and log in to your domain host account.
- Navigate to the section where you can manage the DNS records for the domain you want to authenticate.
- Locate your existing DMARC records.
- Choose which DMARC records you want to keep and delete all others. We recommend you keep Brevo's DMARC record, which looks like this:
v=DMARC1; p=none; rua=mailto:rua@dmarc.brevo.com
.
If you need multiple DMARC records because you use several email providers and cannot delete the other records, you'll need to create different subdomains for each provider. This will allow you to configure separate DMARC records.
If you want to receive DMARC reports at multiple email addresses, you can merge the email addresses of your rua tags into a single DMARC record, like:
v=DMARC1; p=none; rua=mailto:rua@dmarc.brevo.com, mailto:dmarcreports@mydomain.com
.
Missing rua tag for DMARC record
To comply with Gmail and Yahoo's requirements for email senders, your domain should have a single DMARC record with a rua tag. If your domain already has a DMARC record but lacks a rua tag, you’ll need to update the record by adding Brevo's rua tag at the end.
- Open a new tab in your web browser and log in to your domain host account.
- Navigate to the section where you can manage the DNS records for the domain you want to authenticate.
- Locate and edit your existing DMARC record.
- In the DMARC record’s value field, add Brevo's rua tag at the end:
; rua=mailto:rua@dmarc.brevo.com
. -
Save your DMARC record.
Your DMARC record should now look like this:
v=DMARC1; p=none; rua=mailto:rua@dmarc.brevo.com
DMARC policy requires authentication
If your sender domain has a DMARC policy of p=quarantine or p=reject, you need to authenticate your domain before creating a sender. Authenticate your domain and try creating the sender again.
➡️ To learn more, check our dedicated article Authenticate your domain with Brevo.
Domain host doesn't accept the new DNS records
Expand the accordions below to discover possible reasons why your domain host doesn't accept the new DNS records:
Some domain hosts do not allow adding a record with the same type and name twice. This means that if you already have a TXT record on your domain, your domain host may not allow you to add the records provided by Brevo.
➡️ To fix this, add the extra TXT records on your domain below the first one. Expand the accordions below to discover examples of how to do it in Amazon Route 53 and Google Domains:
Enter the value of the extra record on a separate line below the first TXT record.
- Click + Add more to this record below the first TXT record.
- Paste the data of the extra record in the new field.
Some domain hosts, such as Jimdo, do not allow you to add certain DNS records yourself. If you encounter this issue, we recommend contacting your domain host's support team and requesting their assistance in adding the necessary DNS records on your behalf. You can use a message like the following:
"I am looking to authenticate my domain domain.com
hosted with you in Brevo, and I need your assistance in setting up the following DNS records:
Brevo code
DKIM record
-
DMARC record
"
Make sure to replace domain.com
with your actual domain name and include the required DNS records and their corresponding values. You can find these values by following our dedicated article Authenticate your domain with Brevo and selecting the option to authenticate the domain yourself.
Emails still end up in spam after authenticating
If you've authenticated your domain but your emails still end up in the spam folder, keep in mind that spam filters consider multiple factors when deciding if an email should reach the inbox. While domain authentication improves your sending reputation, it’s not a complete solution or a guaranteed fix.
➡️ To learn more, check our dedicated article Why are emails being delivered to the spam folder?.
⏭️ What's next?
If you've followed our troubleshooting tips and are still having issues authenticating your domain, contact our support team and include a screenshot of the DNS records you have added to your domain host.
For domain host-specific requirements, we recommend you reach out to your domain host's support team.
🤔 Have a question?
If you have a question, feel free to contact our support team by creating a ticket from your account. If you don't have an account yet, you can contact us here.
If you’re looking for help with a project using Brevo, we can match you with the right certified Brevo expert partner.