Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

DNS records error preventing email domain validation

Hi - we're getting an error that a TXT record in our DNS server is preventing Atlassian from validating our email domain. The TXT record appears in our DNS file exactly as shown (include:_spf.atlassian.net), but we still get the error that Atlassian is unable to confirm a match ("the value for this TXT record is missing from your domain provider"). Are there specific gotchas or details that other folks have found that might help get this configured correctly?

DM

 

 

2 answers

I have exactly the same problem. Is there a bug in Jira's validation algorithm?

Here are details of issue I got: https://community.atlassian.com/t5/Jira-Service-Management/Unable-to-verify-sending-email-domain-via-DNS/qaq-p/1911085

PS. SPF TXT record is verified successfully. The problem is only with 2nd TXT (verify) record

0 votes

@Doug Matthews 

I'm wondering if there's multiple SPF records for the domain, and the validation logic is checking one record, but you're looking at another.

There's a good chance you already had an existing SPF record on your domain - eg: if you use Microsoft O365 for email, your domain likely had something like "v=spf1 include:spf.protection.outlook.com -all" (this allows O365 to send email on behalf of your domain).

If you now want to allow Atlassian's Cloud services to send email, the instructions may say something like 'Add "v=spf1 include:_spf.atlassian.net ~all" to your domains TXT record, but if you already have an SPF TXT record, you need to merge the two, so you'd change

"v=spf1 include:spf.protection.outlook.com -all"

to

"v=spf1 include:spf.protection.outlook.com  include:_spf.atlassian.net -all"

Be careful if you have ~all (softfail) in your SPF record and an instruction says to change it to -all (fail).  -all is a much stricter rule than ~all, so if something is sending email on behalf of your domain already and not explicitly listed in your SPF record with ~all and you change to -all, then chances are whatever is sending those emails will be blocked by any well-behaving mail server

https://dmarcian.com/what-is-the-difference-between-spf-all-and-all/  has a bit more

 

CCM

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
FREE
PERMISSIONS LEVEL
Site Admin
TAGS

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you