DNS records error preventing email domain validation

Doug Matthews January 10, 2022

Hi - we're getting an error that a TXT record in our DNS server is preventing Atlassian from validating our email domain. The TXT record appears in our DNS file exactly as shown (include:_spf.atlassian.net), but we still get the error that Atlassian is unable to confirm a match ("the value for this TXT record is missing from your domain provider"). Are there specific gotchas or details that other folks have found that might help get this configured correctly?

DM

 

 

2 answers

5 votes
Craig Castle-Mead
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
January 10, 2022

@Doug Matthews 

I'm wondering if there's multiple SPF records for the domain, and the validation logic is checking one record, but you're looking at another.

There's a good chance you already had an existing SPF record on your domain - eg: if you use Microsoft O365 for email, your domain likely had something like "v=spf1 include:spf.protection.outlook.com -all" (this allows O365 to send email on behalf of your domain).

If you now want to allow Atlassian's Cloud services to send email, the instructions may say something like 'Add "v=spf1 include:_spf.atlassian.net ~all" to your domains TXT record, but if you already have an SPF TXT record, you need to merge the two, so you'd change

"v=spf1 include:spf.protection.outlook.com -all"

to

"v=spf1 include:spf.protection.outlook.com  include:_spf.atlassian.net -all"

Be careful if you have ~all (softfail) in your SPF record and an instruction says to change it to -all (fail).  -all is a much stricter rule than ~all, so if something is sending email on behalf of your domain already and not explicitly listed in your SPF record with ~all and you change to -all, then chances are whatever is sending those emails will be blocked by any well-behaving mail server

https://dmarcian.com/what-is-the-difference-between-spf-all-and-all/  has a bit more

 

CCM

Leo Koskiluoma March 16, 2022

Thank you so much CCM, not merging the SPF records was the problem in my case, and thanks to you, I could resolve it just by googling :)

Leo

Like Craig Castle-Mead likes this
0 votes
Storeolis Admin January 14, 2022

I have exactly the same problem. Is there a bug in Jira's validation algorithm?

Here are details of issue I got: https://community.atlassian.com/t5/Jira-Service-Management/Unable-to-verify-sending-email-domain-via-DNS/qaq-p/1911085

PS. SPF TXT record is verified successfully. The problem is only with 2nd TXT (verify) record

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
FREE
PERMISSIONS LEVEL
Site Admin
TAGS
AUG Leaders

Atlassian Community Events