Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Unable to add new email address in project email address

mroads admin
mroads admin January 3, 2020

While adding an email address, it showing DKIM validation failed for this domain.

Please help me with a detailed description.

Answer
Watch
Like Be the first to like this
1486 views

3 answers

0 votes
Andrew Poltavchenko
Andrew Poltavchenko March 14, 2021

I would like to share one more issue with TXT SPF record validation. In DNS servers replies, large TXT records can be split on parts. I.e. in case you have long list of IPs, includes and related things, the result TXT record received from DNS server will be like this:

TXT "v=spf1 +a +mx +ip4:<MASKED IPv4> <MASKED LIST OF IPv4> +ip4:<MASKED IPv4> include:_s" "pf.atlassian.net ~all"

 

Let me highlight the issue in the example above:

+ip4:<MASKED IPv4> include:_s" "pf.atlassian.net

 

In such case, https://domain-check.atlassian.com/ will fail to validate presence of string "include:_spf.atlassian.net" in DNS server reply...what means that the logic of service has a bug: TXT records returned as a list of strings should be joined into single string.

 

I.e. the validation logic should convert DNS server reply provided above into the following string:

TXT "v=spf1 +a +mx +ip4:<MASKED IPv4> <MASKED LIST OF IPv4> +ip4:<MASKED IPv4> include:_spf.atlassian.net ~all"

 

The simplest way to solve the issue is to put "include:_spf.atlassian.net" at the start of SPF definition (right after "v=spf1" option).

Reply
0 votes
Josh
Josh May 20, 2020

I'm having a similar issue. @Angélica Luz can you take a look?

View More Comments
Angélica Luz
Angélica Luz
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 22, 2020

Hello @Josh

Thank you for reaching out to Community!

Can you share with us the error that appears when you try to change the project email address?

I can see that the domain is correctly verified, so now it would be only necessary to follow the steps of the documentation below:

- Configuring Jira Cloud to send emails on behalf of your domain 

Regards,
Angélica

Like
Josh
Josh May 22, 2020

The issue is in AWS Route53 has a record type on the DNS called "SPF"
Capture.PNG

To fix my issue I had to instead use a TXT record. 



  


Like
Reply
0 votes
Angélica Luz
Angélica Luz
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 6, 2020

Hi there,

Thank you for reaching out to Atlassian Community!

This error message appears when the domain of the email you are adding to the project is not verified, so in order to change the project email address, it's necessary to verify the domain.

Please, follow the steps of the documentation below:

If you have any questions or face any issue, please let us know.

Regards,
Angélica

View More Comments
mroads admin
mroads admin January 8, 2020

We have updated the DKIM file and verified also but it is still showing the same(DKIM validation failed for this domain).

 

Is it mandatory to add SPF in our records? 

Like
Angélica Luz
Angélica Luz
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 9, 2020

Yes, it's necessary to follow all steps in order to use the email as the project email address.

Like
mroads admin
mroads admin January 10, 2020

Hi Angelica,

 

We have updated all records as per your instructions. We are getting a new error that is, "

Unknown server error without description" after the update all records.

Please find attached a screenshot of the issue.

 

Please suggest us to resolve this issue.

 

Thanks

Bhanu

Like
mroads admin
mroads admin January 10, 2020

Screen Shot 2020-01-10 at 3.59.44 PM.png

Like
mroads admin
mroads admin January 13, 2020

Is there anyone able to support us?

Like
Philip Stone
Philip Stone January 13, 2020

Hey,

I just had the same issue. Sounds stupid but remove or set an incorrect value for the DKIM entry. After some minutes try the verification tool again. Hit the "check" button several times, sometimes the answers are different. One pointed me into the right direction. 

image.png

I'm not a DNS expert but I believe the way you have configuration your SFP isn't correct. https://aws.amazon.com/premiumsupport/knowledge-center/characterstringtoolong-error/ 

and you cannot have two SPF TXT

Let's say you have split your SPF into two separate TXT records spfva.mroads.com and spfvb.mroads.com that contains your includes. Then your final include looks like

{v=spf1 include:spfva.mroads.com include:spfvb.mroads.com ~all}

 If you still have issue try to make an include for Atlassian before your first include

{v=spf1 include:_spf.atlassian.net include:spfva.mroads.com include:spfvb.mroads.com ~all}

Hope I could help you with this. 

Like
Angélica Luz
Angélica Luz
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 13, 2020

Hi Bhanu,

I checked https://www.mail-tester.com/spf-dkim-check and there are duplicated SPF entries and the DKIM is missing.

Please, remove the duplicated SPF and add the DKIM. For the DKIM it's not necessary to replace with your domain, just copy from our documentation.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events