Verifying a domain is usually successful within a matter of minutes but could take up to 48 hours, depending on several variables. Suppose your domain doesn't successfully verify within 30 minutes. We suggest you try other troubleshooting steps, as listed below. If you attempt to verify a domain using the procedure in Verifying a DKIM domain identity with your DNS provider and you encounter problems, review the possible causes and solutions below.
-
Your DNS provider appended the domain name to the end of the DNS record – Some DNS providers automatically append the name of your domain to the attribute name of DNS record (such as GoDaddy and other providers). For example, if you create a record where the attribute name is '_domainkey.example.com' (without the quotation marks), the provider might append the domain name, resulting in '_domainkey.example.com.example.com'. Often, you might not see this when looking at the DNS records, as the provider makes this information not visible. To avoid duplication of the domain name, visible within the DNS records or not, add a period to the end of the domain name when you enter the DNS record which would look like this '_domainkey.example.com.'. This step tells your DNS provider that it isn't necessary to append the domain name to the record.
-
You're attempting to verify a domain that you don't own – This is not supported. If you are using a domain you do not own, such as gmail.com, you will need to follow the SMTP configuration process.
-
Your DNS provider doesn't allow underscores in the DNS record names – A small number of DNS providers don't allow you to include underscores (_) in record names. However, the underscore in the DKIM record name is required. If your DNS provider doesn't allow you to enter an underscore in the record name, contact the provider's customer support team for assistance.
-
Your DNS provider modified the DNS record value – Some providers automatically modify DNS record values to use only lowercase letters. Our partner, Amazon SES, only verifies your domain when it detects a verification record for which the attribute value exactly matches the value that VanillaSoft provided when you started the domain verification process. If the DNS provider for your domain changes your DNS record values to use only lowercase letters, contact the DNS provider for additional assistance.
-
You want to verify the same domain multiple times – You might need to verify your domain more than once because you're sending in different regions, or because you're using the same domain to send from multiple AWS accounts. If your DNS provider doesn't allow you to have more than one DNS record with the same attribute name, you might still be able to verify two domains. If your DNS provider allows it, you can assign multiple attribute values to the same DNS record. For example, if your DNS is managed by Amazon Route 53, you can set up multiple values for the same CNAME record by completing the following steps:
-
In the Route 53 console, choose the CNAME record you created when you verified your domain in the first region.
-
In the Value box, go to the end of the existing attribute value, and then press Enter.
-
Add the attribute value for the additional region, and then save the record set.
If your DNS provider doesn't let you to assign multiple values to the same DNS record, you can verify the domain once with _domainkey in the attribute name of the DNS record, and another time with _domainkey removed from the attribute name. The downside of this solution is that you can only verify the same domain two times.
-
Checking Domain Verification Settings
VanillaSoft will display if your domain is verified on the Verify Email Domain page. If you would like further confirmation, you can check that your Amazon SES domain verification DNS record is published correctly to your DNS server by using the following procedure. This procedure uses the nslookup tool, which is available for Windows.
The commands in these instructions were executed on Windows 7, and the example domain we use is ses-example.com configured with Easy DKIM which uses CNAME records.
In this procedure, you first find the DNS servers that serve your domain, and then query those servers to view the CNAME records. You query the DNS servers that serve your domain because those servers contain the most up-to-date information for your domain, which can take time to propagate to other DNS servers.
To verify that your domain verification CNAME records are published to your DNS server
- Find the name servers for your domain by taking the following steps.
- Click the Windows Start button in the bottom-left corner.
- Type CMD to search for the Command Prompt.
- Click the Command Prompt program.
- Once the Command Prompt window opens, type the following, where <domain> is your domain. This will list all of the name servers that serve your domain.
nslookup -type=NS
If your domain was ses-example.com, this command would look like:nslookup -type=NS ses-example.com
The command's output will list the name servers that serve your domain. You will query one of these servers in the next step.
- Verify that the CNAME records are correctly published by taking the following steps. Keep in mind that Amazon SES generates three CNAME records for Easy DKIM authentication, so repeat the following procedures for each of the three.
- At the command prompt, type the following, where <random string> is the SES generated CNAME name, <domain> is your domain, and <name server> is one of the name servers you found in step 1.
nslookup -type=CNAME <random string>_domainkey.<domain> <name server>
In our ses-example.com example, if a name server that we found in step 1 was called ns1.name-server.net, and the <random string> generated by SES is4hzwn5lmznmmjyl2pqf2agr3uzzzzxyz
, we would type the following:
nslookup -type=CNAME 4hzwn5lmznmmjyl2pqf2agr3uzzzzxyz_domainkey.ses-example.com ns1.name-server.net
- In the output of the command, verify that the string that follows
canonical name =
matches the CNAME value you see when you choose the domain in the Identities list of the Amazon SES console. In our example, we are looking for a CNAME record under4hzwn5lmznmmjyl2pqf2agr3uzzzzxyz
_domainkey.ses-example.com with a value of4hzwn5lmznmmjyl2pqf2agr3uzzzzxyz.dkim.amazonses.com
. If the record is correctly published, we would expect the command to have the following output:4hzwn5lmznmmjyl2pqf2agr3uzzzzxyz_domainkey.ses-example.com canonical name = "4hzwn5lmznmmjyl2pqf2agr3uzzzzxyz.dkim.amazonses.com"
- At the command prompt, type the following, where <random string> is the SES generated CNAME name, <domain> is your domain, and <name server> is one of the name servers you found in step 1.
Common Email Verification Issues
The verification email didn't arrive – If you complete the procedures in Verifying an email address identity but you don't receive the verification email within a few minutes, complete the following steps:
-
Check the spam or junk mail folder for the email address you're attempting to verify.
-
Confirm that the address that you're trying to verify is able to receive email. Using a separate email address (such as your personal email address), send a test email to the address that you want to verify.
-
Check the list of verified addresses in the Amazon SES console. Make sure that there aren't any errors in the email address that you're attempting to verify.