It’s important to properly configure your domains so that email deliverability is not hampered. If your emails are marked as spam or rejected, the recipient will not receive your message in their inbox. With correctly configured SPF and DKIM records comes the trust within recipients that they have received the email from a genuine sender and not a spoofer. Moreover, you can’t afford to be non-compliant with industry regulations regarding email communications.
Ensuring consistency and reliability of email communication is part of providing your customers and prospects with great services. Hence, fixing custom domain configuration problems helps you better track and analyze your email campaigns. This enhances the overall user experience, ensuring that customers receive important communications without interruptions or delays.
So, let’s figure out how to go about it.
1. Unable to verify custom domain status
Verify the ownership of your custom domain by adding a TXT record to your domain’s DNS hosting provider. When the verification starts, Azure Email Communication Service tries to read the TXT record from your custom domain. If it can’t read the TXT record, the verification fails.
However, if the verification process fails, you need to perform the following steps to detect and fix the underlying problems-
- Copy the suggested TXT record from the Azure portal. It will look something like this:
`ms-domain-verification=43d01b7e-996b-4e31-8159-f10119c2087a`
- If you haven’t added the TXT record yet, do so through your domain registrar or DNS hosting provider.
- After adding the TXT record, check your domain’s TXT records.
- To check, use the nslookup tool in Windows CMD with this command: `nslookup -q=TXT YourCustomDomain.com.` You can also use a third-party DNS lookup tool like MxToolBox.
- Review the list of TXT records for your custom domain. If you don’t see the TXT record, Azure Email Communication Service won’t be able to verify your domain.
2. Failing to verify SPF status
After verifying your domain, you also need to check the Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) records. If your SPF status is failing, follow these steps:
- Copy your SPF record from the Azure portal. It should look like this: `v=spf1 include:spf.protection.outlook.com -all`
- Check the TXT records for your domain. If you don’t see your SPF record, Azure Email Communication Service can’t verify it.
- Ensure your SPF record contains `-all` instead of `~all`. If it has `~all`, SPF verification will fail.
- Add the SPF record to your domain registrar or DNS hosting provider.
- After adding the SPF record, check it using one of these methods:
- Use the nslookup tool in Windows CMD with the command: `nslookup -q=TXT YourCustomDomain.com.` Alternatively, you can use a third-party DNS lookup tool.
3. Failing to verify DKIM status
If Azure Email Communication Service fails to verify DKIM, follow these steps:
- Open your command prompt and run `nslookup`
- Then type: `set q=TXT`
- For DKIM issues, use ‘selector1’
`selector1-azurecomm-prod-net._domainkey.contoso.com`
This command will return the CNAME DKIM records for your domain. If you see your DKIM records in the output, Azure Email Communication Service should verify the status.
If the records are missing, Azure Email Communication Service cannot verify DKIM. Failing to verify DKIM status and neglecting the use of automatic SPF flattening tools can compromise email security, increasing the risk of spoofing and delivery failures.