Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

DNS records error preventing email domain validation

Doug Matthews
Doug Matthews
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
January 10, 2022

Hi - we're getting an error that a TXT record in our DNS server is preventing Atlassian from validating our email domain. The TXT record appears in our DNS file exactly as shown (include:_spf.atlassian.net), but we still get the error that Atlassian is unable to confirm a match ("the value for this TXT record is missing from your domain provider"). Are there specific gotchas or details that other folks have found that might help get this configured correctly?

DM

 

 

Answer
Watch
Like Be the first to like this
2720 views

2 answers

5 votes
Craig Castle-Mead
Craig Castle-Mead
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 10, 2022

@Doug Matthews 

I'm wondering if there's multiple SPF records for the domain, and the validation logic is checking one record, but you're looking at another.

There's a good chance you already had an existing SPF record on your domain - eg: if you use Microsoft O365 for email, your domain likely had something like "v=spf1 include:spf.protection.outlook.com -all" (this allows O365 to send email on behalf of your domain).

If you now want to allow Atlassian's Cloud services to send email, the instructions may say something like 'Add "v=spf1 include:_spf.atlassian.net ~all" to your domains TXT record, but if you already have an SPF TXT record, you need to merge the two, so you'd change

"v=spf1 include:spf.protection.outlook.com -all"

to

"v=spf1 include:spf.protection.outlook.com  include:_spf.atlassian.net -all"

Be careful if you have ~all (softfail) in your SPF record and an instruction says to change it to -all (fail).  -all is a much stricter rule than ~all, so if something is sending email on behalf of your domain already and not explicitly listed in your SPF record with ~all and you change to -all, then chances are whatever is sending those emails will be blocked by any well-behaving mail server

https://dmarcian.com/what-is-the-difference-between-spf-all-and-all/  has a bit more

 

CCM

View More Comments
Leo Koskiluoma
Leo Koskiluoma
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
March 16, 2022

Thank you so much CCM, not merging the SPF records was the problem in my case, and thanks to you, I could resolve it just by googling :)

Leo

Like Craig Castle-Mead likes this
Reply
0 votes
Storeolis Admin
Storeolis Admin January 14, 2022

I have exactly the same problem. Is there a bug in Jira's validation algorithm?

Here are details of issue I got: https://community.atlassian.com/t5/Jira-Service-Management/Unable-to-verify-sending-email-domain-via-DNS/qaq-p/1911085

PS. SPF TXT record is verified successfully. The problem is only with 2nd TXT (verify) record

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
FREE
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.