This topic desribes some common issues related to domain name configuration.
Why domain name ownership validation, SPF validation, and MX validation are required?
How to verify if the configured DNS resolution takes effect?
What are the restrictions on setting up domain names?
Each Alibaba Cloud can create 5 sending domain names. We recommend that you create 2 separate domain names for sending triggered emails and batch emails.
We recommend that you use secondary domain name to avoid affecting top-level domain name by sending reputation. Please do not use domain name that already opened Alibaba Mail service because it may cause receiving and sending trouble. You may create secondary domain name of Alibaba Mail domain name as sending domain name of DirectMail.
If sender addresses are created for a specific sender domain name, the associated domain name cannot be deleted. Domain names without sender addresses can be deleted.
One main domain name including all its secondary domain names will only be used by one Alibaba Cloud account as sending domain. If one Alibaba Cloud use xxx.example.net as sending domain of DirectMail, then other accounts cannot use example.net and its secondary domain names(such as xxx.example.net,yyy.example.net,aaa.yyy.example.net and bbb.aaa.yyy.example.net) as sending domain name.
How to configure domain name on DNS servers?
This content describes how to configure domain name on mainstream DNS servers to bind DirectMail.
First of all, login DirectMail console, bind and verify domai name, then query your DNS configuration.
Then, login to your domain name registrar's website and add the domain name resolution to the domain name configuration record value you queried one by one.
For detailed documents, please refer to: How to Configure Sending Domain Names
Can DNS record configured for domain name be modified?
After the successful validation of the email sending domain, DNS records cannot be modified or deleted. Otherwise, emails may be rejected by some inbound email servers.
Why would domain validation fail?
If the domain validation fails, please check whether the domain name configuration information is correct, and ensure that valid values and standard points have been submitted.
Here is the detailed steps of troubleshooting you may refer to.
1. Please check whether the domain name ownership, SPF, MX host records, and corresponding record values have been correctly configured on the DNS server.
2. If not configure yet, please refer to the content:How do I configure a domain name on DNS servers?
3. If the configuration verification fails and a message is received, please perform related operations as prompted.
4. If you need technical assistance, please provide a complete screenshot of the sending domain name configuration and a complete screenshot of the resolution configuration of the domain name on the DNS server when submitting the ticket.
Why domain name ownership validation, SPF validation, and MX validation are required?
In order to prevent users from others using the email service provided by DirectMail.
In order to prevent users from others maliciously registering the same email sending account as yours on DirectMail to send notifications and promotion information under false names.
In order to improve overall email delivery efficiency.
What is DKIM and how to configure DKIM records?
DKIM is an email security protocol. It verifies the domain name of the email through message encryption and authentication. It is used to check whether the email is tampered during transmission to ensure the integrity of the email content.
Set DKIM records:
1. Raise ticket to apply for DKIM record value for DirectMail and we will provide it to you within 1-3 working days. Please state your email sending scenario in application for quick approval.
2. After obtaining the record value, please login Alibaba Cloud DNS console and add TXT type record under main domain name. If you use main domain name as sending domain name, please fill default._domainkey in host record.
3. Vertification method: nslookup -qt=txt default._domainkey.xxx.example.net. Please replace xxx.example.net to your secondary domain name then you will get record value after resolution.
What is DMARC and how to configure DMARC records?
DMARC records help to prevent others from forging your email sending domain name, and can detect the situation when others are trying to forge your domain name.
If recipients, whose MTA needs to support the DMARC protocol, receive an email from your domain name, DMARC validation will be performed. If validation fails, a report will be send to your inbox where the DMARC is set.
Set DMARC records:
1. Make sure that the following SPF record is set at first: “v=spf1 include:spf1.dm.aliyun.com -all”.
2. Set the following DMARC records:
Host Record: _dmarc.xxx(Note: xxx is the prefix of secondary domain name, please change it accordingly).
Record Value: TXT “v=DMARC1;p=none;rua=mailto:a***@example.net;ruf=mailto:a***@example.net”.
The default intercept level is looser for this value, you may change p=none to p=quarantine if there is no abnormalities. And you can also change p=none to p=reject if you receive any report of attack.
Note: The a***@example.net in the record value can be any inbox which you can receive emails.
The validity time of domain name resolution.
Generally, the resolution takes effect within 4 hours or 48 hours at the latest. Please refer to the official documents of your domain name service provider for the specific effective time.
How to verify if the configured DNS resolution takes effect?
We have two ways to verify the DNS resolution of your sending domain. You may run "nslookup" in Windows system and run "dig" in Linux system.
For detailed documents, please refer to: How to verify if the configured DNS resolution takes effect?
How to check if gets the result "Non-existent domain" after run the command "dig domain name" or "nslookup"?
The troubleshooting procedure is as follows:
Please verify that this domain name has been authenticated.
Please verify that DNS resolution is configured correctly, paying particular attention that host record name is correct.