How do I verify my email subdomain?

Mailgun enforces domain verification for two main reasons. Firstly, it serves as a confirmation that you are the legitimate owner of the domain, preventing unauthorized parties from misusing your domain within our platform. Secondly, the verification of SPF and DKIM records authorizes our SMTP servers to send emails on your domain's behalf, significantly enhancing your email deliverability - which is our specialty!

Tips for Domain Verification Success

Setting up DNS records for domain verification can be a bit tricky, but with a few key tips, you can increase your chances of a successful verification process. Here are some common issues to watch out for when verifying your domain:


  • "I Created My Records, but Mailgun Does Not See Them"

Always double-check any changes made to your DNS configuration through both local and public queries. Local queries can be performed using utilities like dig (Linux/Unix) and nslookup (Windows).

To verify through a dig command, use the syntax: dig -t TYPE DOMAIN


To verify through nslookup, use the syntax: nslookup -q=TYPE DOMAIN6079bb4fdf3fd

Local DNS servers in your network might take precedence over public queries, so even if you don't have a local DNS server, it's recommended to perform a secondary public query for your domain. You can use tools like "What's My DNS" to check the propagation of your changes across multiple global servers.


  • "The DKIM Record Is Verified, but the SPF Is Not"

To verify your domain, you need two TXT records: SPF and DKIM. If your DKIM record is in order but not the SPF, consider these aspects:

  • There can only be one SPF record per hostname. If your hostname contains multiple SPF records, they should be merged into a single value.6079bb507ec51

    The new value should be structured like this: v=spf1 ip4: include:smtp.domain.tld ~all. Make sure your SPF record doesn't exceed 10 lookups to avoid issues.

  • If your hostname has a CNAME in addition to other record types (e.g., TXT, A), the CNAME will take precedence over other records. You can resolve this by removing the CNAME from the hostname or using a different sending subdomain.


  • "The Records Are Resolving, but Mailgun Still Says the Domain Is Unverified"

Depending on the DNS hosting provider, records can take up to 24-48 hours to fully propagate. A manual verification can be attempted if 24 hours have already passed and the records are confirmed correct via both local and public queries. 

To perform a manual verification and update the DNS records cache, log into your Mailgun control panel. If you're using our classic UI (options across the top, with a silver background) you can follow these instructions: 

  • Click Domains 
  • Select your domain's name 
  • Under Domain Verification & DNS select Check DNS Records Now.

If you're using our beta UI (options displayed down the left-hand side on a dark column): 

  • Click Messages.
  • Select your specific domain.
  • Click Settings. 
  • Select DNS Records. 
  • Click the green Check DNS Records Now button.

Other DNS Records - Optional

While the two TXT records (SPF and DKIM) are all that's required to send messages via Mailgun, you do also have the option to add MX and CNAMErecords, if you choose. The process for adding these optional records is exactly the same as adding the required TXT records.

MX records are really only needed if you're looking to receive incoming mail for the exact domain or domains you have verified in your Mailgun account; keep in mind - you don't want to point your domain's MX records to Mailgun if you already have incoming mail setup elsewhere. If you do, adding Mailgun MX records will break this configuration, and you won't receive your mail as you have previously. 

Note: You only ever want to have one source specified for your MX records, otherwise servers get confused. Bad things happen when servers get confused.

A CNAME record is needed only if you're looking to enable our tracking features, keeping detailed records of Clicks, Opens, and/or Unsubscribes. 

If you are still experiencing any issues after the domain's DNS records are publicly resolving, just reach out to our Support team via the Support tab in your Mailgun control panel!

Which Method Works Best for You?

To get your sending off the ground, after you've got your domain added and fully configured, you need to decide which of our two methods you're going to use; SMTP or API. You'll be using one of the two methods to send via our platform using a sending application of your choice. 

Both methods work very well - it's all about what your use case needs happen to be, as well as your personal preferences. At a glance:


  • Flexible with existing applications
  • Less technical/coding knowledge not necessary
  • Open protocol


  • Faster (three times faster!)
  • More technical/coding knowledge necessary; 
  • No need to craft a MIME (message body) - we assemble it on our side!
  • Better for large scale sending; more volume, to more recipients, with less effort

How Do We Put This Into Practice?

Here's a snapshot of sending via Mailgun with our API:

Here's sample code for sending an email with cURL: