Check your MX/SPF/TXT Records

Question

Level 1

10 points

Check your MX/SPF/TXT Records

I have my DNS configured through Cloudflare. I have followed their guide on setting this up as well as the one from Apple. Cloudflare does not allow a trailing period at the end of an MX record, and whenever the @ symbol is placed somewhere it defaults to the root domain. One of the records (The CNAME) allows DNS Proxy which I have disabled. Every time I tell iCloud to verify the settings it tells me to check one of my records, usually the MX record but sometimes other ones.

When I check MXtoolbox or query my ISP's nameservers I get the correct information in all of the records. An error message or a reason for failure would be very useful in this situation as a generic "check the records" response is somewhat meaningless. Is there something I am unaware of that needs to be configured separately? I have also re-started the process and tried in a different browser, all with the same behaviour.

Posted on Nov 12, 2021 3:12 PM

Reply

Answer 1

Best reply

CraigBray Author

Level 1

10 points

Nov 12, 2021 3:17 PM in response to CraigBray

It started working shortly after I made this post, which was 30+ hours after I made the changes.

In Cloudflare you need to ensure your settings for the SPF record are configured as a TXT record "v=spf1 redirect=icloud.com" and for your CNAME entry you must make sure it is set to DNS only. There is a DNS Proxy toggle button you must disable.

Reply

Answer 2

CraigBray Author

Level 1

10 points

Nov 17, 2021 6:22 PM in response to CraigBray

It seems I did not redact enough information in my previous post, I suspect that was automated. Either way, the SPF needs to be a TXT record, you can't create an SPF record that is a redirector, so you'll make a TXT record with @ (which will rename itself to the domain you're configuring in the list view) and the content is "v=spf1 redirect=icloud.com" with those quotes, this will tell anything checking SPF records to look at icloud.com's records instead. It *should* work without the quotes too, but that's what I did. The CNAME field has the ability to proxy DNS through Cloudflare's system. You cannot leave that enabled and have this work. This is how that button should look.

Reply

Answer 3

CraigBray Author

Level 1

10 points

Nov 17, 2021 5:56 PM in response to ryanaustin23

Hey Ryan,

Attached is a screenshot with my information. The DKIM key field is cut off due to how the field works, but it's "***domain.com.at.icloudmailadmin.com" without the quotes. If you add @ instead of yourdomain.com in any of these records it will just replace the entry but it fundamentally works the same as the target is the root domain. The same goes for trailing periods at the end of your MX records. I tried both 0 and 10 for the priority on the MX records, contrary to what the Cloudflare article says, I believe 10 might actually be a value that is verified in this process.

What I ended up doing was restarting the process to create a new domain verification key, inputting it and then waiting 30 minutes. On the first attempt, I had set everything up ahead of time and made the DNS records then went to bed, then halfway through the next day, I decided to finish the process. Not sure if there's something on the iCloud side of things that timed out or if there was something else going on but my second attempt went off without a hitch.

[Personal Information Edited by Moderator]

Reply

Answer 4

Nov 17, 2021 5:33 PM in response to CraigBray

Hello Craig, I'm having the same issue. Would you be able to screenshot your settings for SPF, CNAME (DKIM)? Thanks!

Reply

Check your MX/SPF/TXT Records

Similar questions