All posts
dns lookup email delivery mx records txt records

Why Your New Custom Email is Bouncing: How to Verify Your MX and TXT DNS Records

Benchehida Abdelatif ·

You register a fresh domain, set up a professional mailbox (like hello@yourdomain.com) with Google Workspace or Microsoft 365, and attempt to send a test message from your personal inbox. A few seconds later, you receive a bleak email back: Delivery Status Notification (Failure). Your email bounced.

Having your custom email bounce is frustrating, but it is almost never a problem with the mailbox itself.

Instead, it is a technical issue with your domain’s routing settings, known as Domain Name System (DNS) records. If you do not tell the global internet exactly where your email servers live, foreign servers will refuse to deliver mail to you. Even worse, if you try to send emails, they will likely get flagged as spam because your domain lacks safety verification tags.

This guide walks you through the exact DNS records needed to make your email work, how to check them, and how to verify SPF, DKIM, and DMARC records to ensure perfect inbox delivery.

Quick answer

To stop your custom email from bouncing, you must verify two types of DNS records in your domain registrar or DNS dashboard (like Cloudflare):

  1. MX (Mail Exchanger) Records: These tell the internet where to send emails addressed to you. If you use Google Workspace, you must set an MX record pointing to Google’s mail servers.
  2. TXT (Text) Records (SPF, DKIM, DMARC): These prove that you own the domain and authorize your email provider to send messages on your behalf. Without these TXT records, modern inboxes (like Gmail and Yahoo) will block or bounce your mail to prevent phishing.

Use a DNS record lookup tool to verify which records are currently active on your domain.

The three reasons your new email is bouncing

When email delivery fails, the error message in the bounce notification usually points to one of three issues.

1. The MX record is missing or incorrect

Think of your domain as a house and your email provider as your physical mailbox. If you do not tell the post office where your mailbox is, they cannot deliver your mail. An MX record acts as the post office’s routing instructions.

If you have no active MX records, any email sent to you@yourdomain.com will bounce instantly with a “domain not found” or “no mail servers configured” error.

2. The SPF record is missing or duplicate

SPF stands for Sender Policy Framework. It is a simple TXT record that lists every server authorized to send emails using your domain name.

If you send an email from your new Google Workspace mailbox, the receiving server (for example, Yahoo) will check your domain’s SPF record. If the SPF record is missing, or if it does not list Google as an authorized sender, Yahoo will assume a hacker is spoofing your domain and will bounce the message.

3. The DKIM and DMARC security checks failed

DKIM (DomainKeys Identified Mail) adds a cryptographic signature to every email you send. DMARC (Domain-based Message Authentication, Reporting, and Conformance) tells receiving servers what to do if the SPF or DKIM checks fail (for example, block it immediately or send it to spam).

Since early 2024, Google and Yahoo require active SPF, DKIM, and DMARC records for anyone sending email. If these are missing, your outbound emails will bounce back with strict security error codes.

How to check your live DNS records

Before editing settings in your registrar dashboard, check what the global internet actually sees. DNS changes do not update instantly across the entire planet. They must propagate, which can take anywhere from a few minutes to 48 hours depending on your Time-To-Live (TTL) settings.

Here is how to check your active records step-by-step:

  1. Open our DNS record lookup tool.
  2. Type your root domain name (for example, clearledger.com).
  3. Click the query action.
  4. Examine the active records. If you see a blank table under MX or TXT, your records have either not been configured correctly or are still propagating.

What healthy email DNS records look like

When you run a lookup, a properly configured domain for Google Workspace should show records similar to this:

1. MX Records

  • Type: MX
  • Value/Target: SMTP.GOOGLEMAIL.COM or ASPMX.L.GOOGLE.COM
  • Priority: 1 (or 10, as specified by your provider)

2. SPF Record (TXT)

  • Type: TXT
  • Name/Host: @ (or blank)
  • Value: v=spf1 include:_spf.google.com ~all

3. DMARC Record (TXT)

  • Type: TXT
  • Name/Host: _dmarc
  • Value: v=DMARC1; p=none; rua=mailto:dmarc-reports@yourdomain.com

Troubleshooting: Why did my DNS updates fail?

If you added these records in your GoDaddy, Namecheap, or Cloudflare dashboard but they still show as missing in a lookup, look for these common mistakes:

  • Duplicate SPF records: You must only have one SPF record starting with v=spf1. If you use both Google Workspace and Mailchimp, do not create two TXT records. Instead, combine them into one: v=spf1 include:_spf.google.com include:servers.mcsv.net ~all. Two SPF records will cause both to fail validation.
  • Missing underscores: Security TXT records require strict naming syntax. A DMARC record must be set on the host sub-domain _dmarc.yourdomain.com, not the root domain. Note the leading underscore.
  • DNS proxying enabled: If you use Cloudflare, make sure your email-related records (like MX) are DNS-only (grey cloud) and not proxied (orange cloud). Proxying email records will break delivery.

Checklist: Before you send your next email

  • Did you delete any old MX records pointing to your domain registrar’s default parking page?
  • Is there exactly one SPF TXT record on your root domain?
  • Did you set up the _dmarc host TXT record to protect your domain reputation?
  • Did you wait at least 30 minutes after making registrar updates before checking propagation?
  • Did you test delivery by sending a message to a free test service like mail-tester?

FAQ

Can a domain have no DNS records and still be registered?

Yes. When you register a domain, it has an owner but is functionally silent on the web until you configure nameservers. A lack of DNS records is a common signal of an unused domain, but you must always check registrar availability before assuming you can register it.

Why does it take up to 48 hours for DNS records to update?

Computers around the world cache DNS lookups to keep the web fast. If a server looked up your domain when the MX records were missing, it may remember that empty state until the cache expires, a duration controlled by the Time-To-Live (TTL) value.

What is the difference between SPF and DKIM?

SPF is like a guest list at a club door, checking if the sending server’s IP address is on the authorized list. DKIM is like a sealed, signed wax stamp on a letter, proving the message was not altered or spoofed while traveling across the web.

Next step

If your custom mailbox is bouncing incoming or outgoing emails, paste your domain into our DNS lookup tool right now. Scan the TXT and MX tables to spot missing values, fix them in your DNS manager, and verify them again once propagation completes.

Disclaimer: DNS configurations depend entirely on your specific email provider and registrar. Always double check host-specific guides (like Google Workspace or Microsoft 365 setup documents) to ensure correct syntax.

Inspect live DNS records

Pull A, AAAA, MX, NS, and TXT answers for a hostname before you assume nothing is configured.

Open DNS lookup