When I look up the TXT records for my domain (matienzo.org
), I have discovered I only get one returned despite there being 3 set for the domain itself (i.e., not for a subdomain):
$ dig +noall +answer TXT matienzo.org @4.2.2.2
matienzo.org. 3600 IN TXT "v=spf1 include:_spf.protonmail.ch ~all"
Background: I recently switched to Proton Mail for my domain matienzo.org
(Netlify site name matienzo.netlify.app
), which has its DNS hosted by Netlify. Proton Mail requires multiple TXT records be set for a given domain - for domain verification, as well as for SPF.
I’ve verified that I’ve set these both correctly, but I’ve been getting rotating set of notifications from Proton Mail that there are DNS issues detected. If I, for example, delete and readd the TXT record for SPF, I get the following:
[ERROR] Domain no longer verified. This domain and its addresses will be disabled soon if not fixed.
If I delete and readd the TXT record for the Proton Mail domain verification, I get:
[WARNING] SPF record no longer includes Proton. This may impact your email delivery.
However, I’m not running into this issue with other domains that are using Netlify DNS, including another that I recently set up to use Proton Mail:
$ dig +noall +answer TXT imprecision.art @4.2.2.2
imprecision.art. 3600 IN TXT "v=spf1 include:_spf.protonmail.ch ~all"
imprecision.art. 3600 IN TXT "protonmail-verification=7b0f8b88ca9b6cc2966901ab9ac5432f8bcb46fc"