Hi, I am trying to setup my dns to be used for email on iCloud. I run into an issue with SPF, even though I have tried setting it up as a TXT and another time as SPF.
iCloud instructions say to set the value as ““v=spf1 redirect=icloud.com”” so I tried with and without the quote marks.
Any help is greatly appreciated.
Happy Holidays!
I solved it using txt record not SPF, and without the double quotes around the value.
Hey, I’m having the same issue - did you use single quotes or no quotes at all? Everything I’m trying seems to throw the same “Check your SPF record” issue with Apple. Thanks!
hi, I’m having the same problem.
I’ve tried SPF, TXT records, values with quotes, without quotes, the alternate redirect directive from the German Apple support page (“v = spf1 redirect =icloud.com”) Bestehende Domain mit iCloud Mail einrichten - Apple Support (DE)
all the while getting the “check your SPF record” response from apple
SPF is telling me everything is ok when I create a txt record and enter the value
v=spf1 include:icloud.com ~all
no quotes or anything.
I’ll now wait an hour for any apple caches to clear and hope no-one sends me an email in that time…
It takes time for DNS records to propagate—anything up to 48 hours—so you may just need to wait a little longer.
If you are still having issues, can you provide the domain you are setting these records for.
For icloud+ custom domain, _dmarc is required.
v=DMARC1; p=reject; exact value TXT 3600 _dmarc.<your.domain>
sig1.dkim.<your.domain>.at.icloudmailadmin.com. exact value CNAME 3600 sig1._domainkey.<your.domain>
v=spf1 include:icloud.com ~all exact value TXT 3600 (already mentioned)
apple-domain=<id> exact value TXT 3600 (I was able to do this from my phone and netlify DNS console on my desktop).
Hey did you ever fix this problem? I fixed by SPF by using the TXT after realizing the apple instructions created a depricated error which is good–I like that, one problem solved.
Now, I’m getting “Verification code cannot be found in domain” after tapping “Records are Updated” in Apple’s iCloud+ Customer Email Domain Setup menus–all I can do is dismiss the dialog prompt and left with no other recourse. Now seeing that “CNAME” record is not propogating on DNS Checker. So that could be an issue, but all instructions have been verified by chatGPTs image reader via copy-pasted instruction sets.
Anyone have an answer? Pretty sure I’m getting close to or over the 48hr mark, and obviously a TTL time of 1hr or less isn’t going to assist in this process, going to leave my settings and records the way they are.
Hi, @domaincarpenter. Netlify’s support team (meaning my colleagues and me) can assist with debugging Netlify’s services including our DNS service. However, we cannot debug iCloud.
If there is a DNS record not working, please let us know what DNS record that is. However, if the iCloud verification isn’t working, we don’t have any way to debug that as we have no access to those systems to do so.
Most of it’s unrelated to adding the custom email domain–although today with the ios17.3.1 they’ve moved the menu for assigning the custom domain.
Aside from that, I’m just looking at getting this domain working corecontracting.pro, CNAME–not propgating, mx–IS propogating (Globally), TXT- IS propagating (Globally–aside from UK 37.209.219.30)
I do have one error:
SOA Serial Number Format is Invalid
dns1.p01.nsone.net reported Serial 1707331165 : Suggested serial format year was 1707 which is before 1970
Not sure how you would encourage users to avoid this in the future–seems like an error on my part? Going to keep debugging here.
To quote Wikipedia:
The serial number is the time of last modification to the zone’s data file expressed as the number of seconds since the UNIX epoch. This method is used by default in the djbdns suite.[7] Although it uses a 32-bit counter, it is not susceptible to the year 2038 problem due to the effect of serial number arithmetic.
So 1707331165 is the timestamp which you can use Epoch Converter to decipher.
I don’t understand why a user has to decipher this lol what is this the end of an epoch?
In all seriousness I’ll check this out thanks!
Hi, @domaincarpenter. The Unix epoch timestamps are something that second nature for people working with Unix/Linux and Greek to everyone else.
The Unix/Linux date command can convert these using the -r option like so:
$ date -r 1707331165
Wed Feb 7 10:39:25 PST 2024
About the non-working CNAME record, I see only a single CNAME record and it is working when I test it. Here is a link to a Google Dig (DNS query tool) lookup that shows it working.
Again, the only CNAME is working when I test. If there is another CNAME not working for you (or if this domain name isn’t working for you), please let us know the exact domain name which was created but isn’t working.