## My domain is verified but I'm still seeing issues in the email headers - why?

\*\*When you see header issues despite domain verification:

\*\*

1.  **Authentication Check:**

- Verify all authentication methods (SPF, DKIM, and DMARC) are passing.
- Check Return-Path alignment with From domain.
- Ensure DKIM signatures are valid and using correct selectors.

1.  **Common Issues:**

- Mismatched sending domains.
- Incorrect authentication record implementation.
- Missing or incorrect DKIM keys.
- Sending configuration issues in your Email account.

For specific header issues, check your Email dashboard or contact Email support with the full headers for detailed analysis.

## Why is my SPF failing?

To troubleshoot SPF failures:

1.  Identify your Return-Path (bounce) domain from your email headers
2.  Locate the sending IP address(es)
3.  Use the [Vamsoft SPF Policy Tester](https://vamsoft.com/support/tools/spf-policy-tester) to diagnose issues
4.  Common causes of SPF failures:
    - Missing include:Emailmail.com in SPF record
    - Incorrect IP addresses in SPF record
    - Too many DNS lookups (exceeding 10 lookup limit)
    - Syntax errors in SPF record

## Is DMARC required?

Yes, DMARC is now mandatory due to 2024 requirements from major mailbox providers:

- Gmail and Yahoo require at minimum a DMARC policy of "p=none"
- Recommended DMARC Implementation Process:
  1.  Start with "p=none" for at least one week
  2.  Monitor reports and fix any authentication issues
  3.  Gradually progress to "p=quarantine" following Gmail's recommended rollout plan
  4.  Eventually move to "p=reject" for maximum protection

For detailed guidance, review [Gmail's DMARC rollout recommendations](https://support.google.com/a/answer/10032473?hl=en).

## What's involved in setting up Brand Indicators for Message Identification (BIMI)?

BIMI setup requires these key components:

1.  Email Authentication Requirements:

- Fully implemented and passing DMARC validation
- DMARC policy must be set to either:
  - "quarantine" with 100% policy (pct=100)
  - OR "reject"

- This applies to both your sending domain and organizational domain (if different)

1.  BIMI DNS Record:

- Must publish a valid BIMI record in your DNS
- Record should point to:
  - Your logo in SVG format (meeting BIMI specifications)
  - A Verified Mark Certificate (VMC) if required by receiving mailbox providers

[BIMI Group's official implementation guide](https://bimigroup.org/implementation-guide/)

## Why is my domain not verifying?

When your domain fails to verify, follow these troubleshooting steps:

1.  Check for Conflicting DNS Records: recommend tool - [MxToolbox](https://mxtoolbox.com/SuperTool.aspx?)

- Look for existing TXT or CNAME records from previous email service providers
- If found, remove these outdated records before adding Email records

1.  Verify DNS Record Implementation:

- Confirm records are added to the correct domain/subdomain
- Double-check that all records match Email's provided values exactly
- Allow 24-48 hours for DNS propagation after making changes

1.  If everything looks fine, you can submit a ticket with Bird support to get help on identifying the issue.

1.  Contact Your Domain Registrar:

- If issues persist, your domain registrar can confirm whether DNS changes are properly implemented
- They can also verify there are no restrictions preventing record updates