Summary
When Intercom subdomain authentication fails despite adding DNS records, it's crucial to investigate various potential issues. These include: ensuring DNS record values are accurate and free of typos; verifying DNS record propagation across different geographic locations; checking for conflicting DNS records; ensuring the DNS provider fully supports the required record types; investigating potential CDN interference; verifying that TTL values are not excessively high; addressing potential browser caching issues; ensuring the subdomain isn't blocked or blacklisted; confirming that the Intercom user account has the necessary permissions; examining CAA records; and considering the possibility of temporary issues on Intercom's side. Monitoring DNS records with tools is highly recommended, and if all else fails, contacting Intercom support is advised.
Key findings
- DNS Propagation: DNS changes require time to propagate; delays can prevent immediate authentication.
- Record Accuracy: Typographical errors in DNS records can cause authentication failures.
- Record Conflicts: Conflicting DNS records can interfere with Intercom's authentication process.
- Provider Support: Some DNS providers may not fully support necessary record types (CNAME).
- CDN Interference: Content Delivery Networks (CDNs) can sometimes interfere with DNS verification.
- TTL Values: High TTL values can delay DNS propagation.
- Blacklisting: The subdomain might be blocked or blacklisted, preventing authentication.
- Account Permissions: Insufficient user account permissions within Intercom can prevent successful authentication.
- CAA Records: Misconfigured CAA records can interfere with DNS lookups.
- Intercom Issues: The Intercom authentication process may be experiencing temporary issues.
- DNS Monitoring: DNS issues can be intermittent and location-specific.
Key considerations
- Wait for Propagation: Allow sufficient time for DNS changes to propagate (up to 48 hours).
- Verify Record Accuracy: Carefully check DNS records for typographical errors or formatting mistakes.
- Resolve Conflicts: Identify and remove any conflicting DNS records.
- Check Provider Compatibility: Ensure the DNS provider fully supports the required record types (CNAME).
- Bypass CDN: Temporarily bypass the CDN to see if it's interfering with authentication.
- Adjust TTL Values: Lower TTL values to speed up DNS propagation.
- Check Blocklists: Ensure that the subdomain isn't blocked or blacklisted.
- Verify Permissions: Confirm that the Intercom user account has sufficient permissions.
- Check CAA Records: Verify correct CAA record configuration.
- Try Again Later: If Intercom's system is experiencing issues, try the verification process again later.
- Monitor DNS: Employ DNS monitoring tools to ensure changes are correctly applied and visible.
- Contact Support: Contact Intercom support for further assistance if the problem persists.
What email marketers say
11 marketer opinions
When Intercom subdomain authentication fails despite adding DNS records, several potential issues should be investigated. These include: differences in DNS servers between the primary domain and subdomain, DNS propagation delays, incorrect CNAME record formatting, conflicting DNS records, issues on Intercom's end, problems with CDN interference, excessively high TTL values, browser caching issues, blacklisting and/or account permission errors. Troubleshooting steps involve verifying record accuracy, checking DNS propagation using online tools, and contacting Intercom support.
Key opinions
- DNS Propagation: DNS records might not have fully propagated yet. Propagation can take up to 48 hours.
- Record Accuracy: CNAME records should be checked for formatting errors like trailing dots or typos.
- Conflicting Records: Existing DNS records may conflict with Intercom authentication records.
- Intercom Issues: There may be temporary issues with the Intercom authentication process itself.
- CDN Interference: A CDN might be interfering with DNS verification.
- TTL Values: High TTL values can delay propagation. Lowering them may help.
- Blacklisting: The subdomain may be blocked or blacklisted.
Key considerations
- Verify DNS Servers: Check if the primary domain and subdomain are using different DNS servers.
- Inspect CNAME Format: Ensure there are no formatting errors in the CNAME records.
- Resolve Conflicts: Remove any conflicting DNS records.
- Test Without CDN: Temporarily disable the CDN to see if it resolves the issue.
- Adjust TTL: Lower the TTL values for faster propagation.
- Contact Intercom: If issues persist, contact Intercom support for assistance.
- Check account permissions: Check if the user has correct account permissions within Intercom
Marketer view
Email marketer from Email Deliverability Blog suggests that the Intercom authentication process itself might be experiencing temporary issues. Try waiting a few hours and then re-attempting the verification process within Intercom.
15 Jun 2023 - Email Deliverability Blog
Marketer view
Email marketer from Webmaster Forum says that excessively high TTL (Time To Live) values on DNS records can delay propagation. Lowering the TTL value before adding the Intercom records can speed up the verification process.
23 Oct 2021 - Webmaster Forum
What the experts say
2 expert opinions
When facing Intercom subdomain authentication failures, it's crucial to actively monitor DNS record propagation using tools like DNS Spy to ensure changes are correctly applied and visible across different locations. Additionally, checking for misconfigured CAA records, though primarily related to SSL certificates, is important because they can unexpectedly interfere with DNS lookups, potentially impacting subdomain authentication.
Key opinions
- DNS Monitoring: DNS issues can be intermittent and location-specific, making monitoring crucial.
- CAA Records: Misconfigured CAA records can interfere with DNS lookups.
Key considerations
- Use DNS Spy: Employ DNS monitoring tools to ensure changes are correctly applied and visible.
- Check CAA Records: Verify that CAA records are correctly configured to avoid interference with DNS lookups.
Expert view
Expert from Word to the Wise suggests checking for CAA (Certificate Authority Authorization) records. Although primarily for SSL certificates, misconfigured CAA records can sometimes interfere with DNS lookups in unexpected ways, potentially impacting subdomain authentication.
20 Apr 2022 - Word to the Wise
Expert view
Expert from Word to the Wise explains that it is important to monitor the DNS records and their propagation using tools like DNS Spy to ensure the changes are correctly applied and visible across different locations. This is because DNS issues can often be intermittent and location-specific.
4 Apr 2022 - Word to the Wise
What the documentation says
6 technical articles
Intercom subdomain authentication failures after adding DNS records can stem from several documented issues. DNS propagation delays (up to 48 hours) can prevent immediate recognition by Intercom. Incorrect DNS record values, even minor typos, can also cause failures, emphasizing the need for precise copying. DNS provider limitations on record types (e.g., CNAME) must be considered. Tools like MXToolbox and Whatsmydns.net are recommended to verify DNS resolution and propagation across multiple locations, helping identify caching issues. Finally, the Intercom user account used for configuration needs appropriate permissions for email sending and domain authentication.
Key findings
- Propagation Delay: DNS changes require time (up to 48 hours) to propagate across the internet.
- Record Accuracy: Exact DNS record values are critical for successful authentication; typos cause failures.
- Provider Limitations: DNS providers may have limitations on supported record types (CNAME) that can impact authentication.
- Account Permissions: The Intercom user needs correct permissions to modify settings.
Key considerations
- Allow Propagation Time: Wait up to 48 hours for DNS changes to propagate fully before troubleshooting.
- Verify Record Values: Double-check that all DNS record values are copied exactly as provided by Intercom.
- Check Provider Support: Ensure the DNS provider fully supports CNAME records and has no limitations affecting authentication.
- Use DNS Tools: Use tools like MXToolbox and Whatsmydns.net to verify DNS resolution and propagation.
- Verify Permissions: Ensure that the Intercom user account used to configure the authentication has the necessary permissions.
Technical article
Documentation from Cloudflare Support highlights that some DNS providers might not fully support certain record types or have specific requirements. Ensure that the DNS provider fully supports CNAME records and that there are no limitations affecting the authentication process.
25 Jun 2022 - Cloudflare Support
Technical article
Documentation from Intercom Help Center emphasizes the importance of copying the DNS record values exactly as provided by Intercom. Even a minor typo can prevent successful authentication. It is important to confirm the records were copied correctly.
24 Jun 2021 - Intercom Help Center
How can I resolve SPF record lookup limits with Netfirms webmail?
How do I properly set up a DMARC record on Wix and when should I change the policy?
How do I properly set up SPF and DKIM records for email marketing, including handling multiple SPF records, IP ranges, bounce capturing, and Google Postmaster Tools verification?
What are some examples of common but unusual SPF and MX records?
What are SPF, DKIM, and DMARC, and when are they needed?
Why is DKIM failing and how do I set it up for a subdomain?
