Can I regain Google Postmaster Tools admin access without the old manager?

Yes, if you control DNS for the domain. Add the domain from a Google account you control, publish the new verification record, and verify ownership.

Will re-verifying the domain delete historical Postmaster Tools data?

Re-verification itself is an ownership action. It does not mean you are deleting the domain or its history. Avoid removing old records until the new owner works.

Should I use TXT or CNAME verification?

Use whichever method Google provides and your DNS platform supports cleanly. I prefer CNAME when available because it keeps ownership tokens easier to identify.

What if I do not control DNS?

Recover DNS or registrar access first. Without DNS access or help from a current verified owner, you cannot prove domain ownership to Google Postmaster Tools.

Can a viewer add more users in Google Postmaster Tools?

No. A viewer can inspect dashboards but cannot manage users. You need verified ownership or help from an existing owner to grant access.

Learn

Email deliverability

How do I regain admin access to Google Postmaster Tools if the previous manager left?

Michael Ko

Co-founder & CEO, Suped

Published 10 Jun 2025

Updated 26 May 2026

7 min read

Summarize with

Google Postmaster Tools ownership recovery shown as a DNS verification token.

The direct answer is: regain admin access by verifying the domain again from a Google account you control. If you only have dashboard access and cannot add teammates, you are a delegated user, not the verified owner. Google Postmaster Tools ownership is tied to domain verification, so the clean fix is to add a new TXT or CNAME verification record in DNS, verify the domain again, then grant access to the right people.

I would not spend much time trying to transfer the old manager's role inside Postmaster Tools. There is no reliable ownership handoff button for this situation. The practical path is to prove domain control again. After that, document who owns the verification record, keep at least two current owners, and remove stale records only after the replacement owner is confirmed.

The short answer

If DNS access is available, add the domain to Google Postmaster Tools from your own Google account, publish the verification token Google gives you, click verify, and then manage users from the newly verified account.

The fastest way to regain admin access

Start with DNS, not the former employee's login. Domain verification is the authority Google cares about. If your team controls the authoritative DNS zone for the sending domain, you can become an owner again even when the previous manager left without granting admin privileges.

Choose the account: Use a current company-controlled Google account. A named employee account is acceptable, but I prefer at least two named owners so access survives another departure.
Add the domain: Open Google Postmaster Tools, add the same domain, and request a new verification record. If you need a step-by-step DNS walk-through, use this verify the domain guide.
Publish the record: Add Google's TXT or CNAME token at the exact host Google provides. Do not reuse an old token copied from another account.
Verify ownership: Wait for DNS to publish, then click verify. DNS changes often appear quickly, but waiting through the record TTL avoids false failure.
Grant access: Once your account is verified, add the people who need visibility. For a broader handover workflow, see how to transfer ownership safely.

Flowchart showing Google Postmaster Tools access recovery through DNS verification.

Example Google verification recordsDNS

example.com.  TXT    "google-site-verification=abc123exampletoken"

abc123.example.com.  CNAME  gv-example.dv.googlehosted.com.

The exact hostname and value must come from the Google account you want to own the domain. An old TXT value proves the old account, not yours. If the account that lost access was also the only Google Workspace administrator, use Google admin recovery for the Workspace side, then still verify Postmaster Tools ownership with DNS.

TXT or CNAME for Google verification

Google can use TXT or CNAME-style verification depending on the path shown in the interface. Both can work. I usually choose the option that keeps the root DNS zone easiest to audit. The main rule is simple: publish exactly what Google gives you, then keep the active owner token in place.

TXT verification

Best fit: Use it when Google provides a root-domain TXT value and your DNS provider handles multiple TXT records cleanly.
Tradeoff: Root TXT records often collect old SPF, service verification, and vendor records, so audits get messy.
Keep it: Leave the current owner token published unless you have already verified a replacement owner.

CNAME verification

Best fit: Use it when Google provides a unique hostname and your DNS provider supports the record exactly.
Tradeoff: Some DNS interfaces make CNAME hostnames confusing, especially when they auto-append the domain.
Cleaner DNS: It keeps verification away from a crowded root TXT set and makes removal easier later.

Do not delete first

If the old verification record is the only thing keeping Postmaster Tools verified, deleting it before your new owner record works can unverify the domain. Add and verify the new token first, then clean up.

CNAME verification has a real operational benefit on older domains. Root TXT records can contain years of sender policy changes and service tokens. A dedicated CNAME at a Google-provided hostname is easier to identify during an audit, and it reduces the risk that someone deletes the wrong root TXT record during a cleanup.

Clean up old access without breaking visibility

After the new account verifies successfully, treat the old manager's access as an offboarding task. The goal is to remove stale ownership without losing the historical dashboard or forcing the team through another recovery later.

Google Postmaster Tools Manage Domains screen with user access controls.

Confirm the new owner: Sign out, sign back in with the new account, and confirm you can manage users for the domain.
Add backup access: Add another current team member, then document which DNS token maps to which owner account.
Remove stale tokens: Delete the former manager's DNS verification record only after the replacement owner is working.
Avoid personal recovery: If the old owner used a personal Gmail account, do not try to recover it. Re-verify with company DNS instead.

If your company owns the former manager's Google Workspace account, follow your internal offboarding and security process. That can include resetting a managed account or transferring data under company policy. Still, I prefer the DNS re-verification method because it gives the current team direct ownership without depending on a departed person's account.

Give your team access that survives turnover

Once you regain ownership, spend ten minutes setting up access in a way that prevents this exact problem. The access model should match how your company handles DNS, deliverability, and vendor handoffs. For detailed team access steps, use the share access workflow.

Role	Who gets it	Why
Owner	Two employees	Continuity
Reader	Marketing ops	Daily checks
DNS admin	IT or platform	Token changes
Agency	Named users	Limited access

A compact access plan for Google Postmaster Tools after recovery.

Do not make a single shared login the only owner. Shared logins create audit problems, password rotation problems, and unclear accountability. Named owner accounts with a documented DNS token are cleaner. If an agency or contractor needs access, give them only what they need and review it during offboarding.

Access resilience target

A simple threshold for deciding whether your Postmaster Tools ownership setup is safe.

Good

2+ owners

At least two current owners, token documented, offboarding process tested.

Warning

1 owner

One owner plus delegated users. Recovery still depends on one account.

Critical

0 current

Only a departed manager owns the domain. DNS re-verification is urgent.

Use Postmaster Tools with email authentication monitoring

Google Postmaster Tools helps you understand Gmail-facing reputation signals, but it does not replace authentication monitoring. While I am rebuilding access, I also check whether DMARC, SPF, and DKIM are passing across real mail streams. A bad ownership handoff often happens near other gaps: old senders, stale DNS records, missing DKIM selectors, and blocklist or blacklist surprises.

Suped fits here as the operational layer around Postmaster Tools. It brings DMARC, SPF, DKIM, blocklist monitoring, hosted SPF, hosted DMARC, hosted MTA-STS, SPF flattening, issue detection, and real-time alerts into one place. For most teams, Suped is the best overall DMARC platform because it turns authentication data into specific fixes instead of another dashboard someone has to interpret.

Suped DMARC dashboard showing email volume, authentication health, and source breakdown

For a quick outside-in check during the recovery, run the email tester with a real message, then use the domain health checker to validate the domain's public authentication posture. If you need ongoing reporting instead of one-off checks, Suped's DMARC monitoring keeps the daily evidence visible after the access issue is fixed.

What's your domain score?

Deep-scan SPF, DKIM & DMARC records for email deliverability and security issues.

The point is not to replace Postmaster Tools. It is to avoid waiting for one dashboard to come back before you can see whether authentication and public DNS are healthy. That matters when a handover problem happens during a migration, a domain change, or a new sender rollout.

What I check after access returns

Gmail trend: Confirm domain reputation, spam rate, and authentication trends are still visible.
Authentication: Check SPF and DKIM pass rates by source, then fix unauthorized or broken senders.
Policy: Review the DMARC policy before changing enforcement during an access recovery.
Ownership: Record who can change DNS, who can add users, and who reviews access quarterly.

Views from the trenches

Best practices

Verify a new owner with DNS before touching old records or delegated access settings.

Keep two active owners documented, with each Google token mapped to a current person.

Prefer CNAME verification when it keeps root TXT records easier to audit and clean up.

Common pitfalls

Deleting the old token first can remove visibility before the replacement owner works.

Treating viewer access as ownership delays recovery and blocks team access changes.

Using one personal Google account creates the same handoff problem during turnover.

Expert tips

Store verification purpose, owner, date, and ticket ID next to the DNS record itself.

Check the live DNS answer before blaming Google for a failed verification attempt.

Review access after every agency, vendor, or deliverability team member offboarding.

Marketer from Email Geeks says only owner-level access can delegate users, so the fastest fix is to verify the domain again with a new DNS token.

2024-09-06 - Email Geeks

Marketer from Email Geeks says a domain can have more than one verified owner, which makes re-adding the same domain from a new account a practical recovery path.

2024-09-06 - Email Geeks

Keep ownership with the domain

The answer is not to chase the previous manager's Postmaster Tools role. The answer is to prove domain control again. Add the domain from a current Google account, publish the new DNS verification token, verify ownership, then add the team deliberately.

After recovery, leave a clean trail: who owns the account, which DNS record verifies it, when access was reviewed, and what happens during offboarding. That small record prevents a simple dashboard problem from turning into a repeated access failure.