How do I resolve issues with 3rd party domain name authentication?

Shopify Discussion

Topic summary

Email domain authentication for a non-Shopify domain failed due to DNS misconfiguration of CNAME records. A DIG query didn’t show the expected CNAMEs, and Shopify marked authentication as failed after ~48 hours. DMARC (spam protection policy) was successfully set via a TXT record, but the CNAME portion remained problematic. Screenshots (DNS entries and Shopify error) were central to diagnosing the issue.

Context: A contributor noted many merchants are experiencing this due to new Google/Yahoo email authentication requirements, not a Shopify-specific change. DNS propagation for CNAMEs can take up to 72 hours.

Resolution: The DNS host was automatically appending the domain name to the end of the CNAME entries, creating incorrect records. The host removed the auto-appended suffix, and after the previous TTL (time-to-live) expired, authentication succeeded.

Key takeaways:

  • Verify the DNS provider isn’t auto-appending the domain to CNAME hostnames.
  • Use the exact CNAME values provided; A records are not needed for this specific authentication step.
  • Allow up to 72 hours for DNS propagation.

Status: Resolved; authentication now passes after correcting CNAMEs and waiting for TTL.

Summarized with AI on January 8. AI used: gpt-5.
1

SOLVED - my host was annoyingly adding my domain name to the end of the DNS entries. They were able to remove that, and once DNS the old TTL expired, It authentcated!

I’m stuck - and having issues trying to get shopify admin to allow my email to use my non-shopify domain name. I understand (high level) how DNS works - but when I do a DIG on my domain name - I don’t see these CNAME records come back.

These are the CNAME records I have created - do I need to remove the domain that’s being added at the end?

johnbatdorf_0-1705082949377.png
johnbatdorf_0-1705082949377.png905×115 11.4 KB

There’s also mention of adding A records and such elsewhere - I’m trying to resolve this error

johnbatdorf_1-1705083028598.png
johnbatdorf_1-1705083028598.png710×168 10.6 KB

2

This has been very frustrating and time consuming for Shopify merchants. We’ve been doing a lot of these the past several days. This isn’t even a requirement Shopify had. This is a requirement Google and Yahoo sprung on the Internet.

When did you create the CNAME records? They can take up to 72 hours to go live. They usually take a lot less.

3

It’s been 48 hours now - it was marked as pending - but now is marked as failed. I have resolved the DMARC issue for email/spam, that worked with the TXT record I added to my DNS - I’m just stuck on this now.