Suped

What are IDN/Punycode domains and what does a screwed up Gmail authorization record look like?

11 Marketer opinions2 Expert opinions5 Technical articles2 Resources

Summary

IDN/Punycode domains use Unicode characters converted to ASCII for DNS compatibility, allowing for broader language support. However, they present phishing risks and face deliverability issues due to inconsistent support across systems. A common Gmail authorization error is pasting the TXT record into MX record fields, which prevents email delivery. Fixing this involves correctly setting up MX and TXT records as prescribed by Google Workspace and testing across different email clients. Ensure systems universally accept all domain name scripts.

Key findings

  • IDN/Punycode Domains: Represent Unicode characters in ASCII format for DNS compatibility.
  • Phishing Risk: IDNs can be used in phishing attacks by utilizing similar-looking characters.
  • Deliverability Issues: Inconsistent support for IDNs across email clients and servers can cause delivery problems.
  • Gmail Authorization Error: Pasting the TXT record into the MX record field is a common misconfiguration in Google Workspace.
  • Importance of MX Records: Correct MX record setup is crucial for directing email to the correct mail server.
  • TXT vs MX Record Usage: TXT records provide text information and should not be used in place of MX records.
  • Universal Acceptance: Ensuring all systems support and correctly process all domain name scripts.

Key considerations

  • Thorough Testing: Test IDN handling across various email clients and systems to ensure proper display and functionality.
  • Correct DNS Configuration: Verify that MX and TXT records are configured according to Google Workspace instructions.
  • Phishing Awareness: Be aware of potential phishing attacks using visually similar IDN characters.
  • Address Universal Acceptance: Ensure all systems support and process all domain name scripts correctly.
  • DNS Settings Check: Verify DNS settings and ensure MX records are correctly configured.

What email marketers say
11Marketer opinions

IDN/Punycode domains use non-ASCII characters, converted for DNS compatibility, allowing for broader language support. However, they can be used in phishing and may face deliverability issues due to inconsistent support across systems. A common Gmail authorization error is pasting the TXT record into MX record fields, causing email delivery failure. Fixing this involves correctly setting up MX and TXT records as provided by Google Workspace.

Key opinions

  • IDN/Punycode Purpose: IDN/Punycode domains enable the use of non-ASCII characters in domain names, broadening language support and local recognition.
  • Phishing Risk: IDNs can be exploited in phishing attacks by using similar-looking characters from different alphabets.
  • Deliverability Issues: Inconsistent support for IDNs across email clients and servers can cause deliverability problems, including emails being blocked or marked as spam.
  • Gmail Authorization Error: A common misconfiguration is pasting the TXT record into the MX record field when setting up Google Workspace, which prevents email delivery.
  • MX record and TXT record differences: TXT records are for text information, whereas MX records are for routing emails to mail servers.

Key considerations

  • Test IDN Support: Test email deliverability with IDN addresses across various email clients and systems to ensure proper display and functionality.
  • Verify DNS Records: When setting up Google Workspace, carefully verify that MX and TXT records are configured according to Google's instructions to avoid email delivery issues.
  • Be aware of Phishing: Be aware of domains using IDN to spoof a real URL.
  • Proper Set Up of MX: Set up MX records as provided by Google Workspace.
Marketer view

Email marketer from VeriSign shares that Punycode is a way to represent Unicode characters using the limited ASCII character set, allowing for the use of non-English characters in domain names. It provides compatibility with the existing DNS infrastructure.

April 2021 - VeriSign
Marketer view

Email marketer from StackOverflow shares that a common mistake is to paste the TXT verification record into the MX record field when setting up Google Workspace. This leads to a non-functional email setup, because MX records require specific server address formats, not arbitrary text.

December 2023 - StackOverflow
Marketer view

Email marketer from Reddit shared the best fix for the TXT and MX record misconfiguration is to go into your DNS settings and verify each record is setup with the values prescribed by Google Workspace for your domain.

December 2021 - Reddit
Marketer view

Marketer from Email Geeks explains that the domain is an IDN or Punnycode domain. The original language is not ASCII, and it looks different in its original form. They advise against sending emails to it and provide a converter link.

July 2024 - Email Geeks
Marketer view

Email marketer from Namecheap shares that While Punycode allows for non-ASCII characters, some email clients or services may not fully support IDNs, which could lead to display issues or delivery problems. It's important to test email deliverability with IDN addresses.

October 2023 - Namecheap
Marketer view

Marketer from Email Geeks says it's a mix between a TXT record for ownership verification and an MX record for Google Apps.

September 2022 - Email Geeks
Marketer view

Email marketer from LinkedIn explains that there are still potential issues with email deliverability when using IDNs. Some mail servers and spam filters might not properly handle these domains, leading to emails being blocked or marked as spam. Always test deliverability before widespread use.

September 2024 - LinkedIn
Marketer view

Email marketer from DNS Records explains that TXT records are generally used to provide text information about the domain, most commonly used for domain verification (like Google Workspace) or SPF records. They should not be used as MX records.

August 2021 - DNS Records
Marketer view

Email marketer from Reddit explains that IDNs can be used in phishing attacks. Attackers register domain names that look very similar to legitimate domains but use different character sets (e.g., using Cyrillic 'a' instead of Latin 'a'). Users may not notice the difference, leading them to enter credentials on a fake website.

September 2022 - Reddit
Marketer view

Email marketer from MXToolbox shares that when troubleshooting email delivery issues, it's essential to check the MX records for your domain. If the MX records are missing, point to the wrong server, or contain unexpected entries (like a TXT record), emails will not be delivered correctly.

August 2022 - MXToolbox
Marketer view

Email marketer from GoDaddy explains that using IDNs allows businesses to reach a wider audience by offering domain names in various languages and character sets. This enables local customers to easily recognize and remember their website addresses.

May 2023 - GoDaddy

What the experts say
2Expert opinions

IDN support is not universal, so testing is critical for deliverability. Gmail authorization errors often involve incorrectly pasting the TXT record into the MX record, causing email delivery failure and requiring MX record resolution.

Key opinions

  • IDN Support: Older systems may not fully support IDNs, necessitating thorough testing.
  • Gmail MX record Errors: Pasting the TXT record in the MX record during Gmail setup is a common authorization error.
  • Consequences of MX Record Errors: Incorrect MX record configuration results in email delivery failure.

Key considerations

  • Test IDNs: Test how IDNs are handled across different email clients and systems.
  • Resolve MX Records: Ensure correct MX record setup for Gmail authorization to guarantee email deliverability.
Expert view

Expert from Word to the Wise explains that while IDNs are gaining support, many older systems and software may not fully support them. He shares that it's essential to test how IDNs are handled by different email clients and systems to ensure proper display and functionality.

March 2022 - Word to the Wise
Expert view

Expert from Email Geeks explains that the MX record issue looks like someone made a mistake with their Gmail/Google authorization records, pasting the TXT record in the MX. They also explain this means they don't receive mail and it's important to resolve MX records.

March 2024 - Email Geeks

What the documentation says
5Technical articles

IDNs use Unicode, converted to ASCII Punycode for DNS compatibility. Correct MX record setup is crucial for email delivery, especially in Google Workspace, where TXT records should not replace MX records. Universal acceptance ensures all scripts work across all systems.

Key findings

  • IDN Definition: IDNs use Unicode characters, converted to ASCII Punycode.
  • MX Record Importance: Correctly configured MX records are crucial for email delivery.
  • Google Workspace Setup: Follow instructions carefully for MX and TXT records to avoid misconfiguration.
  • Punycode Reversibility: Punycode conversion is reversible, allowing recovery of the original Unicode string.
  • Universal Acceptance: Universal Acceptance ensures all domain names and email addresses are universally accepted.

Key considerations

  • Follow Instructions: Adhere to setup instructions, especially for DNS records.
  • Verify MX Records: Verify MX records to ensure correct email routing.
  • Ensure Universal Acceptance: Ensure all systems support and correctly process all domain name scripts.
Technical article

Documentation from Google Domains explains that DNS records must be setup according to the instructions to enable services to function. For Google Workspace, follow all instructions for MX records, TXT records etc. or risk a misconfiguration.

April 2022 - Google Domains
Technical article

Documentation from Internet Society shares that universal acceptance is about ensuring all domain names and email addresses, regardless of script, can be used by all applications, devices, and systems. It means websites are accessible, email is delivered, and users can fully participate online, no matter their language or script.

August 2024 - Internet Society
Technical article

Documentation from ICANN explains that Internationalized Domain Names (IDNs) are domain names represented by Unicode characters. Since the Domain Name System (DNS) is based on ASCII characters, IDNs are converted into Punycode, an ASCII representation of Unicode.

February 2025 - ICANN
Technical article

Documentation from Google explains that MX records direct email to your mail server. Incorrectly configured MX records (e.g., TXT record pasted instead of MX) will prevent you from receiving email. You need to verify your domain and properly set up your MX records.

July 2023 - Google
Technical article

Documentation from RFC Editor explains that Punycode is a transformation of Unicode strings into strings consisting only of basic ASCII characters. The transformation is reversible, so the original Unicode string can be recovered. It's designed to be efficient and unambiguous.

May 2024 - RFC Editor

Related resources
2Resources

Stalwart Mail - Secure & Modern All-in-One Mail Server (IMAP ...
Stalwart Mail - Secure & Modern All-in-One Mail Server (IMAP ...

Stalwart Mail Server is an open-source mail server solution with JMAP, IMAP4, and SMTP support and a wide range of modern features. It is written in Rust and designed to be secure, fast, robust and scalable.

Reddit
utf8-domains are not valid · Issue #47 · postfixadmin/postfixadmin ...
utf8-domains are not valid · Issue #47 · postfixadmin/postfixadmin ...

"Invalid domain name schönwetterwolke.at, fails regexp check" Please, edit the regexp filter for adding domains to allow domains with UTF-8 encoding. Postfix [1] enabled the utf8-support by default...

GitHub

Related questions