Suped

Why is my Intercom subdomain authentication failing even after DNS records are added?

11 Marketer opinions2 Expert opinions6 Technical articles5 Resources

Summary

When Intercom subdomain authentication fails despite adding DNS records, it's crucial to investigate various potential issues. These include: ensuring DNS record values are accurate and free of typos; verifying DNS record propagation across different geographic locations; checking for conflicting DNS records; ensuring the DNS provider fully supports the required record types; investigating potential CDN interference; verifying that TTL values are not excessively high; addressing potential browser caching issues; ensuring the subdomain isn't blocked or blacklisted; confirming that the Intercom user account has the necessary permissions; examining CAA records; and considering the possibility of temporary issues on Intercom's side. Monitoring DNS records with tools is highly recommended, and if all else fails, contacting Intercom support is advised.

Key findings

  • DNS Propagation: DNS changes require time to propagate; delays can prevent immediate authentication.
  • Record Accuracy: Typographical errors in DNS records can cause authentication failures.
  • Record Conflicts: Conflicting DNS records can interfere with Intercom's authentication process.
  • Provider Support: Some DNS providers may not fully support necessary record types (CNAME).
  • CDN Interference: Content Delivery Networks (CDNs) can sometimes interfere with DNS verification.
  • TTL Values: High TTL values can delay DNS propagation.
  • Blacklisting: The subdomain might be blocked or blacklisted, preventing authentication.
  • Account Permissions: Insufficient user account permissions within Intercom can prevent successful authentication.
  • CAA Records: Misconfigured CAA records can interfere with DNS lookups.
  • Intercom Issues: The Intercom authentication process may be experiencing temporary issues.
  • DNS Monitoring: DNS issues can be intermittent and location-specific.

Key considerations

  • Wait for Propagation: Allow sufficient time for DNS changes to propagate (up to 48 hours).
  • Verify Record Accuracy: Carefully check DNS records for typographical errors or formatting mistakes.
  • Resolve Conflicts: Identify and remove any conflicting DNS records.
  • Check Provider Compatibility: Ensure the DNS provider fully supports the required record types (CNAME).
  • Bypass CDN: Temporarily bypass the CDN to see if it's interfering with authentication.
  • Adjust TTL Values: Lower TTL values to speed up DNS propagation.
  • Check Blocklists: Ensure that the subdomain isn't blocked or blacklisted.
  • Verify Permissions: Confirm that the Intercom user account has sufficient permissions.
  • Check CAA Records: Verify correct CAA record configuration.
  • Try Again Later: If Intercom's system is experiencing issues, try the verification process again later.
  • Monitor DNS: Employ DNS monitoring tools to ensure changes are correctly applied and visible.
  • Contact Support: Contact Intercom support for further assistance if the problem persists.

What email marketers say
11Marketer opinions

When Intercom subdomain authentication fails despite adding DNS records, several potential issues should be investigated. These include: differences in DNS servers between the primary domain and subdomain, DNS propagation delays, incorrect CNAME record formatting, conflicting DNS records, issues on Intercom's end, problems with CDN interference, excessively high TTL values, browser caching issues, blacklisting and/or account permission errors. Troubleshooting steps involve verifying record accuracy, checking DNS propagation using online tools, and contacting Intercom support.

Key opinions

  • DNS Propagation: DNS records might not have fully propagated yet. Propagation can take up to 48 hours.
  • Record Accuracy: CNAME records should be checked for formatting errors like trailing dots or typos.
  • Conflicting Records: Existing DNS records may conflict with Intercom authentication records.
  • Intercom Issues: There may be temporary issues with the Intercom authentication process itself.
  • CDN Interference: A CDN might be interfering with DNS verification.
  • TTL Values: High TTL values can delay propagation. Lowering them may help.
  • Blacklisting: The subdomain may be blocked or blacklisted.

Key considerations

  • Verify DNS Servers: Check if the primary domain and subdomain are using different DNS servers.
  • Inspect CNAME Format: Ensure there are no formatting errors in the CNAME records.
  • Resolve Conflicts: Remove any conflicting DNS records.
  • Test Without CDN: Temporarily disable the CDN to see if it resolves the issue.
  • Adjust TTL: Lower the TTL values for faster propagation.
  • Contact Intercom: If issues persist, contact Intercom support for assistance.
  • Check account permissions: Check if the user has correct account permissions within Intercom
Marketer view

Email marketer from Email Deliverability Blog suggests that the Intercom authentication process itself might be experiencing temporary issues. Try waiting a few hours and then re-attempting the verification process within Intercom.

April 2023 - Email Deliverability Blog
Marketer view

Email marketer from Webmaster Forum says that excessively high TTL (Time To Live) values on DNS records can delay propagation. Lowering the TTL value before adding the Intercom records can speed up the verification process.

November 2023 - Webmaster Forum
Marketer view

Marketer from Email Geeks says that the issue could be on the MTA side, or Intercom might need to provide a new key. Suggests asking for help if Intercom's system isn't sensing the authentication and recommends trying to delete and re-add the records or clicking "Verify authentication" again.

October 2023 - Email Geeks
Marketer view

Email marketer from Reddit r/emailmarketing suggests double-checking the CNAME record format. Ensure there are no trailing dots or extra characters in the hostname or value fields of the DNS record, as this can cause authentication failures.

May 2024 - Reddit r/emailmarketing
Marketer view

Email marketer from StackExchange explains that if the subdomain is behind a CDN (Content Delivery Network), the CDN might be interfering with the DNS verification process. Bypassing or temporarily disabling the CDN for that subdomain could help.

June 2021 - StackExchange
Marketer view

Marketer from Email Geeks suggests the issue could be that the web browser isn't refreshing correctly or the session is the problem, recommending logging out and trying again to see if it refreshes on a new login.

November 2021 - Email Geeks
Marketer view

Marketer from Email Geeks suggests that the primary domain and subdomain might be using different DNS servers and asks if it's possible the DNS records haven't propagated yet.

April 2022 - Email Geeks
Marketer view

Marketer from Email Geeks recommends opening a support request with Intercom and advises against using DMARC as a solution, stating that DMARC is rarely the solution.

July 2024 - Email Geeks
Marketer view

Email marketer from EmailGeeks Forum mentions that conflicting DNS records can cause authentication problems. Check for any other existing TXT or CNAME records that might conflict with the Intercom authentication records.

May 2024 - EmailGeeks Forum
Marketer view

Email marketer from Reddit r/Intercom recommends contacting Intercom support, there may be an issue on Intercom's end that requires manual intervention, and provides details on how to contact support and what information to provide.

February 2025 - Reddit r/Intercom
Marketer view

Email marketer from Sendgrid's Documentation suggests ensuring that the subdomain isn't blocked or blacklisted by any security policies. This can prevent proper authentication even if the DNS records are correct.

April 2022 - Sendgrid

What the experts say
2Expert opinions

When facing Intercom subdomain authentication failures, it's crucial to actively monitor DNS record propagation using tools like DNS Spy to ensure changes are correctly applied and visible across different locations. Additionally, checking for misconfigured CAA records, though primarily related to SSL certificates, is important because they can unexpectedly interfere with DNS lookups, potentially impacting subdomain authentication.

Key opinions

  • DNS Monitoring: DNS issues can be intermittent and location-specific, making monitoring crucial.
  • CAA Records: Misconfigured CAA records can interfere with DNS lookups.

Key considerations

  • Use DNS Spy: Employ DNS monitoring tools to ensure changes are correctly applied and visible.
  • Check CAA Records: Verify that CAA records are correctly configured to avoid interference with DNS lookups.
Expert view

Expert from Word to the Wise suggests checking for CAA (Certificate Authority Authorization) records. Although primarily for SSL certificates, misconfigured CAA records can sometimes interfere with DNS lookups in unexpected ways, potentially impacting subdomain authentication.

April 2021 - Word to the Wise
Expert view

Expert from Word to the Wise explains that it is important to monitor the DNS records and their propagation using tools like DNS Spy to ensure the changes are correctly applied and visible across different locations. This is because DNS issues can often be intermittent and location-specific.

July 2024 - Word to the Wise

What the documentation says
6Technical articles

Intercom subdomain authentication failures after adding DNS records can stem from several documented issues. DNS propagation delays (up to 48 hours) can prevent immediate recognition by Intercom. Incorrect DNS record values, even minor typos, can also cause failures, emphasizing the need for precise copying. DNS provider limitations on record types (e.g., CNAME) must be considered. Tools like MXToolbox and Whatsmydns.net are recommended to verify DNS resolution and propagation across multiple locations, helping identify caching issues. Finally, the Intercom user account used for configuration needs appropriate permissions for email sending and domain authentication.

Key findings

  • Propagation Delay: DNS changes require time (up to 48 hours) to propagate across the internet.
  • Record Accuracy: Exact DNS record values are critical for successful authentication; typos cause failures.
  • Provider Limitations: DNS providers may have limitations on supported record types (CNAME) that can impact authentication.
  • Account Permissions: The Intercom user needs correct permissions to modify settings.

Key considerations

  • Allow Propagation Time: Wait up to 48 hours for DNS changes to propagate fully before troubleshooting.
  • Verify Record Values: Double-check that all DNS record values are copied exactly as provided by Intercom.
  • Check Provider Support: Ensure the DNS provider fully supports CNAME records and has no limitations affecting authentication.
  • Use DNS Tools: Use tools like MXToolbox and Whatsmydns.net to verify DNS resolution and propagation.
  • Verify Permissions: Ensure that the Intercom user account used to configure the authentication has the necessary permissions.
Technical article

Documentation from Cloudflare Support highlights that some DNS providers might not fully support certain record types or have specific requirements. Ensure that the DNS provider fully supports CNAME records and that there are no limitations affecting the authentication process.

October 2021 - Cloudflare Support
Technical article

Documentation from Intercom Help Center emphasizes the importance of copying the DNS record values exactly as provided by Intercom. Even a minor typo can prevent successful authentication. It is important to confirm the records were copied correctly.

December 2023 - Intercom Help Center
Technical article

Documentation from Intercom Help Center explains that DNS changes can take up to 48 hours to propagate fully. Even if the DNS records are added correctly, Intercom might not immediately recognize them until propagation is complete.

July 2022 - Intercom Help Center
Technical article

Documentation from MXToolbox explains using tools such as MXToolbox and similar sites to check if the DNS records are resolving correctly from multiple locations. This can help determine if the issue is related to local DNS caching.

July 2022 - MXToolbox
Technical article

Documentation from Intercom Help Center mentions that the Intercom user account used to configure the authentication must have the necessary permissions to modify settings related to email sending and domain authentication.

October 2024 - Intercom Help Center
Technical article

Documentation from Whatsmydns.net says that you should use online tools to check DNS propagation from multiple geographic locations to identify if the DNS records have propagated worldwide or only in certain regions.

March 2023 - Whatsmydns.net

Related resources
5Resources

We found bad DNS records for your domain - App Organization ...
We found bad DNS records for your domain - App Organization ...

I have been trying to connect my domain to my Bubble.io app, but I keep receiving an error message that says ‘We found bad DNS records for your domain.’ I have followed the instructions provided by Bubble.io and added all the A records to my GoDaddy DNS, but I’m still having issues. Can you please provide a step-by-step guide to properly configure the DNS settings for my domain in Bubble.io and GoDaddy? I want to make sure that I have done everything correctly and that there are no conflicting ...

Bubble Forum
Sub domain on shopify - App Organization - Bubble Forum
Sub domain on shopify - App Organization - Bubble Forum

I currently have my business’ commerce running on shopify. We have built our in house production management system using bubble. So for now, shopify is on a shopify managed domain. www.companyname.com, and bubble is on a bubble domain, www.bubbleapp.com. Now I’m trying to expand use of bubble to combine with our shopify website so customers can see their production orders, schedule classes, etc. To start create some landing pages on that shopify site. So, some subdomain set up like www.classes...

Bubble Forum
How to set up DNS records for cloudflare - DNS & Network ...
How to set up DNS records for cloudflare - DNS & Network ...

I bought a domain from cloudflare, and I noticed that the DNS records are empty, how can I add those records? I’m a new guy to DNS thing.

Cloudflare Community
Domain Authentication | Customer.io Docs
Domain Authentication | Customer.io Docs

You will need to add certain records to your DNS provider to allow Customer.io to send emails using your domain.

Customer.io
Please help me! Error 1014: CNAME Cross-User Banned - DNS ...
Please help me! Error 1014: CNAME Cross-User Banned - DNS ...

Hi! My website wasnt working and i decided to delete de dns records on cloudflare, delete the domain and start all over again. For my surprise, when i entered the domain, there was no dns record (unlike the first time you register a domain, that comes with a lot of records). Now i get the error 1014, which i had never seen. Im reading that it is related with having multiple accounts. I only have one account and the domain is mine. Can anyone help me please? Im getting desperate and i dont kno...

Cloudflare Community

Related questions