You are having a problem adding a new domain to the Email Security.cloud Service.
Make sure that you have added the required TXT record in your DNS zone. Depending on the DNS manager you use, you will need some or all of the following details:
A common mistake is adding the validation string to the Host field which means you end up creating a sub-domain with a TXT record, like validationstring.example.com.
You can perform TXT record lookups using public DNS lookup sites. If there is no result then the DNS servers responsible for your domain have not published the record yet. This may be a matter of propagation on the DNS system or the entry may have been done incorrectly.
These sites can also be used to verify the TTL (time to live) value for the existing TXT record. If the correct TXT string is showing up in the DNS lookups and the domain is still not validated after TTL has elapsed, please contact us for investigation.
This portion of the check will turn green as soon as you sync the addresses using the Schemus tool or add at least one address manually under the Platform menu.
There is no option to add a domain in the portal without registering addresses either manually or via the Schemus sync tool.
This may have happened if you pointed the MX records to Symantec.cloud clusters prior to the DNS TXT validation code being added. Domain should not have been pointed to our clusters until the last step (as instructed by the domain addition wizard).
Action: Point the MX records away from our Clusters (for instance to your mail server). Our tech checks run every 30 - 60 minutes. Once the TTL of the MX Records expires and we can detect the change, it should proceed past the working stage and instruct the customer to then point their MX to us. If you have not pointed the MX to messagelabs yet and have completed validation and it is still stuck in "working" status, open a ticket with technical support.
Change the MX Records to what the wizard has specified. A confirmation email containing the subject "Domain MX record and outbound scanning instructions" is sent to the contact email address specified during the initial wizard setup.
Once the domain has completed registration, you can change them to whatever you desire, if for some reason you do not want to leave them directed at the Symantec.cloud cluster.
Action: If you have already changed your MX record to our cluster and the wizard is still showing "Update Now", please contact us for investigation.
It is likely that we are unable to connect to your intended server from our entire infrastructure. Please ensure that we are allowed to connect to your mail server from all our IP ranges (found HERE) and that the server is configured to accept mail for the new domain.
At this last stage, the domain should already be provisioned and visible in Inbound routes, so the mail flow should work. However, until the system sees Symantec.cloud clusters in the MX records for the domain it will show the domain in the inactive screen. Depending on what the TTL was for the MX record entry, it may take some time for it to see the updated MX record entry, but it will eventually be moved to the Active Domains section.
If your services have been purchased through a reseller you must contact the reseller to add new domains for you. If you have purchased the services directly you may be using a secondary account that has not been given permission to Manage Domains. This User Role would need to be added under Administration > User Management using the primary login.
Action: If you have been given this role or you are using the primary login and are still unable to access the Add New Domain wizard, please contact us for investigation.
Please note that email validation is the recommended option to verify domain ownership, as it is much quicker to provision a new domain and does not rely on DNS propagation for TXT record entries.
The validation email is sent using the current MX Records for the new domain. If these have already been changed to point to the Symantec.cloud cluster then the email will fail. The MX Records should point to your server that accepts mail for the new domain. Even if you have the system locked down to our ranges because you use it for already provisioned domains, the connection will be accepted because it is sent from one of our IPs.
Action: You can request to resend the validation email in the domain wizard. For reference, validation emails containing the key are sent from the email address [email protected].
This means that the parent domain (e.g. example.com), is a registered domain to an existing Email Security.cloud customer. As an Email Security.cloud customer yourself, you need permission from the owner of the parent domain example.com in order to add the domain sub.example.com to your account.
This restriction is in place for security purposes and to ensure only the legit owner of the domain or someone with the strict permission of the owner makes use of the subdomain. Generally, a subdomain falls under the control of the owner of the parent domain.
Action: Create a support case after acquiring the required permission, and we'll process the domain on your behalf.