If you're connecting a custom email address (like support@yourcompany.com) and run into issues verifying your domain, follow this guide to resolve the most common problems.
DKIM setup and verification
Intercom uses DKIM (DomainKeys Identified Mail) to verify you’re allowed to send email on behalf of your domain. This setup happens in your DNS provider.
DNS records you’ll add
When authenticating your domain manually, you’ll be given:
Two CNAME records (for DKIM and custom return-path)
One TXT record (for DMARC)
Your DNS provider might call these fields differently:
Host / Name → use the "Name" from Intercom
Target / Value → use the "Value" from Intercom
Note: Make sure your domain name isn't added twice in the "Name" field. Some DNS systems add it automatically.
Verifying authentication
After you’ve added the DNS records:
Wait for changes to propagate (can take up to 72 hours).
Go back to your Intercom email settings and click Finish setup.
Click Validate authentication.
If it doesn’t verify immediately, wait a bit and try again. DNS propagation is the most common reason for delays.
DNS propagation, the process of updating DNS records across the internet, usually takes between a few hours and 24-48 hours. However, in some cases, it can take up to 72 hours. Several factors influence this time, including your Internet Service Provider (ISP), your domain's registry, and the Time to Live (TTL) values of your DNS records.
Common setup issues and how to fix them
1. Missing or Incorrect DNS Records
Make sure all required records (two CNAMEs + one TXT) are added exactly as provided.
2. Using the Wrong Record Type
DKIM and Return-Path setup requires CNAME, not TXT.
3. Cloudflare or GoDaddy Users
These providers sometimes require special settings:
Cloudflare: Turn off proxying (the cloud icon should be grey, not orange).
GoDaddy: Enter the "Name" and "Value" exactly as shown, without trailing dots.
4. CNAME Flattening Issues (Cloudflare only)
Make sure the record is set to DNS Only, not proxied.
5. DNS Propagation Delay
It can take several hours for DNS changes to fully take effect across the internet. If verification fails, give it more time before retrying.
Tools to help you check your setup
You can use these public tools to check if your DKIM record is live:
Selector:
intercomDomain: yourdomain.com
Note: You'll still need to click Verify authentication in Intercom even if your DKIM record is showing as live.
About SPF and DMARC
Do I need to configure SPF?
No. Intercom handles SPF for you by setting a custom return-path on all emails we send. You don’t need to add your own SPF record unless advised otherwise.
Should I set up DMARC?
Yes, especially if:
You send more than 5,000 emails per day (required by Google and Yahoo).
You want added protection against spoofing.
Intercom supports DMARC fully when DKIM and return-path records are correctly configured.
Still having issues?
If you've tried all these troubleshooting steps and are still encountering problems:
Double-check that at least one email address using your domain is verified in your Intercom account. You can do this from Settings > Channels > Email > Domains & addresses by adding a new address or editing an existing one. During the email address setup you'll be sent a verification email. You can request a new one by clicking Resend verification email.
Double-check for typos or formatting differences in your DNS records.
Ensure you’re not using conflicting TXT and CNAME records for the same name.
Ensure you've clicked Verify authentication in Intercom after setting up your DNS records.
Speak to our support team for further assistance.
Need more help? Get support from our Community Forum
Find answers and get help from Intercom Support and Community Experts