Welcome to the mailbox user forum
 
New Topic
mailbox user forumTopicProblemE-mail: Setup
Properties
Category E-mail: Setup
Tags cloudflare, dns, rtfm

Verification of external domain via Cloudflare DNS not possible when following mailbox instructions

Peter Ebenhoch shared this problem 13 hours ago
Published

Unfortunately, I am unable to set the Cloudflare TXT record correctly in order to verify an external alias email.

The reason for this is that when entering the domain name hostname at the end of the string, as required by Mailbox, it is truncated when entered in Cloudflare DNS management. The preceding hash remains as hostname. I'm used to this from INWX, except that it works there and not here: As a result, no TXT entry is displayed via dig or nslookup and the verification behalf Mailbox clearly fails.

However, if I only enter the domain name as the hostname, or the @ sign, Cloudflare accepts it correctly and the content is displayed correctly via dig/nslookup. However, it is not accepted by Mailbox because they require the preceding hash in the host name.

As a result, I am at an impasse and cannot use Cloud for DNS together with Mailbox.

→ I am grateful for any tips.

Peter

PS: It might be that the content has to be entered differently, eg as "hostname=mailboxhash.domainname.com; content="mailboxhash" but I did not find a clue how to get this work, neither.

PPS: I read this in detail: https://userforum-en.mailbox.org/topic/4526-dns-settings-for-individual-accounts-whats-the-txt-format#comment-11576, but it does not help to solve my problem.
https://kb.mailbox.org/de/privat/eigene-domain/e-mail-adressen-mit-eigener-domain-nutzen/

1 The same problem 0  

Replies (1)

photo
1
zapata 12 hours ago

Sorry, I don't understand why this is such a problem. What do you see when you try to create a TXT record? Please hide sensitive data. mailbox shows what it should look like. One part belongs in the name (host) field and the other in content field. Does drill/dig/nslookup show the correct result?

https://kb.mailbox.org/de/privat/eigene-domain/e-mail-adressen-mit-eigener-domain-nutzen/#schritt-2-eigene-domain-verifizieren
https://kb.mailbox.org/en/private/custom-domains/using-emails-with-a-custom-domain/#differences-depending-on-the-provider

If you don't understand DNS maybe you should get ManagedDNS and pass on this information to your provider.

Reply
photo
1
Peter Ebenhoch 4 hours ago

Thank you for the links. To clarify: I am familiar with the links provided and with DNS configurations, but the problem lies in the specific way the Cloudflare interface processes and stores input compared to other providers such as INWX.

I have documented the behavior with screenshots to illustrate why the standard instructions do not produce the expected results in this case:

The input problem: When entering the full host name (including the domain string) as required by mailbox.org [see img-01], Cloudflare automatically truncates the domain part when saving. This happens regardless of whether a trailing period is used.

The resulting entry: Only the preceding hash remains in the “Name” field [see img-02]. While this is common behavior for some providers, it causes a resolution error in this particular Cloudflare configuration.

Error during verification: As a result, a dig query for the complete string do not return the TXT entry, causing the verification by mailbox.org to fail [see img-03].

The “@” syntax: If I follow Cloudflare's suggestion and use “@” as the host name [img-04], the record is created correctly and can be found [img-05]. However, mailbox.org does not seem to accept the record in this format.

The verification code & “@” syntax combined: If I try to use the preceding hascode and add the @ sign at the end, it is explicitly rejected by the Cloudflare interface [img-06].

The core of the problem is the discrepancy between Cloudflare’s form validation and what mailbox.org’s verification service expects to find.

I would appreciate it if we could focus on a solution for this specific Cloudflare behavior, as I would prefer to keep using mailbox.org alongside Cloudflare’s bot protection features.

Thank you for your technical support on this.

Files: img-01.png img-06.png img-05.png img-04.png img-03.png img-02.png
photo
1
zapata 4 hours ago

Mailbox shows you something like: "21865xxx.example.net. IN TXT 98ce21xxxx"
Just put the 21865xxxx or (21865xxx.example.net) in the name field and 98ce21xxxx (without quotation marks) in the content field.
What's the output of "dig txt 21865xxx.example.net" afterwards?

The other entries are rubbish. Maybe there is a different problem.

photo
1
Peter Ebenhoch 2 hours ago

Thank you for your feedback. I have now fixed the issue. As you suggested, the solution was to enter only the hash code as the (host)name, rather than using the full syntax suggested in your documentation.

It appears that when using the full syntax (FQDN), Cloudflare's interface interacts poorly with the validation logic, resulting in an incorrect record being stored or recognized.

Furthermore, the instruction displayed by Mailbox in the “External domain validation failed” error message is misleading and IMHO technically incorrect: Instead of instructing the user to set [hash].[domain.xyz], the prompt displays [hash][domain.xyz] – omitting the period. Following this instruction verbatim results in the invalid FQDN [hashdomain.xyz], which obviously cannot be resolved.

Also, pointing users to missing TXT entries in nslookup or dig with reference to [domain.xyz] instead of [hash].[domain.xyz] (as happened in my communication with support) is equally frustrating and does not meet the high technical standards I expect from Mailbox.org.

I am glad that the problem has been fixed, but I strongly recommend updating the Mailbox documentation and the validation user interface to distinguish between relative hostnames and FQDNs.

photo
Leave a Comment
 
Attach a file
You can't vote. Please authorize!