Home/Knowledge Hub/Why PayPal Shows Up in Your Domain’s DNS (and What to Do About It)
← Back to Knowledge Hub

Why PayPal Shows Up in Your Domain’s DNS (and What to Do About It)

DNS & NetworkEmail SecurityDeliverability·June 5, 2026·5 min read

When TechSpy flags PayPal in your DNS, it means your domain is set up for secure payments. Learn what those records do and how to keep them safe.

What Is PayPal?

Your customer clicks "Buy Now" on your site, and moments later you see the money in your account. No card numbers to store, no PCI compliance to wrestle with. That’s PayPal, a digital payment platform that lets businesses accept credit cards, debit cards, and PayPal balances without building a payment system from scratch.

But here’s why you’re reading this article: your TechSpy scan flagged something about PayPal. It might have found a PayPal script tag on your site, or—more likely—a DNS record pointing to PayPal’s servers. That’s not an error. When you set up PayPal to send branded emails (like payment confirmations that look like they come from you) or to verify domain ownership, you add small text records to your domain’s configuration. Those records are what TechSpy noticed.

PayPal isn’t just a payment processor; it also sends emails on your behalf—things like receipts, shipping updates, or dispute notifications. To make sure those emails are trusted by inboxes, your domain uses email authentication records that explicitly trust PayPal. Think of it like giving a courier service an approved ID badge so the front desk knows they really work for you.

How PayPal Works with Your Domain

Layer 1 — What actually happens

Imagine a customer pays through your online store. PayPal takes over the payment screen, processes the transaction, and then sends the customer an email that says “thanks for your order from [your company].” For that email to land in the inbox—not spam—the email providers (Gmail, Yahoo, etc.) need to check that it really came from your domain. Your domain vouches for PayPal by publishing a short guest list of who’s allowed to send mail. When the email arrives, the provider checks that guest list, finds PayPal on it, and lets the message through. If the list is missing or wrong, the email looks forged and gets blocked.

That “guest list” is a set of tiny rules stored in your DNS (the internet’s phonebook). One rule says “PayPal’s mail servers are allowed to send email for my domain.” Another provides a cryptographic seal that proves the email hasn’t been tampered with. All of this happens in milliseconds, invisible to you and your customer.

Technical Details
— adds PayPal’s email-sending servers to your domain’s authorized senders list
PayPal may also ask you to add (older syntax) — both accomplish the same goal
DKIM: you add a TXT record at a specific selector subdomain, like , with a public key from PayPal. This lets receivers verify the email’s signature
Domain verification: a TXT record with a code like proves you own the domain and can manage PayPal settings
CNAME records for custom checkout domains (e.g., pointing to PayPal’s servers) are less common but possible

Why It Matters for Your Business

When the DNS records are right, every payment confirmation and shipping notice arrives in your customer’s inbox looking just like your other emails. That builds trust and cuts down on “where’s my receipt?” support tickets. It also meets the requirements of Google and Yahoo’s stricter email rules—without proper authentication, bulk emails get rejected outright.

If the records are missing or misconfigured, PayPal’s emails can end up in spam, or worse, be blocked entirely. Customers might think they were scammed because the payment went through but the confirmation never appeared. Worse, an attacker could exploit missing verification to impersonate your business on PayPal, directing payouts to their account.

This matters for everyone who touches customer communication: marketing teams sending out order follow-ups, support teams handling payment disputes, and even executives whose reputation rides on every transaction. You don’t need to be technical—you just need to know the configuration exists and that it needs to be kept healthy.

Common Issues and Warning Signs

Your first clue is often a customer complaint: “I paid but never got a receipt.” Or you notice that PayPal emails to your own test accounts land in the spam folder. TechSpy may surface warnings about incomplete SPF records or a missing DKIM selector for .

Common Issues

Payment confirmations going to spam — the SPF record isn’t including PayPal’s servers, so Gmail treats the email as unauthorized.
Emails blocked with a “domain not verified” error — PayPal’s domain verification TXT record is missing or was accidentally removed during a website migration.
TechSpy flags “paypal._domainkey” as missing — DKIM signing was never set up, meaning PayPal can’t cryptographically seal your emails.
You see both old and new PayPal SPF includes (`spf.paypal.com` and `pp._spf.paypal.com`) — this isn’t harmful but can be cleaned up; only the newer one is needed.
Unexpected PayPal-branded emails from “yourdomain” that you didn’t send — possible sign of spoofing; check that your SPF record ends with or to reject unauthorized senders.

How to Fix or Improve PayPal’s DNS Setup

Most of these steps take less than five minutes if you have access to your domain’s DNS control panel (wherever you bought the domain or host your website). If someone else manages your DNS—an IT person, an agency, or a hosting provider—forward them this list and ask them to check each point.

Once these records are in place, PayPal’s emails will be properly authenticated, and your customers will get the receipts they expect. If anything looks confusing, just forward this article to your IT team—they’ll know exactly what to do. <!-- self-check: layer1_readable=true | fix_doable=true | no_padding=true | jargon_expanded=true -->

1Log into your DNS provider (GoDaddy, Namecheap, Cloudflare, or your web host’s control panel) and find where DNS records are managed. Look for a section labeled “DNS Management” or “Zone Editor.”
2Check your SPF record. If you already have one, it will be a TXT record starting with . Add before the final or . If you don’t have an SPF record yet, create one with . (Only one SPF record is allowed per domain.)
3Verify the DKIM record. In your PayPal business account, go to Settings > Account Settings > Website Payment Preferences or Email Authentication. PayPal will provide a specific DKIM hostname like and a long value. Create a TXT record with that hostname and value in your DNS.
4Confirm domain ownership (if applicable). PayPal may have asked you to add a TXT record with a verification code to enable custom email branding. Ensure that record is still present and hasn’t been deleted.
5Run a new TechSpy scan to confirm all warnings are cleared. If any remain, the scan will tell you exactly which record needs attention.

See how your domain's configuration stacks up.

Get a free scan — no sign-up, no credit card.

Scan Your Domain Free →