I am trying to verify domains using the Google Site Verification API.
For some email addresses, the verification request succeeds fine. For other email addresses, it says "Could not resolve the email address". I cannot see any reason why it should reject one email address but not another.
My only guess is that the provided email address must be listed in the domain name system somewhere as a domain contact. However this is not documented anywhere that I can see, but of course that's entirely normal for Google's developer documentation which is thoroughly crap and often inconsistent and out of date.
Request to endpoint:
https://www.googleapis.com/siteVerification/v1/webResource?access_token=<token>&project=`<proj_id>&verificationMethod=DNS_TXT`
Parameters to request:
{"site": {"type": "INET_DOMAIN", "identifier": "<domain name>"}, "owners": ["<email address 1>", "<email address 2>"]}
Response from request:
{'error': {'errors': [{'domain': 'global', 'message': 'Could not resolve the email address: <email address 2>', 'reason': 'invalidParameter'}], 'message': 'Could not resolve the email address: <email address 2>', 'code': 400}}
Can anyone suggest why some email addresses would be rejected and other accepted?
This error indicates that an email address is not associated with a Google account.
The Site Verification API is equivalent to using Google Webmaster Tools to manage domain ownership. The API is a programmatic way for Google accounts to assert ownership of domain names and/or delegate that ownership to other accounts, so that those accounts can do that things that Google requires verification of domain name ownership. A Good example is creating a Google Cloud Storage bucket for a domain name.
When verifying ownership of a domain, the account making the request can verify ownership only in its own name. It can, however, follow that up by delegating its ownership to other users.
Ownership can be delegated to any Google account, including service accounts, and these accounts are identified by their account email address.
The email addresses used must be associated with Google accounts. Permissions are assigned to accounts, and it is an error to assign a permission to an account that does not exist.