Email security is crucial today, and setting up authentication protocols like DMARC, SPF, and DKIM is a key step in protecting your domain. These protocols help prevent phishing, domain spoofing, and business email compromise, ensuring that your emails reach their intended recipients safely and securely.
Domain-based Message Authentication, Reporting, and Conformance, or DMARC, is an essential protocol to implement in recent times. DMARC helps prevent a number of email-borne threats. This includes phishing, direct-domain spoofing, and business email compromise.
While Twilio informs that DMARC is not a mandatory requirement for SendGrid, they encourage and recommend it. Moreover, bulk email senders need to have a DMARC policy in place if they are sending messages to Gmail or Yahoo inboxes. Otherwise, these messages may be rejected! So let’s find out how you can enable SendGrid DMARC, DKIM, and SPF authentication.
Setting Up Domain Authentication for SendGrid
Domain authentication is the process of establishing the legitimacy of your domain name. It is important to authenticate your domain to prevent unauthorized usage and impersonation. Authentication also reduces the chances of emails being marked as spam and improves domain reputation.
SPF, DKIM and DMARC are three such protocols that can be used to authenticate your domain. Let’s find out how to enable them for SendGrid.
How to Setup SendGrid SPF Record
According to Twilio’s sender authentication document:
Automated SendGrid SPF Setup
- On completing SendGrid’s Domain Authentication setup, you can choose for SPF authentication to be handled automatically by SendGrid.
- In an automated security setup, SendGrid will provide you CNAME records to enable SPF authentication.
- Once you retrieve the CNAME records from SendGrid, you need to publish these records on your Domain Name System (DNS).
- Once your DNS has propagated the changes, this will allow SendGrid to directly manage SPF on your behalf without the requirement of manual SPF implementation or management.
Manual SendGrid SPF Setup
- You can turn off automated security settings on SendGrid by disabling the “Use Automated Security” checkbox on the Domain Authentication page.
- Now SendGrid will provide you with an SPF TXT record for your domain.
- You need to publish the record in your DNS, to activate SPF authentication.
Note: On choosing manual SendGrid SPF implementation, you need to manually update your IP addresses and make changes to your DNS settings. Whereas on an automated setup this is handled by SendGrid.
How to Add SendGrid DKIM Record
According to Twilio’s DKIM authentication document:
Automated SendGrid DKIM Setup
- On completing SendGrid’s Domain Authentication setup, you can choose for DKIM authentication to be handled automatically by SendGrid.
- SendGrid will provide you with a custom DKIM signature whether you enable automated security or not. In an automated security setup, SendGrid will provide your CNAME records to enable DKIM authentication.
- Once you retrieve the CNAME records from SendGrid, you need to publish these records on your Domain Name System (DNS).
- Once your DNS has propagated the changes, this will allow SendGrid to directly manage DKIM on your behalf. In this case, when you make any changes to your sending domain, they will be automatically updated to your SendGrid DKIM setup.
Manual SendGrid DKIM Setup
You can turn off automated security settings on SendGrid by disabling the “Use Automated Security” checkbox on the Domain Authentication page.
In this case, when you make any changes to your sending domain, you will need to manually update your DNS settings. SendGrid will not handle it for you like in case of automated setups.
SendGrid DKIM record example (with automated security turned on)
subdomain.yourdomain.com. | CNAME | uXXXXXXX.wlXXX.sendgrid.net
s1._domainkey.yourdomain.com. | CNAME | s1.domainkey.uXXX.wlXXX.sendgrid.net.
s2._domainkey.yourdomain.com. | CNAME | s2.domainkey.uXXX.wlXXX.sendgrid.net.
SendGrid DKIM record example (with automated security turned off)
em1234.yourdomain.com | MX | mx.sendgrid.net
em1234.yourdomain.com | TXT | v=spf1 include:sendgrid.net ~all
m1._yourdomain.com | TXT | k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDPtW5iwpXVPiH5FzJ7Nrl8USzuY9zqqzjE0D1r04xDN6qwziDnmgcFNNfMewVKN2D1O+2J9N14hRprzByFwfQW76yojh54Xu3uSbQ3JP0A7k8o8GutRF8zbFUA8n0ZH2y0cIEjMliXY4W4LwPA7m4q0ObmvSjhd63O9d8z1XkUBwIDAQAB
How to Add SendGrid DMARC Record
To setup SendGrid DMARC authentication for your domain(s), follow these steps:
- Once you have completed Domain Authentication for SendGrid by implementing SPF and DKIM you are ready to set up DMARC.
- Create a DMARC record using our free DMARC record generator tool. It is advisable to start with a DMARC policy of “none” and then slowly shift to quarantine and reject while monitoring your DMARC reports.
- Publish the generated TXT record on your DNS. Once you publish the DNS record and the DNS has propagated the changes, DMARC will be enabled for your domain.
Learn more about the DMARC syntax by learning about DMARC tags.
Final Words
SendGrid DMARC alignment along with SPF and DKIM ensures emails you send using SendGrid as your vendor, successfully reach your receiver’s inbox. IAuthentication ultimately improves your email delivery performance and helps you enhance your brand’s credibility.
For advanced email authentication solutions, contact us today!
Content Review and Fact-Checking Process
This article has been curated by an email security expert, along with references to official domain authentication documents published by Twilio. You can find more related Twilio SendGrid documents here.
- DNS Vulnerabilities: Top 5 Threats & Mitigation Strategies - December 24, 2024
- Introducing DNS Timeline and Security Score History - December 10, 2024
- PowerDMARC One-Click Auto DNS Publishing with Entri - December 10, 2024