Skip to main content
Sendgrid

How to set up DMARC for Sendgrid in Valimail

Updated over 5 months ago
SPF(supported) (dedicated subdomain)
DKIM(Recommended)

This article covers the SPF and DKIM authentication processes for Sendgrid and how they are managed in Valimail. While only one of the two authentication methods is required for an email to pass DMARC, our recommendation is to configure both whenever possible.

Sendgrid typically uses a dedicated subdomain for DKIM and SPF configuration.

Configuring DKIM authentication for your Sendgrid emails

1. Login to your SendGrid admin account.

2. In the SendGrid UI, select Settings -> Sender Authentication.

3. In the domain authentication section, click Get Started.

4. Next, add in information about your DNS host, and indicate whether you also want to set up link branding. Click Next.

5. Fill in the domain that you want to send from and add advanced settings as needed. Make sure that you only enter the name of your root domain. Do not include www or http://www in this field. Your domain needs to match the domain of your FROM address on the emails you are sending out. For example, if I am sending an email from [email protected], I would set my domain authentication domain to be sendgrid.com. Click Next.

6. Next, you need to add the 2 CNAME DKIM records to Valimail Enforce and the 3rd CNAME record to your DNS host.

7. Once you publish the 2 DKIM keys in Valimail Enforce and the 3rd CNAME record in your DNS host, return to the Sender authentication page in the Sendgrid console and click Verify.

a close-up of a logo

Note: It can take up to 24-48 hours for the records to verify after you upload them into Valimail Enforce and your DNS host, so you will likely have to come back later to verify.

You can find these instructions on how to setup DKIM for your domain in Sendgrid here.

Below is an example of the CNAME values under the HOST column as they are displayed and how you will need to enter them into your DNS management with one of these providers:

a. Record Name: em722.yourdomain.com

Record Type: CNAME

Record Value: u20722350.wl101.sendgrid.net

b. Record Name: s1

Record Type: CNAME

Record Value: s1.domainkey.u20722350.wl101.sendgrid.net

c. Record Name: s2

Record Type: CNAME

Record Value: s2.domainkey.u20722350.wl101.sendgrid.net

IMPORTANT: The entries made in the VALUE or POINTS TO field from the 2 DKIM keys are the ones that need to added in Valimail Enforce.

The records that look like the b and c ones, need to be added in Valimail Enforce - the one that looks like the a one, needs to be added in your DNS host.

Add a Sendgrid DKIM key in Valimail

You can find more detailed information on how to add a DKIM key in Valimail, here:

Setup a custom DKIM key for your domain in Sendgrid

It is important to remember that the s1 and s2 DKIM key selectors are the default ones that Sendgrid issues.

Therefore, if your organization uses multiple Sendgrid instances or other services that use Sendgrid under the hood, you will need to set up a custom DKIM key that has a custom DKIM selector for those instances/services, if you already have one Sendgrid instance configured with s1 and s2 selectors on the DKIM keys.

You can find the instructions on how to set up a custom DKIM key in Sendgrid here.

Note: The Sendgrid ID and WL ID are optional but if they are given to you by the service, we recommend you add them as well. Add only the numerical characters in the SendGrid ID and WL ID fields.

Configuring SPF authentication for your Sendgrid emails

Once you establish that Sendgrid is an authorized sender for your domain, you will need to add the service in your Enabled Senders.

You will find more detailed information on how to add a service for your domain in Valimail, here:

Note: We encourage you to use the comment section for any useful information about your sending service, such as the name of the service owner, change request ticket numbers, etc.

Did this answer your question?