How to Set Up DKIM and SPF Records for SendGrid

Setting up Domain Authentication in SendGrid automatically configures your DKIM and SPF records. This process proves to inbox providers that you own the domain and that SendGrid is authorized to send emails on your behalf.

Step 1: Start Domain Authentication

1. Log in to your SendGrid account.

2. Navigate to Settings > Sender Authentication.

3. In the Domain Authentication section, click Authenticate Your Domain.

Step 2: Select Your DNS Host

1. Choose your DNS host (e.g., Cloudflare, AWS, Namecheap) from the provided list.

2. Select whether you want SendGrid to rewrite tracking links to use your domain.

3. Click Next.

Step 3: Enter Your Domain

1. Enter the root domain you will use to send emails (e.g., yourdomain.com).

1. Click Next. SendGrid will generate a set of DNS records. By default, SendGrid uses automated security, which provides CNAME records instead of traditional TXT records to handle both SPF and DKIM automatically.

Step 4: Add Records to Your DNS Provider

1. Log in to your DNS provider's control panel in a separate tab.

2. Navigate to your DNS settings or Zone Editor.

3. Create new records based on the exact values SendGrid generated. Copy and paste the Type (CNAME), Host(Name), and Value (Target) for each record. Sample CNAME records in Cloudflare DNS:

Step 5: Verify the Configuration

1. Return to the SendGrid dashboard.

2. Check the box labeled I've added these records.

3. Click Verify.

4. If the DNS changes have propagated, you will see a "It worked!" success message. If it fails, wait 15-30 minutes and try verifying again, as DNS updates can take time.