Sales & Marketing
      Back to home
      1. Help Center
      2. Service Providers
      3. Sales & Marketing

      Sendgrid SPF and DKIM Set Up

      SendGrid is an email service trusted by developers and marketers for time-savings, scalability, and delivery expertise.  

      To enable Sendgrid to send authenticated mail from your domain your SPF and DKIM settings must be enabled. 

      Table of Contents
      1. SendGrid SPF Setup
      2. SendGrid DKIM Setup
        1. Example DKIM Record: Automated Security ON
        2. Example DKIM Record: Automated Security OFF

      1. SendGrid SPF Setup


      Please note that the following SPF changes should only be applied to the Sendmarc record within Sendmarc and not the hosting provider. 

      Include String include:sendgrid.net ~all




      2. SendGrid DKIM Setup


      SendGrid will always provide you with a custom DKIM signature. However, your custom DKIM signature is only automatically updated if you select automated security when authenticating your domain. 


      If you turn automated security OFF, you will be responsible for updating your DKIM signature whenever you make a change to your sending domain.


      1. In the SendGrid UI, select "Settings" > "Sender Authentication".
      2. In the domain authentication section, click "Get Started" or "Authenticate Your Domain".

      3. Next, add in information about your DNS host, and indicate whether you also want to set up link branding. Click "Next".

      4. Fill in the domain that you want to send from and add advanced settings as needed. Make sure that you only enter the name of your root domain.

        DO NOT include www or http://www in this field. Your domain needs to match the domain of your FROM address on the emails you are sending out.

        For example, if I am sending an email from example@sendgrid.com, I would set my domain authentication domain to be sendgrid.com. Click "Next".

      5. Next, you need to add all of the CNAME records on this screen to your DNS host.

        This process varies depending on your DNS host.


        If you don't have access to modify your companies DNS records, you can also email a request to a co-worker. This email includes a direct link to the CNAME records. This link does expire. The recipient doesn't need login access to your SendGrid account.


      2.1 Example DKIM Record: Automated Security ON


      subdomain.<yourdomain.com>. CNAME uXXXXXXX.wlXXX.sendgrid.net
      s1._domainkey.<yourdomain.com>. CNAME s1._domainkey.uXXX.wlXXX.sendgrid.net.
      s2._domainkey.<yourdomain.com>. CNAME s2._domainkey.uXXX.wlXXX.sendgrid.net.

      2.2 Example DKIM Record: Automated Security OFF


      m1._domainkey.<yourdomain.com>. MX mx.sendgrid.net
      s1.domainkey.<yourdomain.com>. TXT k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDPtW5iwpXVPiH5FzJ7Nrl8USzuY9zqqzjE0D1r04xDN6qwziDnmgcFNNfMewVKN2D1O+2J9N14hRprzByFwfQW76yojh54Xu3uSbQ3JP0A7k8o8GutRF8zbFUA8n0ZH2y0cIEjMliXY4W4LwPA7m4q0ObmvSjhd63O9d8z1XkUBwIDAQAB
      s2.domainkey.yourdomain.com. TXT v=spf1 include:sendgrid.net ~all


      * Please ensure that you change <yourdomain.com> to the correct domain before publishing changes.