Setup SendGrid Domain Authentication on Cloudflare

kinopyo avatar
kinopyo
Photo by Anne Nygård on Unsplash
Photo by Anne Nygård on Unsplash

If you're using SendGrid to send emails, (or any other email devliery services,) you'd probably need to prove that you own the domain that you're sending from. Otherwise the emails may appear untrustworthy and never get delivered to your users, not even to their spam folders.

To do so, you need to configure your DNS provider (like GoDaddy or Cloudflare), to point certain entries to SendGrid. After that, your users will no longer see the "via sendgrid.net" header on your emails, and you'll have a higher reputation and better deliverability as a sender.

That's the background story. Now let's configure it on Cloudflare. For other DNS host services, you can check out the official guide.

SendGrid side

First, go to SendGrid Settings > Sender Authentication page and click the "Get Started" link.

Next, choose Cloudflare from the list.

Type in the domain name, "Next", and then you'll see a list of records that you'll need to configure on Cloudflare side.

SendGrid DNS records for domain authentication (and link brand)
SendGrid DNS records for domain authentication (and link brand)

Cloudflare side

Login to your console and click "DNS" tab. Here we'll add those CNAME records.

One thing you do need to pay attention is that because Cloudflare is a CDN, when you add a CNAME entry, by default it'll proxy it. Make sure you toggle the arrow-cloud button to tell Cloudflare to not proxy it; only treat it as "DNS only". Otherwise you'll get DNS Validation Error (Code: 1004) and won't be able to add the records.

Use DNS only for subdomains of sendgrid records
Use DNS only for subdomains of sendgrid records

Verify the result

If everything goes well, you can come back to SendGrid and verify the result.

SendGrid verify domain authentication
SendGrid verify domain authentication

Next time you get an email from your domain, you can check the "Show original" on Gmail and see that it contains the line of DKIM: 'PASS' with domain your.domain.

References

If you're new to the acronyms of DKIM or SPF like me, I recommend this guide from SendGrid, explains it really well with great analogies. 👍