Setup SendGrid Domain Authentication on Cloudflare

If you're using SendGrid to send emails, (or any other email devliery services,) you'd probably need to prove that you own the domain that you're sending from. Otherwise the emails may appear untrustworthy and never get delivered to your users, not even to their spam folders.

To do so, you need to configure your DNS provider (like GoDaddy or Cloudflare), to point certain entries to SendGrid. After that, your users will no longer see the "via sendgrid.net" header on your emails, and you'll have a higher reputation and better deliverability as a sender.

That's the background story. Now let's configure it on Cloudflare. For other DNS host services, you can check out the official guide.

SendGrid side

First, go to SendGrid Settings > Sender Authentication page and click the "Get Started" link.

Next, choose Cloudflare from the list.

Type in the domain name, "Next", and then you'll see a list of records that you'll need to configure on Cloudflare side.

Cloudflare side

Login to your console and click "DNS" tab. Here we'll add those CNAME records.

One thing you do need to pay attention is that because Cloudflare is a CDN, when you add a CNAME entry, by default it'll proxy it. Make sure you toggle the arrow-cloud button to tell Cloudflare to not proxy it; only treat it as "DNS only". Otherwise you'll get DNS Validation Error (Code: 1004) and won't be able to add the records.

Verify the result

If everything goes well, you can come back to SendGrid and verify the result.

Next time you get an email from your domain, you can check the "Show original" on Gmail and see that it contains the line of DKIM: 'PASS' with domain your.domain.

References

• How to set up domain authentication | SendGrid Documentation
• How to set up link branding | SendGrid Documentation
• Content Delivery Networks | SendGrid Documentation

If you're new to the acronyms of DKIM or SPF like me, I recommend this guide from SendGrid, explains it really well with great analogies. 👍