Close

SendGrid SPF

You can use SendGrid to send mail from a Logic App. In this case I wanted to send mail from an account named bestellen@cito.nl. I could send mails to certain email addresses, but to other addresses I couldn’t. How come? If you are sending mail from SendGrid, you will have to add a SPF record to the DNS record of the domain on whose behalf you send the mail. In this case cito.nl. The receiving mail server should always check if the mail is sent from a trusted source. In this case it should be verified whether SendGrid can send mails on behalf of cito.nl. If it is allowed (or if the receiving mail server simply doesn’t check the sender email address), the incoming mail is accepted

Theory: Sender Policy Framework (SPF) is an open standard aimed at preventing sender address forgery. It compares the email sender’s actual IP address to a list of IP addresses authorized to send mail from that domain. If you have an SPF record set for your domain (i.e. cito.nl) already, you must add a unique alphanumeric string before the all mechanism. If you do not have an existing SPF record, you must create a TXT record with the value provided to you during the domain authentication process. In sendgrid.com, go to Settings / Sender Authentication for the domain authentication process. I don’t know exactly how this works. In the example video from SendGrid you receive a CName record, not a SPF record. First specify the DNS host to use. Then specify the domain you send from, i.e. cito.nl. You will now get your CName record. An example of an SPF record would be: v=spf1 include:u826348.wl.sendgrid.net -all

Do not create more than one SPF1 record for a given domain. If this is the case, you will want to merge any additional SPF records into one SPF record. You also cannot have more than 10 DNS lookups in your single SPF record.

As an example, say your existing record looks like this:
v=spf1 a mx include:_spf.google.com include:spf.protection.outlook.com -all

You would just need to add the SendGrid lookup at the end of the string, before the *all mechanism, like so:
v=spf1 a mx include:_spf.google.com include:spf.protection.outlook.com include:u826348.wl.sendgrid.net -all