Mail Sender Policy Framework (SPF) with SendGrid and O365

TLDR; add txt v=spf1

1. Add TXT Record in your domain.

2. In TXT content add the following where <domain> is a domain that is allowed to send email on your behalf.

v=spf1 include:<domain> –all

Example for office 365:

v=spf1 include:spf.protection.outlook.com –all

3.  for multiple records, use space + another include:<domain>

v=spf1 include:<domain><space>include:<domain><space> –all

Example for office 365 with Send Grid (All):

v=spf1 include:spf.protection.outlook.com include:sendgrid.net –all

I would consider that having the entire sendgrid.net domain may not be a good practice, follow the steps below on having only use your own sendgrid account listed in your SPF record.

Long Version:

So, yes, email spam. I have a new project that will require sendgrid and as I remember, one of the challenges in using a third party mailing service is that your email may end up on spam semi-defeating the purpose of your email sender. Since Email on the internet can be forged in a number of ways (RFC7208)

So according to send grid you need to do 2 things (1 & 2): #3 here is for working with another service that uses your domain and #4 is for testing. 

1. Domain Verifications –> which you can do at https://app.sendgrid.com/settings/sender_auth (please login) where you add a bunch of CNAMES in your domain DNS that points back to sendgrid.net

Please note of your uxxxxx.wxxxxx.sendgrid.net record. You will be needing that on step #2

image

image

2. Add SPF on your domain. 

https://sendgrid.com/docs/ui/account-and-settings/spf-records/#spf-and-sender-authentication

On your domain registrar, add a new TXT record with the value:

v=spf1 include:<domain> –all

The <domain> here is the mail sender.

According to SendGrid documentation, you need to add the uxxxxx.wxxxxx.sendgrid.net – for example:

v=spf1 include:u12345678.wl123.sendgrid.net –all

You can find your “uxxxxx.wxxxxx.sendgrid.net”  during your domain validation.

3. If using with Office 365.

So this domain is linked to an Office 365 E3 account which means it has an Exchange Online service. In order to use both O365 and Sendgrid together, both domains must be appended as an include in your SPF TXT record with this format:

v=spf1 include:<domain><space>include:<domain><space> –all

For an example:

v=spf1 include:spf.protection.outlook.com include:u12345678.wl123.sendgrid.net -all

4. Testing. There are a number of domain tools out there. I use ol’reliable MX Toolbox:

https://mxtoolbox.com/SuperTool.aspx

image

On the dropdown, choose SPF Record Lookup. Enter your domain and check if your SPF is already there. This is an example result of a configured SPF with Outlook and SendGrid.

image

So hey, stop spamming and use SPF. Try it out.

Ref:

PS/ On the mail internet headers (Email/Outlook > File > Properties) You should see the following:

image

Green highlight is the domain used in SendGrid.