Email Authentication: SendGrid's Automated Security Explained

An Overview of Automated Security & Domain Authentication with SendGrid

Harness the power of SendGrid's Automatic Security for seamless and protected email communication.


Breakdown of Key Concepts

  • Automated Security: With this feature switched on in SendGrid, setting up SPF and DKIM records is automated.
  • SPF Record: SPF stands for Sender Policy Framework. It is used to authenticate the Return-Path addresses of outgoing emails from a domain, but it does not regulate who can send emails from your domain.
  • Subdomain: Under Automated Security, you establish a new subdomain within your primary domain. This subdomain caters specifically to manage bounce messages via Return-Path headers.

Here's a step-by-step explanation:

1. When you activate 'Automated Security', we guide you to create a new subdomain such as '' via CNAME records.
2. Delegate this new subdomain back to us via the CNAME record setting on your DNS provider's platform.
3. We then auto-generate necessary records at the root of that zone, which includes an SPF record and an MX record.
4. The system automatically rotates DKIM selector records held in TXT records periodically with two other CNAMEs provided by us, thus maintaining updated security checks seamlessly.

Here’s an example:

>> From:

In essence, it maintains separate but interconnected effective emailing operations under one roof without causing conflict or violating the rule - one SPF record per domain.


Clarifying SPF Records

In the Automated Security process with SendGrid, we create a unique SPF record linked only to your new subdomain ('em123'). This means that incoming emails will be checked against this specific SPF record, not the original one tied to your primary domain, due to an adjusted return-path.


Checking Your SPF Record

To inspect your SPF record, you can rely on the command 'dig txt <cname>' on a Unix-based terminal or command prompt on Windows. This way, you can ensure the accuracy and performance of your SPF record efficiently.


Why Your Personal Domain Takes Center Stage

When considering the automated security setup, your personal domain plays a pivotal role. It is utilized in two ways that impact the DMARC (Domain-based Message Authentication Reporting & Conformance) protocol adherence - a mechanism developed to shield email senders and recipients from spam, spoofing, and phishing.


1. The 'From:' line of your emails should align with the Return-Path domain.

Example: If you send an email from '', the Return-Path could be ''. In this instance, even though we’re using a subdomain ('') it is still aligned as they're both under ''.


2. The same sent-from domain should match the one used in DKIM signatures.


For best practices, these conditions should both hold true. So by utilizing your personal domain for SendGrid’s automated security feature setup, you are innately fulfilling DMARC requirements. This proactive step ensures secure and trusted outbound communications while strengthening your digital footprint.


You are Not Alone – We’re Here for You!

The world of email technology may be complex. However, at SendGrid, we believe in empowering our users to demystify it. Our dedicated team stands ready to assist you with any queries or challenges you face as you harness the full potential of SendGrid’s Automated Security feature!

Have more questions? Submit a request