home

MinistryPlatform

RealmRealm AccountingMinistryPlatformeGivingPDSACSConnectShepherdGrowth MethodHeadMasterRefresh WebsitesTrust CenterGo MethodMissionInsite
RealmRealm AccountingMinistryPlatformeGivingPDSACSConnectShepherdGrowth MethodHeadMasterRefresh WebsitesTrust CenterGo MethodMissionInsite

What would you like to know more about?

Show Contents

thumbnailMinistryPlatform

SendGrid

Domain Authentication in SendGrid

Background information on how email works and the importance of Domain Authentication to help send your Messages.

Domain Authentication, also known as Domain Verification, Whitelisting, or White-labeling, helps improve email deliverability from MinistryPlatform. It displays email providers that SendGrid can send emails on your behalf. To give SendGrid your permission, you can point DNS entries for your email domain to SendGrid.

This has a big impact on your reputation as a sender. Email service providers distrust messages that don't have Domain Authentication because they can't be sure that those messages come from you. So, we highly recommend setting up Domain Authentication. Once you do this:
  • Recipients no longer see "via sendgrid.net" beside the From address of your messages.
  • Receiving email servers are more confident that your messages are legitimate, which means it's less likely they'll block your messages or send them to the spam folder.

For a better understanding on how it works, review the section below.

How Email Works

In our highly automated world, we take email for granted, but it's a bit more complex than it seems at first glance. When you send an email, the email content combines with metadata and transfers to another computer on the Internet using the Simple Mail Transfer Protocol (SMTP). This other computer is known as an SMTP server.

Once MinistryPlatform completes this handoff, it either succeeds or fails. If the message transfers successfully, the status in the Platform sets to Sent. If the message transfer fails, the status sets to Error, and the error message saves to the database for further review. Either way, the MinistryPlatform part of the job is done. You must resend a failed message manually.

However, a Sent status does not mean the message will actually arrive in an inbox. This is just the first step. Next, the SMTP server verifies whether the sending domain is legitimate. Now, Domain Authentication becomes important! SendGrid matches the sender email address to its list of authenticated domains and updates the metadata to the outgoing message accordingly.

At this point, the SMTP server may decide not to send the message to a specific email address. SendGrid refers to this as a Drop, which can help protect your sender reputation. If your MinistryPlatform Integration is set up, SendGrid reports this status back to MinistryPlatform. Then, the SMTP server uses a Mail Transfer Agent (MTA) to route the email to the recipient. The agent resolves the recipient's email domain to an IP address using the Domain Naming System (DNS). The message transfers to the mail server at that IP address.

The destination mail server is known as a Mail Exchange Server (MX). When it transfers the message, the MTA may send the message to other MTAs. Additionally, any firewalls, spam filters, or virus filters may quarantine the message, which can result in a Bounce. Again, Domain Authentication helps here! The added metadata can help determine whether to reject or send the message. If you configured your MinistryPlatform Integration, SendGrid reports this status back to MinistryPlatform.

The final MTA verifies that the MX server accepts messages for the recipient at the recipient domain. The MX server may reject the message. SendGrid also refers to this as a Bounce. Once again, Domain Authentication is your friend! The MX may use the metadata to determine whether it accepts or rejects the message.

Finally, the MX server accepts and receives the message. Now, inbox providers or email clients can use the metadata and content to assess the message's legitimacy. Providers may put the message in a spam folder or add warnings for recipients. The recipient may respond in a way that affects future delivery. They might report your message as spam or unsubscribe. SendGrid tracks these actions and records them in MinistryPlatform if you configured the MinistryPlatform Integration.

Example of a received email with a warning that says "Be careful with this message" and has buttons for "Report phishing" and "Looks safe"

With this understanding, you can see why Domain Authentication is important and can help your messages get through without trouble.

Authenticate an Email Domain

You can authenticate your email domains in your SendGrid application.

  1. In SendGrid, expand Settings in the menu, and click Sender Authentication.
  2. Beside Domain Authentication, where it says Authenticate Your Domain, click Get Started.
  3. If you know where to manage your DNS records, you can select that option. Otherwise, leave this blank.
    Note: If your host is GoDaddy, you can update the records directly using the SendGrid integration with GoDaddy.
  4. For Would you also like to brand the links for this domain?, select Yes. This way, the links in your emails rewrite so SendGrid can capture user interactions and use your subdomain. If you select No, the links use a sendgrid.com subdomain.
  5. Click Next.
  6. Enter your From Domain, where you send messages from.
    Note: SendGrid generates subdomains for you to configure in DNS. You can override these in Advanced settings. Normally, you do not need to do this.
  7. Click Next.
  8. SendGrid generates five CNAMES (or three if you didn't select link branding) that you can configure in DNS.
    • If someone else manages your DNS records, click Send To A Coworker at the top to send them along.
    • If you are adding DNS records, determine whether you only need to provide the subdomain portion or the entire CNAME.

      In this example showing Plesk web hosting, you only need to enter the subdomain "s2._domainkey".

      Plesk web hosting interface showing the Domain name entered as "s2._domainkey"

  9. After you add the records in DNS, select the I've added these records check box and click Verify.

You'll receive a success message when the domain is verified. You can authenticate as many domains as you need. As long as you have access to the DNS records for the domain, you can authenticate them.

Demo Video

This video demonstrates how to set up Domain Authentication in SendGrid.

You should also add the domains to your Platform so it can properly send from each of your verified domains. For more information, see Avoid Spam Filters.

Additional Resources from SendGrid
MinistryPlatform

Last updated: July 19, 2024

Related Articles: