All Collections
DNS records
How to generate DKIM for SendGrid
How to generate DKIM for SendGrid
Maksym Olkhovskyi avatar
Written by Maksym Olkhovskyi
Updated over a week ago

What is DKIM, and how does it work?

Reputable email servers block fake senders to prevent scams. DKIM provides strong security by digitally signing emails and storing keys in DNS. Customize DKIM for smoother email delivery. It works behind the scenes, securing server-to-server communication. The sending server signs the email, and the receiving server checks it with a public key, maintaining email integrity.

How to set up DKIM on your SendGrid account

To set up the DNS records provided by Twilio SendGrid, you need to submit these records to your DNS or hosting provider. Various DNS providers, including popular ones like GoDaddy and Cloudflare, support this configuration. Please follow your DNS or hosting provider's instructions to add the required records for SendGrid's services.

There are two types of setup options available: automated and manual.

The beginning for both is the same:

1. In the Twilio SendGrid App user interface (UI), select Settings > Sender Authentication.

2. In the Domain Authentication section, click Get Started. The Authenticate Your Domain page will load.

3. From the Authenticate Your Domain page, select your DNS host from the drop-down menu below the text: Which Domain Name Server (DNS) host do you use? You can select I'm not sure or Other Host (Not Listed) if necessary.

4. You can set up Link Branding by choosing Yes below the text: Would you also like to brand the links for this domain? If you choose No, you can add Link Branding later. Link Branding is not a required part of the Domain Authentication process. See Sendgrid’s Link Branding docs for more information.

5. Click Next. A second Authenticate Your Domain page will load.

6. From the new page, add the domain you want to authenticate below the text: Domain You Send From. This will be the domain that appears in the from the address of your messages.

For example, if you want your messages to be from addresses like, you will authenticate Ensure you enter only your root domain <>. This field does not include a subdomain or protocol such as www or http://www.

7. Select the Advanced Settings appropriate for your needs. Most customers can leave. Use automated security checks and continue. For more information about advanced settings, see this page's "Advanced settings" section.

8. Click Next. The Install DNS Records page will load.

9. The Twilio SendGrid App will determine if we can automatically finish your Domain Authentication process. You will be taken to the Automatic Setup tab if we can automatically finish the setup. You will be taken to the Manual Setup tab if we cannot automatically finish the setup.

10. If you cannot modify your domain's DNS records, you can email the records to a colleague using the Send To A Coworker tab. The email includes a direct link to the records. The recipient doesn't need to log in to your Twilio SendGrid account.

Automatic setup

Automated setup is currently available for GoDaddy only. We plan to add support for additional DNS providers in the future.

1. From the Automated Setup tab, click Connect.

2. A dialog box titled Connect <your DNS host> to Twilio SendGrid for this domain will load.

3. A new window will also open where you can connect to your DNS host. In the new window, you can log in to your DNS host and follow the instructions to connect your domain.

4. Once you see a success message in the new window, you can close it.

5. In the Connect <your DNS host> to Twilio SendGrid for this domain dialog, Twilio SendGrid will attempt to verify the correct setup of your DNS records.

6. Once your Domain Authentication setup is verified, the dialog will close, and you will see a success message in the Twilio SendGrid App UI.

7. If verification is unsuccessful, try clicking Verify again in 48 hours. It can take up to 48 hours for DNS changes to be applied. If you are still unable to verify Domain Authentication after 48 hours, please contact Twilio SendGrid support for help.

Manual setup

1. In the Manual Setup tab, you will see the DNS records that must be added with your DNS host provider. If you left, Use automated security checked during the earlier configuration steps; you will have three CNAME records. If you unchecked Use automated security, you will see an MX and two TXT records. For more information about these records, see this page's "Twilio SendGrid's DNS records" section.

2. Next, you will add the records displayed using your DNS provider. This process varies depending on your DNS host. Please take a look at these videos for videos on adding records with some popular DNS service providers.

3. Once you add the DNS records to your domain, return to the Twilio SendGrid App UI and click Verify.

4. You should now see the records verified successfully.

If only half of your records are verified, you likely need to wait a bit longer. It's also possible that you entered one of your records incorrectly. For other troubleshooting information, please take a look at Troubleshooting Sender Authentication.

How can I make sure everything's working right?

If you want to make sure that everything is correctly verified, you can contact your CSM or email us at Our technicians will check your DNS records. We will be glad to help you.

See also:

Did this answer your question?