Domain Authentication (also referred to as Domain Verification, Whitelisting, or White-labeling) helps improve email deliverability from MinistryPlatform. It shows email providers that SendGrid has your permission to send emails on your behalf. To give SendGrid your permission, you can point DNS entries for your email domain to SendGrid.

This has a big impact on your reputation as a sender. Email service providers distrust messages that don't have Domain Authentication set up because they can't be sure that those messages come from you. So, we highly recommend setting up Domain Authentication. Once you do this:

• Recipients no longer see "via sendgrid.net" beside the From address of your messages.
• Receiving email servers are more confident in the legitimacy of your messages, which means it's less likely your messages end up getting blocked or sent to the spam folder.

For a better understanding, review "How Email Works" below. Or, if you're ready to set it up, you can jump to "Authenticate an Email Domain". And check out the demonstration video at the end for a complete walk-through.

How Email Works

In our highly automated world, we take email for granted. But it's a bit more complex than it seems at first glance. When an email is sent, the email content is combined with metadata and transferred to another computer on the Internet using the Simple Mail Transfer Protocol (SMTP). This other computer is known as an SMTP server.

Once MinistryPlatform completes this handoff, it either succeeds or fails. If the message is transferred successfully, the status in the Platform is set to "Sent". If the message transfer fails, the status is set to "Error", and the error message is saved in the database for further review. Either way, the Platform's part of the job is done. A failed message must be resent, which requires user intervention.

A "Sent" status does not mean the message will actually arrive in an inbox, however. This is just the first step. Next, the SMTP server verifies whether the sending domain is legitimate. Now, Domain Authentication becomes important! SendGrid will match the sender email address to its list of authenticated domains and update the metadata to the outgoing message accordingly.

At this point, the SMTP server may decide not to send the message to a specific email address. SendGrid refers to this as a "Drop", which can help protect your sender reputation. If your Platform Integration is set up, SendGrid reports this status back to MinistryPlatform. The SMTP server then uses a Mail Transfer Agent (MTA) to route the email to the recipient. The agent resolves the recipient's email domain to an IP address using the Domain Naming System (DNS). The message is transferred to the mail server at that IP address.

The destination mail server is referred to as a Mail Exchange Server (MX). When transferring the message, the MTA may pass the message along to other MTAs. Additionally, any firewalls, spam filters, or virus filters may quarantine the message, which can result in a "Bounce". Again, Domain Authentication helps here! The metadata that was added can help determine whether the message is rejected or passed along. If your Platform Integration is configured, SendGrid reports this status back to MinistryPlatform.

The final MTA verifies that the MX server accepts messages for the recipient at the recipient domain. The MX server may reject the message. SendGrid also refers to this as a "Bounce". Once again, Domain Authentication is your friend! The MX may use the metadata to determine whether it will accept or reject the message.

Finally, the MX server accepts and receives the message. Now, inbox providers or email clients can use the metadata and content to assess the legitimacy of the message. Providers may place the message in a spam folder or add warnings for recipients. The recipient may respond in a way that affects future delivery. They might report your message as spam or unsubscribe. SendGrid tracks these actions and records them in MinistryPlatform if you have the Platform Integration configured.

With this understanding, you can see why Domain Authentication is important and can help your messages get through without trouble. Ready to set it up? Keep reading!

Authenticate an Email Domain

You can authenticate your email domains in your SendGrid application.

1. In SendGrid, expand Settings in the menu, and click Sender Authentication.
   
   

   

2. Beside Domain Authentication, where it says "Authenticate Your Domain", click Get Started.
3. If you know where your DNS records are managed, you can select that option. Otherwise, leave this blank.
   Note: If your host is GoDaddy, you can update the records directly using SendGrid's integration with GoDaddy.
4. Where it asks about branding the links, select Yes. This way, the links in your emails are rewritten so SendGrid can capture user interactions, and your subdomain is used. If you select No, the links will use a sendgrid.com subdomain.
   
   

   

5. Click Next.
6. Enter your From Domain, where you send messages out of.
   Note: SendGrid generates subdomains for you to configure in DNS. You can override these using Advanced settings. Normally, you do not need to do this.
7. Click Next.
8. SendGrid generates five CNAMES (or three if you didn't select link branding) that you can configure in DNS.
   
   

   

   • If someone else manages your DNS records, click Send To A Coworker at the top to pass them along.
   • If you are adding DNS records, determine whether you only need to provide the subdomain portion or the entire CNAME.
     In this example showing Plesk web hosting, only the subdomain "s2._domainkey" needs to be entered.
     
     

     

9. After the records are added in DNS, you can select the checkbox and click Verify.
   
   

   

You'll receive a success message when the domain is verified. You can authenticate as many domains as you need to send email from. As long as you have access to the DNS records for the domain, you can authenticate them.

Next Steps: You should also add the domains to your Platform so it can send from each of your verified domains properly. For more information, see Avoiding Spam Filters.

Demo Video

This video shows a demonstration of setting up Domain Authentication in SendGrid.

Additional Resources from SendGrid

• How to Set Up Domain Authentication
• Troubleshooting Sender Authentication