SendGrid email service

The SendGrid Simple Mail Transfer Protocol (SMTP) proxy service provides outbound email authentication and reputation monitoring services, including support for:

• All outbound transactional emails
• Dedicated IP addresses
• Domain registration, DomainKeys Identified Mail (DKIM) signatures for email domain validation (for Pro only)
• Custom domain registration (for Pro only)
• Automated integration for Starter and Pro Integration environments. Pro Production and Staging environments require manual provisioning and configuration during the Infrastructure as a Service (IaaS) hardware provisioning process

The SendGrid SMTP proxy is not intended for use as a general-purpose email server to receive incoming email or for use with email marketing campaigns.

Enable or disable email

By default, outgoing email is enabled on Production environments. The Outgoing emails may appear off in the environment settings regardless of status until you set the enable_smtp property. You can enable outgoing emails for other environments to send two-factor authentication emails for Cloud project users. See Configure emails for testing.

DomainKeys Identified Mail (DKIM)

DKIM is an email authentication technology that enables Internet Service Providers (ISPs) to identify both legitimate and fake sender addresses, a technique commonly used in phishing and email scams. DKIM relies on a domain owner managing the DNS records. When using DKIM, the sender server uses a private key to sign the messages. Also, the domain owner adds a DKIM record, which is a modified TXT record, to the sender-domain’s DNS records. This TXT record contains a public key that recipient mail servers use to verify the signature of a message. The DKIM public-key cryptography procedure enables recipients to verify the authenticity of a sender. See DKIM Records Explained.

Sender and domain authentication

For SendGrid to send transactional emails on your behalf from Pro Production environments, you must configure your DNS settings to include the three SendGrid subdomain DNS entries. Each SendGrid account is assigned a unique TXT record which is used to authenticate outbound emails.

To enable domain authentication:

1. Submit a support ticket that requests to enable the DKIM for a specific domain.
2. Update your DNS configuration with the TXT and CNAME records provided to you in the support ticket.

Example TXT record with account ID:

v=spf1 include:u17504801.wl.sendgrid.net -all

Example CNAME records:

DKIM signatures and automated security

You can select between automated and manual security when setting up an authenticated domain. If you choose automated security, SendGrid manages your DKIM and SPF records automatically. When you add a new dedicated sending IP address to your account, SendGrid updates your DNS settings and DKIM signature immediately. If you turn off automated security, you are responsible for updating your DKIM signature anytime you change your sending domain.

Example automated security enabled:

subdomain.mydomain.com. | CNAME | uxxxxxx.wl.sendgrid.net
s1._domainkey.mydomain.com. | CNAME | s1.domainkey.uxxxxxx.wl.sendgrid.net
s2._domainkey.mydomain.com. | CNAME | s2.domainkey.uxxxxxx.wl.sendgrid.net

Example automated security disabled:

me12345.mydomain.com | MX | mx.sendgrid.net
me12345.mydomain.com | TXT | v=spf1 include:sendgrid.net ~all
m1._mydomain.com | TXT | k=rsa; t=s; p=<public-key>

After domain authentication is set up, SendGrid automatically handles Security Policy Framework (SPF) and DKIM records for you. After SendGrid provides the CNAME records to add to your DNS records, you can add dedicated IP addresses and make other account updates without having to manage your SPF records manually. See Automated Security and Your DKIM Signature.

To test your DNS configuration:

dig CNAME em.domain_name
dig CNAME s1._domainkey.domain_name
dig CNAME s2._domainkey.domain_name

Transactional email threshold

The transactional email threshold refers to the number of transactional email messages that you can send from Pro environments within a specific time period, such as 12,000 emails per month from non-production environments. The threshold is designed to protect against sending spam and potentially damaging your email reputation.

There are no hard limits on the number of emails that can be sent in the Production environment, as long as the Sender Reputation score is over 95%. The reputation is affected by the number of bounced or rejected emails and whether DNS-based spam registries have flagged your domain as a potential spam source. See Emails not sent when SendGrid credits exceeded on Adobe Commerce in the Commerce Support Knowledge Base.

To check if maximum credits are exceeded:

1. On your local workstation, change to your project directory.

2. Use SSH to log in to the remote environment.

   magento-cloud ssh
   

3. Check the /var/log/mail.log for authentication failed : Maxium credits exceeded entries.

   If you see any authentication failed log entries, you can Submit an Adobe Commerce Support ticket to request a credit allotment increase.

Email sending reputation

An email sending reputation is a score assigned by an Internet Service Provider (ISP) to a company sending email messages. The higher the score, the more likely an ISP delivers messages to a recipient’s inbox. If the score falls below a certain level, the ISP may route messages to recipients’ spam folder or even reject messages completely. The reputation score is determined by several factors such as a 30-day average of your IP addresses rank against other IP addresses and spam complaint rate. See 5 Ways to Check Your Sending Reputation.

Business.Adobe.com resources