The SendGrid Simple Mail Transfer Protocol (SMTP) proxy service provides outbound email authentication and reputation monitoring services, including support for:
The SendGrid SMTP proxy is not intended for use as a general-purpose email server to receive incoming email or for use with email marketing campaigns.
You can find SendGrid details for your account in the Onboarding UI and select the Project Details > Hosting Info tab.
By default, email support is disabled on Staging and Production environments. Enable email support on an environment in order to send transactional emails, including Welcome, password reset, and two-factor authentication emails for Cloud project users. See Configure emails for testing.
DKIM is an email authentication technology that enables Internet Service Providers (ISPs) to identify both legitimate and fake sender addresses, a technique commonly used in phishing and email scams. DKIM relies on a domain owner managing the DNS records. When using DKIM, the sender server uses a private key to sign the messages. Also, the domain owner adds a DKIM record, which is a modified
TXT record, to the sender-domain’s DNS records. This
TXT record contains a public key that recipient mail servers use to verify the signature of a message. The DKIM public-key cryptography procedure enables recipients to verify the authenticity of a sender. See DKIM Records Explained.
The SendGrid DKIM signatures and domain authentication support are available only for Pro projects and not Starter. As a result, outbound transactional emails are likely to be flagged by spam filters. Using DKIM improves the delivery rate as an authenticated email sender. To improve message delivery rate, you can upgrade from Starter to Pro or use your own SMTP server or email delivery service provider. See Configure email connections in the Admin Systems guide.
For SendGrid to send transactional emails on your behalf, you must configure your DNS settings to include the three SendGrid subdomain DNS entries. Each SendGrid account is assigned a unique
TXT record which is used to authenticate outbound emails.
To enable domain authentication:
CNAMErecords provided to you in the support ticket.
TXT record with account ID:
v=spf1 include:u17504801.wl.sendgrid.net -all
|Domain||Points To||Record Type|
You can select between automated and manual security when setting up an authenticated domain. If you choose automated security, SendGrid manages your DKIM and SPF records automatically. This means that when you add a new dedicated sending IP address to your account, SendGrid updates your DNS settings and DKIM signature immediately. If you turn off automated security, you are responsible for updating your DKIM signature anytime you change your sending domain.
Example automated security enabled:
subdomain.mydomain.com. | CNAME | uxxxxxx.wl.sendgrid.net s1._domainkey.mydomain.com. | CNAME | s1.domainkey.uxxxxxx.wl.sendgrid.net s2._domainkey.mydomain.com. | CNAME | s2.domainkey.uxxxxxx.wl.sendgrid.net
Example automated security disabled:
me12345.mydomain.com | MX | mx.sendgrid.net me12345.mydomain.com | TXT | v=spf1 include:sendgrid.net ~all m1._mydomain.com | TXT | k=rsa; t=s; p=<public-key>
After domain authentication is set up, SendGrid automatically handles Security Policy Framework (SPF) and DKIM records for you. After SendGrid provides the
CNAME records to add to your DNS records, you can add dedicated IP addresses and make other account updates without having to manage your SPF records manually. See Automated Security and Your DKIM Signature.
To test your DNS configuration:
dig CNAME em.domain_name dig CNAME s1._domainkey.domain_name dig CNAME s2._domainkey.domain_name
The transactional email threshold refers to the number of transactional email messages that you can send from Pro environments within a specific time period, such as 12,000 emails per month from non-production environments. The threshold is designed to protect against sending spam and potentially damaging your email reputation.
There are no hard limits on the number of emails that can be sent in the Production environment, as long as the Sender Reputation score is over 95%. The reputation is affected by the number of bounced or rejected emails and whether DNS-based spam registries have flagged your domain as a potential spam source. See Emails not sent when SendGrid credits exceeded on Adobe Commerce in the Commerce Support Knowledge Base.
To check if maximum credits are exceeded:
On your local workstation, change to your project directory.
Use SSH to log in to the remote environment.
authentication failed : Maxium credits exceeded entries.
If you see any
authentication failed log entries, you can Submit an Adobe Commerce Support ticket to request a credit allotment increase.
An email sending reputation is a score assigned by an Internet Service Provider (ISP) to a company sending email messages. The higher the score, the more likely an ISP delivers messages to a recipient’s inbox. If the score falls below a certain level, the ISP may route messages to recipients’ spam folder or even reject messages completely. The reputation score is determined by several factors such as a 30-day average of your IP addresses rank against other IP addresses and spam complaint rate. See 5 Ways to Check Your Sending Reputation.