How to Achieve DMARC Compliance for Email Sources Using Third-Party Senders (e.g., SendGrid, Mailgun) ?

Achieving DMARC compliance for email sources that rely on third-party senders like SendGrid or Mailgun involves a series of steps.

Steps to Achieve DMARC Compliance

  1. Add Your Domain to the Third-Party Sender’s Dashboard
    • Request the email source to add your domain to their third-party sender’s dashboard.
  2. Configure SPF
    • Update your domain's SPF record to include the third-party sender’s servers.

Example SPF record for Mailgun:
v=spf1 include:mailgun.org ~all

  • If you already have an SPF record, ensure to combine it properly to avoid conflicts.
  • For SendGrid, you should not add the "include" directly to your root domain's SPF record.  Instead, the SPF record should be a CNAME type and published at the subdomain level. You should obtain the SPF record directly from the email sending source together with the DKIM record.
       3.   Enable DKIM
    • The third-party sender should generate DKIM keys and share them with you.
    • Publish the provided DKIM TXT record in your domain's DNS settings.
    • Verify the setup with the email source to ensure DKIM is active.
    4. Test and Monitor
    • Use tools like Email Investigation to verify your configuration.
    • Regularly monitor DMARC reports to analyze compliance and ensure no legitimate emails are being flagged or blocked.

Some email sending sources that use third-party senders provide advanced features, allowing you to configure SPF and DKIM directly through their platforms. This enables you to handle the setup independently. However, if this option is not available, you will need to contact them to request the necessary SPF and DKIM records.

By carefully integrating your domain with the third-party sender’s platform and configuring SPF and DKIM settings, you can achieve email authentication and improve deliverability. Regular monitoring ensures ongoing compliance and helps identify potential issues early.