Can SendGrid Domain Authentication records be deleted after verification? - dns

The Domain Authentication process requires creating three cname DNS records. Something like:
em1234.example.com
s1._domainkey.example.com
s1._domainkey.example.com
Our website domain is moving to another Azure directory, and so I have to set up a new SendGrid account. The previous account already has those records setup. The number in the first record is different, but the last two are the same. In order to verify the domain in the new account, I have to set them up again, and the values will change. If I set up the new values, will the old account still be able to send email? The new site is not yet launching, but I'd like to have it all set up and tested beforehand.

My understanding is that the CNAME records that you set up through domain authentication allow for SendGrid to handle and keep up to date the requirements for SPF and DKIM. So, if you were to create a new SendGrid account and change the s1._domainkey.example.com record for your domain to the settings for the new account, then your emails from your old account might start being rejected or failing SPF and DKIM checks.
You might consider setting up your emails under a subdomain while you move between accounts to avoid messing with the main domain's DNS records. Or you could move your existing mails to be sent out over a subdomain and then set up the main domain on your new account.
For more in depth support with this, I recommend checking with SendGrid support.

I just learned from SendGrid support that you can set up CNAME records with a different prefix than s1 and s2 by choosing a custom DKIM selector: https://docs.sendgrid.com/ui/account-and-settings/how-to-set-up-domain-authentication#using-a-custom-dkim-selector

Related

Confusion in setting up Gsuite email [Domain: Namecheap, Host: AWS S3, Serving: Cloudfront]

I have a problem setting up GSuite gmail. I can send out emails to other accounts; however, I cannot receive any emails from outside. My admin page says
Setting up email is taking longer than expected
We were unable to set up email, or your domain host is taking longer than expected to update your information.
My domain is registered with Namecheap. But it is served from Amazon S3. And the "https" certificate is verified and served through CloudFront. When setting up "MX Records" for Gsuite gmail, I set up in Namecheap. But it has been more than 72 hours, and Gsuite is still not picking up. In my situation, do I have to set up "MX Records" through Route53 because it is being hosted in Amazon S3?
You can setup MX records however if your domain is still not verified with G Suite you will not be able to use emails or any other service. Make sure to:
Your domain has been verified Verify your domain for G Suite.
MX Records are setup properly G Suite MX record values
If you domain is verified make sure that all apps on Admin Console > Apps > G Suite are enabled.
Also as recommendation set up SPF, DKIM and DMARC to authenticate email.
If you are still not able to receive emails I would suggest to contact G Suite Support. Also make sure where your Domain NS servers are pointing to, there is where you have to update the DNS.
It's not really an issue with Google, every domain's MX records are public, you can easily inspect your domain and verify if the MX records are already setup to Google, check https://mxtoolbox.com/ and make sure that the MX records are already ASPMX.L.GOOGLE.COM, if it's not, then make sure that the MX is updated in your NameServers (not necesarily your domain provider), same online tools can easily tell you which is your active NameServers (Google NS lookup tools).

Azure CDN HTTPS stuck at enabling -- validation request being sent to protected-by-gdpr email? any workaround?

So my 'enabling' HTTPS stage for my CDN endpoint has been stuck for 3+ days at 'enabling cdn' with the usual message of: a verification request will be sent to the email listed in your domain’s registration record (WHOIS registrant).
Now, I have the CNAME set as you can't even add it if it's not set to the right CDN endpoint. I have cancelled the process and restarted it after 2 days and now at the 2'nd attempt it's been hanging for 3 days.
The issue is the email for verification via the WHOIS will always go to something like protected-by-gdpr#gdpr-protected.com -- some type of placeholder domain as due to GDPR in Europe WHOIS data is no longer available.
This is not like 'WHOIS GUARD' that still leaves a way of getting contact, nor it is changeable, it is by default enforced across all domains as far as I can tell.
Now my questions is, what do I do to enable HTTPS on my custom domain if it doesn't care/look at the CNAME records?
According to this doc, If the CNAME record entry for your endpoint no longer exists or it contains the cdnverify subdomain,
DigiCert also sends a verification email to additional email
addresses. If the WHOIS registrant information is private, verify that
you can approve directly from one of the following addresses:
admin#<your-domain-name.com>
administrator#<your-domain-name.com>
webmaster#<your-domain-name.com>
hostmaster#<your-domain-name.com>
postmaster#<your-domain-name.com>
You should receive an email in a few minutes, similar to the following
example, asking you to approve the request. If you are using a spam
filter, add admin#digicert.com to its whitelist. If you don't receive
an email within 24 hours, contact Microsoft support.
You also could verify the above addresses. As far as I know, some similar domain ownership verifying question such as could not get verified from WHOIS registrant or your domain owner information is not enough exposed publicly so that domain ownership verifying has a failure.
To get fix these issue quickly, you can directly contact Microsoft support. They will confirm the domain information for you. See another similar thread.
I needed to add digicert to my CAA authorities in my domains DNS setting, because I already had a value present, it wouldn't let me issue certificates unless I added that there.

Use phplist in another server than the sender's domain

I am trying to use phplist in a different server than the domain that I want to use it as a sender. Is is possible?
To clarify my question:
my phplist is installed in example.com
The domain that I want to use as sender is example1.com (in another
ip than phplist)
I would need some help on how I have to set up my dns settings in both servers.
(In phplist settings I use smtp credentials of info#example1.com)
Please let me know if I need to clarify something better.
It's perfectly acceptable for a domain to be associated with more than one server in various ways. You don't have to do anything special to send from a different domain, but it would be a very good idea to add the IPs to the SPF record for the domain you're sending from. For outbound you don't have to do anything in DNS - to deal with bounces you can use a return path in your sender domain rather than the from domain.
Hi you have ask a good question about adding a new domain to the phplist.
If you need to set up a new from emails using the domain example1.com, go to campaign setting, and add the new from email address in your case whatever#example1.com.
Also you need to add an spf record to the dns area of example1.com, to allows your IP addresses to send emails from domain example1.com.
you can use spf wizard to generate the spf reccord https://www.spfwizard.net/
wish that all you need.

Sendgrid Integration / DNS Setup

I am having some difficulty setting up my SendGrid account to connect to my DNS on Cloudflare and enable custom domain whitelisting for two domains.
My plan is to deploy emails from my Clickfunnels' Actionetics account. Currently, my integration into Clickfunnels is a success and I was able to receive an automated test e-mail (from my custom domain) to my personal email address. I understand that I should be able to send emails from any e-mail address I need (support#domain.com, hamid#domain.com, info#domain.com) without needing to physically needing to go through any setup process to get these emails up and running. Initially when I went through the SendGrid setup, I needed to add 3 CNAMES to my Cloudflare DNS. Everything successfully installed without any issues from Cloudflare. After speaking with Support, I was told that I might need to retry the whitelabel wizard with automatic security off. Going through this wizard should give 2 txt's and one MX (mail exchanger) record instead of 3 CNAMES.
"Automating security allows the system to redirect ISPs to SendGrid to check DNS records that follow strict security protocols and are custom to your account. Due to a character limit on TXT records, we are only able to create a custom SPF (sender policy framework) record for users with up to 11 IP addresses. This will not affect deliverability. You would have to go through the whitelabel process again."
If you have experience in this type of issue, please let me know what you think.
This is one method the I recommended.
“white-label the domains again but this time completing it with automatic security turned off. Going through this wizard should give 2 txt's and one MX record instead of 3 CNAMES.”
"Automating security allows the system to redirect ISPs to SendGrid to check DNS records that follow strict security protocols and are custom to your account.
Due to a character limit on TXT records, we are only able to create a custom SPF record for users with up to 11 IP addresses. This will not affect deliverability. You would have to go through the white-label process again."
Thanks, I hope you can resolve this.
I can't understand your question.
SPF is kind of TXT record, it can help receiver know email comes from right ip address.
Whitelabeled Domains help receiver know email really comes from the right server.
Sendgrid need a subdomain and two well-know subdomain to verify your identity.

DKIM DNS entries for multiple subdomains in mailgun

I use Mailgun for sending mails in my multi-tenant application. Each tenant is using different (sub)domain in mailgun to send mails around. For example:
Tenant 1 - tenant1.example.com
Tenant 2 - tenant2.example.com
...
I would like to be able to create tenants automatically (without my involvement). Mailgun provides API for creating domains programatically. The problem is that some DNS entries need to be added to make full use of Mailgun features. My current DNS provider does not provide API for automatically adding those entries.
I noticed, that if I add single SPF record with name *.example.com then mailgun is fine with this and does not ask me to add SPF record separately for each subdomain.
Is it possible to do the same with DKIM? If not, what are the alternatives?

Resources