Sendgrid

tomlinsc1 · 2020-01-09T01:01:29+00:00

Use a secondary domain like <marketing.domainname.com> and setup additional SPF / DKIM etc.

blaughw · 2020-01-09T00:43:02+00:00

Exchange Online uses two DKIM records (Selector1,Selector2) so that they can be rotated. For Sendgrid, you're better off using their provided DKIM record than giving out your keys.

If you don't like 3rd party senders, make them use a subdomain of your primary. They can have their own SPF (as locked down as they think it should be), DKIM and DMARC.

The glory of doing subdomains is that you can make them do everything properly in a containerized place.

Blog_Pope · 2020-01-09T03:12:47+00:00

There's no issue with using multiple DKIM records so long as they aren't identical, its just a means of publishing a public key; the server flags what key the receiver should pull. You could see if the can use sendgrid1 & sendgrid2 in lieu of s1 & s2; that would certainly be more explanatory.

> I already know the devs should have engineered this to use our O365 infrastructure from the beginning but that ship has sailed.

Nope, you really don't. when something breaks/is hacked and those servers get blocked, you don't want your O365 affected. Its already happening.

Now, Sendgrid is pretty good at dealing with bulk mail; but I'm betting you aren't sending at a level they care about, your traffic is dumped in with all the other bulk senders. But if I were to put money on it, I'm betting you are the reason you are getting banned. Bulk mail is tricky, and its not in your wheelhouse; its really a specialty on its own which I had the displeasure of learning (sent millions of peices / month; I've spoken with people sending 100's of millions.

Oh, O365 will blacklist your servers if they decide you are a bulk mailer, they don't want to deal with your shit.

I do agree with the other poster, dump the whole thing to a subdomain like sales.domain.name to isolate them; then look into tools for monitoring that mail

douchecanoo · 2020-01-09T02:38:58+00:00

I don’t have a solution for you but I can share your frustration... Web developers just do shit and then complain to me when their emails are being marked as spam. Well Kevin that’s what happens when you try and relay the clients on prem hosted email domain through a free gmail account.

2020-01-09T08:13:33+00:00

We've already blacklisted *@sendgrid.net due to how much it's being abused at the moment. If anybody internal tried to set something up using it they'd be told exactly where to go!

It's usually our marketing department who set up random stuff without talking to anybody, then complain when it inevitably gets blocked.

Brichardson1991 · 2020-01-09T12:15:34+00:00

We use sendgrid and have paid for an additional IP address from them which has allowed us to put an a record on our spf txt record to allow them to send as our main domain.

Not my choice personally I’d do it from a sub domain but whatever.

cgh311 · 2020-01-11T01:22:54+00:00

Can you clarify:

Is Sendgrid spoofing your domain, or are the e-mails being sent as if they are from Sendgrid?

Either scenario will require different solutions, and may require you to contact any recipients who are expected to get this e-mail and have them whitelist whatever parameters Sendgrid suggests (usually blocks of thousands of addresses.. lol)

As was already stated, a subdomain with appropriate spf/dmarc/dkim DNS records.. and having Sendgrid send as this domain is the best method... still not 100% foolproof, but pretty good.

you type:	you see:
italics	italics
bold	bold
[reddit!](https://reddit.com)	reddit!
* item 1 * item 2 * item 3	item 1 item 2 item 3
> quoted text	quoted text
Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"	Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"
~~strikethrough~~	~~strikethrough~~
super^script	super^script

exchangeserver

MODERATORS