Fix guide

How to Fix DMARC Alignment for SendGrid

This page walks you through fixing DMARC for SendGrid: add three CNAMEs so mail signs as your domain instead of bouncing as @sendgrid.net.

Why SendGrid breaks DMARC out of the box

SendGrid’s default bounce path is @sendgrid.net. Your From: says your brand. DMARC alignment wants the bounce path (SPF) or the DKIM signing domain to match that From: line — so you wire up their CNAMEs.

Exact DNS records required

Copy-paste pattern (replace [ID] with your SendGrid account ID from the dashboard):

em[ID].yourdomain.com → CNAME → u[ID].wl.sendgrid.net s1._domainkey.yourdomain.com → CNAME → s1.domainkey.u[ID].wl.sendgrid.net s2._domainkey.yourdomain.com → CNAME → s2.domainkey.u[ID].wl.sendgrid.net

Step-by-step fix

Step 1 Log into SendGrid → Settings → Sender Authentication → Authenticate Your Domain
Step 2 Enter your domain name and select your DNS provider
Step 3 Copy the 3 CNAME records SendGrid generates for your account
Step 4 Add all 3 CNAMEs to your DNS provider (Cloudflare, Namecheap, etc.)
Step 5 Return to SendGrid and click Verify — wait up to 48 hours for DNS propagation
Step 6 Run DNS Preflight on your domain to confirm alignment passes

Run your domain through DNS Preflight

Open DNS Preflight →
Related glossary: DMARC · DMARC alignment · DKIM · SPF record · Email spoofing

FAQ

Why do SendGrid emails fail DMARC even with SPF and DKIM records added?

Generic TXT records aren’t enough — you need SendGrid’s own CNAME bundle so they sign and bounce as your domain.

What are the exact CNAME records SendGrid needs?

Three hostnames: em[ID], s1._domainkey, s2._domainkey — SendGrid shows the exact targets in Sender Authentication. Use your real account id instead of [ID].

How long does SendGrid DMARC alignment take?

Usually a day or two for DNS. After that, hit DNS Preflight again and confirm alignment went green.

Do I need both SPF and DKIM alignment for DMARC to pass?

No — one aligned pass is enough. Their CNAME flow usually nails DKIM alignment first.

Will existing emails break during the CNAME setup?

No. You’re adding names; delivery keeps flowing. Alignment tightens once SendGrid marks the domain verified.

← All DMARC fix guides

Open DNS Preflight and re-check your zone →