Sendgrid "Sender Authentication" on Azure

Question

I have an Azure SendGrid account that works great. I can send e-mails no problem with the usual API. I need to setup Sender Authentication (2 reasons, first it will help with receiver finding it in their junk and more importantly it will allow me to setup an Inbound Parse).

I have consulted the Sendgrid Documentation (https://sendgrid.com/docs/User_Guide/Settings/Sender_authentication/How_to_set_up_domain_authentication.html), which has explicit instructions, which involve DNS Records (more soon), but unfortunately this isn't working. I have also gone through their troubleshooting. I think it may be an issue with my domain actually being a sub-domain, but I can't figure out how to fix the DNS records to make it work.

I have a "DNS Zone" setup for my site, lets call the site "fake.azurewebsites.net".

Sendgrid instructed me to add the following CNAME records (numbers are scrambled): em1879.fake.azurewebsites.net > u7381760.wl261.sendgrid.net (..as well as two others)

So I made those records, and waited over 48 hours for DNS refresh, but Sendgrid will still not verify. I get the error: Expected CNAME for "em1879.fake.azurewebsites.net" to match "u7381760.wl261.sendgrid.net". I also tried their troubleshooting and wasn't able to get an "answer" using the DIG command. I am not using whitelisting or any of the other features that are known to interfere.

In all the documentation, the records usually take the form: em1879.usersDomain.com and not em1879.userSub.Domain.com, so that could be part of the issue, but I could of course be missing something.

Answer 1

I wanted to copy the answer that I got from Microsoft Tech support. Based on @mdeora comment, I contacted Azure and below was the response. It seems that the SubDomain is the problem, but only specifically for these azurewebsites.net subdomains, it may work fine for other subdomains if you can setup delegation.

"I suspect a delegation issue.

As I understand it, you have created a DNS zone name 'geic.azurewebsites.net'. This has been assigned name servers in Azure DNS (e.g. ns1-08.azure-dns.com etc). You have then created a DNS entry 'em8849' of type CNAME.

The problem is that there is no DNS delegation in place from the parent DNS zone to your DNS zone. In this case, the parent DNS zone is 'azurewebsites.net'. This is owned by Microsoft, and they do not support customers setting up delegations from this domain.

You should:

Purchase your own domain name (e.g. myapp.com). You can do this using the App Service Domains service in Azure (currently in Preview). See https://azure.microsoft.com/blog/app-service-domain/ Create a corresponding DNS zone in Azure DNS Set up DNS delegation for your DNS zone. See https://docs.microsoft.com/azure/dns/dns-delegate-domain-azure-dns Create your DNS record. For a Web App, use either a CNAME to the 'xxx.azurewebsites.net' or an A record directly to the site IP address. For Web Apps, you will also have to register your domain name as a custom domain for the Web App. See https://docs.microsoft.com/azure/app-service/web-sites-traffic-manager-custom-domain-name If you use App Service Domains to complete step 1, then steps 2 and 3 should be completed for you, automatically.

Good luck!

Jonathan (www.opsgility.com)" Proposed as answer by Jonathan TulianiModerator Friday, June 15, 2018 9:00 AM

Answer 2

For me, the problem was that Azure automatically includes domain name in the records: Sendgrid asks to add a CNAME record "s1.domainkey.yourcustomdomain.com"; You shoudn't include ".yourcustomdomain.com" in the name because azure automatically includes it. You can check that by editing a record and seeing that it ends up as: "s1.domainkey.yourcustomdomain.com.yourcustomdomain.com". So the record should be only: "s1.domainkey"; It worked for me, but i have a custom domain acquired from azure; maybe it works for azurewebsites subdomains, i'm not sure.