Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
  • briannigl

SendGrid SMTP Services Considerations

Updated: Sep 23


SendGrid’s SMTP Service is well-suited to be your organization’s external SMTP solution. It fits nicely into an existing AWS account or Azure subscription but can also be purchased and managed directly through SendGrid. The advantage to SendGrid SMTP is that many organizations have no risk appetite for owning and managing their own external-facing SMTP services. SendGrid has been doing this since 2009 with volume exceeding 50 billion emails a month.


When considering implementing SendGrid’s SMTP Service into your organization, Convergency recommends you evaluate your use cases to determine subscription ownership and that you monitor your activity to minimize risk and avoid disruptions in service.


Subscription Ownership


Use cases should drive the decision on SendGrid subscription ownership. Excessive abuse by emails identified as spam, reported as abusive, etc., could place the SendGrid subscription into jeopardy. As email recipients and ISPs report on email activity, SendGrid is required to act. Once a subscription exceeds a certain threshold, the account may no longer be able to send emails using the service or may require an admin to act and assert that action has been taken to restore service. It is best that use cases be evaluated to determine if a subscription can be shared.


As an example, a global pharmaceutical company has an Azure subscription that is used primarily to send email acknowledgements for user registration on their 200+ sites. If another use case were introduced in the SMTP mix, abuse and spam scores could render the entire SendGrid subscription at risk for sending these email acknowledgements. The company’s Azure subscription is sensitive to serving the needs of Sales & Marketing and should not allow other use cases to be implemented.


Service Management


As noted above, spam and abuse reporting are part of the SendGrid service. It is important that a subscription owner designate a service provider to monitor the subscription and act.


Responsibilities


Domain Authentication & Sender Policy Framework

Each sender domain must be authenticated with SendGrid. Sender Policy Framework (SPF) records must be configured for each sender domain. This requires adds or updates to DNS TXT records. As domains are added or removed from the environment, support personnel need to add or remove domain authentication and add or remove SPF records.


Subscription Models

Azure Marketplace. SendGrid can be purchased and integrated into an existing Azure subscription via the Azure Marketplace. Azure creates the subscription ownership account, encryption key and performs all billing.


AWS Marketplace. SendGrid can be purchased and integrated into an existing AWS account via the AWS Marketplace. AWS creates the subscription ownership account, encryption key and performs all billing. Administration is initiated through the AWS console.


Direct purchase is used when you do not have an Azure or AWS subscription. You purchase a subscription directly from SendGrid.


IP Address Management

Ensure your sending hosts are registered with public-facing IP addresses.


Monitoring

The following metrics should be monitored to assess baselines and evaluate anomalies:

  1. Dashboard | Delivered

  2. Dashboard | Spam Reports

  3. Suppressions | Bounces

  4. Suppressions | Blocks

  5. Suppressions | Invalid

Manage Subusers

Subusers help you segment your email sending and API activity. You assign permissions and credit limits when you create the Subusers. It is recommended to create Subusers for each of the different originators.


Manage API Keys

API keys are used by your application, mail client, or website to authenticate access to SendGrid services. They are the preferred alternative to using a username and password because you can revoke an API key at any time without having to change your username and password. It is recommended that you use API keys for connecting to all SendGrid’s services.


Dedicated IP Address(es)

A dedicated IP address is needed if you are sending high-volume mail or initiating campaign-based emails. A dedicated IP address helps improve your email reputation.


Warmup

Warm-up is a gradual process of establishing sender reputation for a dedicated IP address. A typical warm-up period is one month with a maximum volume of 1 million emails. You should not exceed one-million emails per month until your second or third month, taking great care over monitoring your activity and working with SendGrid on any abuse issues.


To get started with a direct SendGrid subscription, start here:

https://sendgrid.com/docs/for-developers/sending-email/api-getting-started/


Convergency LLC is an IT consulting and advisory firm that specializes in cloud architecture, cloud migration, cloud audit and security risk management services.

16 views

Recent Posts

See All