Some ISPs (most notably Yahoo!) authenticate e-mail using Domain Keys. Domain Keys work by having a company sign an e-mail with their private key, and then publish a public key in their DNS, which is then used to verify the e-mail signature.

The domain that is checked for the public key is based on one of two e-mail headers; Sender and From. If a Sender header is specified, its domain will be the first one checked, otherwise the domain of the From header will be used. Most e-mail clients do not insert a Sender header, so typically the From address would be used.

Domain Keys App Image

DomainKeys is disabled by default, because SendGrid signs all e-mail with DKIM. However, it’s still available to be enabled if you need it for a legacy mail receiver.


Name Required Description
Domain Yes Sets the sender domain.
Enable sender header Yes Enables the Domain Keys sender header.

Some ISPs or e-mail clients (such as Hotmail or Outlook) will display a message with the Sender header reading “on behalf of” followed by the address that is in the Sender header. To remove this, do one of the following:

1.Disable the Domain Keys filter in the filters section of your account

2.Upgrade to a package (Silver or higher) that provides Whitelabel support and set up the Domain Keys record in your DNS

Settings may be changed through: