Sendgrid "Sender Authentication" on Azure
I wanted to copy the answer that I got from Microsoft Tech support. Based on @mdeora comment, I contacted Azure and below was the response. It seems that the SubDomain is the problem, but only specifically for these azurewebsites.net subdomains, it may work fine for other subdomains if you can setup delegation.
"I suspect a delegation issue.
As I understand it, you have created a DNS zone name 'geic.azurewebsites.net'. This has been assigned name servers in Azure DNS (e.g. ns1-08.azure-dns.com etc). You have then created a DNS entry 'em8849' of type CNAME.
The problem is that there is no DNS delegation in place from the parent DNS zone to your DNS zone. In this case, the parent DNS zone is 'azurewebsites.net'. This is owned by Microsoft, and they do not support customers setting up delegations from this domain.
You should:
Purchase your own domain name (e.g. myapp.com). You can do this using the App Service Domains service in Azure (currently in Preview). See https://azure.microsoft.com/blog/app-service-domain/Create a corresponding DNS zone in Azure DNSSet up DNS delegation for your DNS zone. See https://docs.microsoft.com/azure/dns/dns-delegate-domain-azure-dnsCreate your DNS record. For a Web App, use either a CNAME to the 'xxx.azurewebsites.net' or an A record directly to the site IP address.For Web Apps, you will also have to register your domain name as a custom domain for the Web App. See https://docs.microsoft.com/azure/app-service/web-sites-traffic-manager-custom-domain-nameIf you use App Service Domains to complete step 1, then steps 2 and 3 should be completed for you, automatically.
Good luck!
Jonathan (www.opsgility.com)"Proposed as answer by Jonathan TulianiModerator Friday, June 15, 2018 9:00 AM
For me, the problem was that Azure automatically includes domain name in the records: Sendgrid asks to add a CNAME record "s1.domainkey.yourcustomdomain.com"; You shoudn't include ".yourcustomdomain.com" in the name because azure automatically includes it. You can check that by editing a record and seeing that it ends up as: "s1.domainkey.yourcustomdomain.com.yourcustomdomain.com". So the record should be only: "s1.domainkey";It worked for me, but i have a custom domain acquired from azure; maybe it works for azurewebsites subdomains, i'm not sure.