How to Send Emails with Twilio SendGrid on EU Servers

Time to read: 7 minutes

August 26, 2024
Written by
Yukti Ahuja
Twilion
Brandon Walker
Twilion
Reviewed by
Tyler Bischel
Twilion
Jesse Sumrak
Twilion
Paul Kamp
Twilion

How to Send Emails with Twilio SendGrid on EU Servers

Configurable Sending in Region: EU or Global

With a growing emphasis on data protection and regional compliance, businesses are increasingly seeking ways to ensure their data remains within specific geographical boundaries. Twilio SendGrid has introduced the capability to send outbound emails using servers located in the European Union, providing an enhanced level of data sovereignty.

In this post, you'll learn how to configure your SendGrid setup to keep your data within the EU. This includes steps to create regional subusers, assign dedicated IPs, configure DNS records, and utilize the SendGrid API at the api.eu.sendgrid.com endpoint.

Let’s see how to set this up!

For this use case, you must create a parent account and then set up a subuser specifically for sending emails via the EU region. The parent account itself cannot send emails to the EU. This guide focuses on the process of creating and using an EU subuser for sending emails, with the key step being the procurement and assignment of EU IP addresses

Prerequisites

Before starting, you will need a Twilio SendGrid Pro or Premier Account. If you don’t yet have one, you can sign up for an account here.

Step-by-Step Instructions

Once you have the sendgrid account in place, you’re ready to set up a subuser to send from the EU! These next steps will walk through what you’ll need.

  1. A SendGrid API Key with Full Access permission on the Parent Account
  2. Procure EU IP Address for the EU Subuser
  3. A Sendgrid subuser that will be bound to the EU region
  4. A SendGrid API Key with atleast mail-send permission on the Newly created Subuser Account
  5. Sender Authentication to verify that you own the email address or domain that you send emails from.
  6. Send an email via this newly created subuser.

Create an API Key for the parent account

Login to your parent account and create a your API key using the Sendgrid app console

Create a SendGrid API Key

Click Create & View, and then save the value of the key somewhere safe – it is only shown once in your console.

Steps via the Sendgrid Console

IP procurement and assignment

Add a regional IP and assign to parent account and subusers:

The next step is to add an IP address and assign it to the parent account and/or the newly created subuser. 

Only the Parent account or Teammates acting on the Parent account with either Billing or Admin permissions can purchase and add dedicated IPs

You can purchase an additional dedicated IP Address from the IP Addresses Settings page or from your Plan & Billing Details page.

To add an additional dedicated IP Address:

 

  1. In the left navigation, select Settings and then click IP Addresses . Here you'll see a list of your current d IPs. Your IPs in warmup will have a 'warmup' label.
  2. Click Add an IP Address

Under "Additional Options" you will find the following options:

  • Check the Use automated IP warmup option This will allow SendGrid to gradually increase the amount of email sent over this IP. Note: It is best practice to warm an IP address over time before sending fully over that IP address. When using automated warmup, you must have at least one other warm IP that can handle the overflow traffic from the IP in warmup.

  • Check the Allow my account to send mail using this IP address

  • Make sure to set the IP Address Region as EU

After purchasing your IP, we strongly encourage you to set up reverse DNS. For more information about setting up reverse DNS, see How to set up reverse DNS.

Form for adding a dedicated IP address with options for an IP warmup and subusers, and a blue Add button.

Create a regional Subuser

You can use the parent account or a subuser to assign to send emails in the EU region and assign the newly created IP address. In your console, go to settings -> Subuser Management -> Create New Subuser

User management screen with Subuser Management, Export Data, and Create Sub-User options displayed.

Give a unique name, email and password to the user. Assign EU User region to this subuser as shown below. 

Form for creating a new subuser with fields for username, email, and password, plus global or EU region selection.

Once EU User is selected then check the EU IP address created in the above step. 

User interface showing IP address assignment for subusers with one address selected and highlighted details.

Click create subuser towards the end of the page. 

Configure domain authentication for the Subuser

Once the new subuser is created. Next step is to authenticate your domain. From your parent account go to settings-> Sender Authentication -> Authenticate Your Domain. Make sure to assign this domain to a subuser and the “Make domain EU-pinned” option under Advanced Settings are checked while authenticating your email.

Screen to authenticate domain with advanced settings for email subuser and EU-pinned domain.

Continue with the steps and complete your domain authentication process. 

This process also requires adding CNAME records to your DNS provider. 

With this you have created a subuser with EU domain authentication and an IP address. 

Steps via the backend

IP procurement and assignment

Add a regional IP and assign to parent account and subusers:

The next step is to add a regional IP address and assign it to the parent account and/or the newly created subuser.

 

Keep in mind that you can only add one IP address per month through self-service.

The cURL command below demonstrates how to add an EU-based IP address and assign it to both the subuser and the parent accounts. For the complete details on this endpoint, refer to the Add a Twilio SendGrid IP Address documentation.

cURL Example: 

curl -H "Authorization: Bearer <<YOUR_API_KEY>>" \
  -X POST "https://api.sendgrid.com/v3/send_ips/ips" \
  -d '{
    "is_auto_warmup": false,
    "is_parent_assigned": true,
    "subusers": ["123456"],
    "region": "eu",
    "include_region": true
  }'

And the response should look something like this: 

{
  "ip": "1.1.1.1",
  "is_auto_warmup": false,
  "is_parent_assigned": true,
  "subusers": ["123456"],
  "region": "eu"
}

To obtain the correct subuser_id for the code above, you would first need to list all the subusers. You can do this by following the instructions provided in the Twilio SendGrid API documentation for listing all subusers. An example is below. 

curl -X GET "https://api.sendgrid.com/v3/subusers" \
  --header "Authorization: Bearer <<YOUR_API_KEY>>"

Here is an example response for the above command: 

[
  {
    "username": "eusubuser",
    "id": 123456,
    "email": "subuser@example.com",
    "disabled": false
  },
  {
    "username": "demo",
    "id": 111111,
    "email": "demo@example.com",
    "disabled": false
  }
]

If you want to add an EU-based IP address to an existing subuser, here’s how you can do it: 

curl -H "Authorization: Bearer <<YOUR_API_KEY_HERE>>" \
  -X POST "https://api.sendgrid.com/v3/send_ips/ips/1.1.1.1/subusers:batchAdd" \
  -d '{
    "subusers": ["111111"]
  }'

And here is an example response: 

{
  "ip": "1.1.1.1",
  "subusers": ["111111"]
}
Create a regional subuser

To create a subuser in the EU region, start by reviewing the SendGrid Subusers API documentation or by following the cURL example provided below. Be sure to specify the region as eu when configuring the subuser.

cURL Example:

curl -X POST "https://api.sendgrid.com/v3/subusers" \
--header "Authorization: Bearer <<YOUR_API_KEY>>" \
--header "Content-Type: application/json" \
--data '{"username": "eusubuser", "email": "subuser@example.com", "password": "strongpassword123", "region": "eu", "include_region": true}'

And the response is below: 

{
  "username": "eusubuser",
  "user_id": 123456,
  "email": "subuser@example.com",
  "credit_allocation": {
    "type": "unlimited"
  },
  "region": "eu"
}

Complete Sender Authentication

Now that we have created a subuser and assigned it an EU IP address, the next step is to complete the domain authentication for this subuser.

This process also requires adding a record to your DNS provider.

You can complete domain authentication either via the SendGrid UI or through the API. Follow the steps below to complete domain authentication via the API. Each step includes links to the relevant documentation and an example cURL command.

Step 1: Authenticate your domain for the EU region

To authenticate your domain for the EU region, follow the instructions in the Authenticate a Domain documentation.

Run the initial command to authenticate your domain, which will give you the DNS records you need to add to your DNS host. This step also provides you with the domain_id.

curl -X POST "https://api.sendgrid.com/v3/whitelabel/domains" \
  --header "Authorization: Bearer <<YOUR_API_KEY_HERE>>" \
  --header "Content-Type: application/json" \
  --data '{
    "domain": "example.com",
    "region": "eu"
  }' | python -mjson.tool

And the response should be something like this: 

{
    "id": 123456789,
    "user_id": 123456,
    "subdomain": "em9122",
    "domain": "eu.example.com",
    "username": "eusubuser",
    "ips": [1.1.1.1],
    "custom_spf": false,
    "default": false,
    "legacy": false,
    "automatic_security": true,
    "valid": false,
    "dns": {
        "mail_cname": {
            "valid": false,
            "type": "cname",
            "host": "em9323.eu.example.com",
            "data": "u46333263.eu.wl.sendgrid.net"
        },
        "dkim1": {
            "valid": false,
            "type": "cname",
            "host": "s1._domainkey.eu.example.com",
            "data": "s1.domainkey.u43336263.eu.wl.sendgrid.net"
        },
        "dkim2": {
            "valid": false,
            "type": "cname",
            "host": "s2._domainkey.eu.example.com",
            "data": "s2.domainkey.u46136263.eu.wl.sendgrid.net"
        }
    }
}
Step 2: Retrieve the domain_id

Use the provided cURL command to list all authenticated domains and obtain the domain_id for your specific domain.

curl -X GET "https://api.sendgrid.com/v3/whitelabel/domains" \
  --header "Authorization: Bearer <<YOUR_API_KEY_HERE>>"

After running the cURL command to authenticate your domain, you'll need to add the DNS records provided by SendGrid to your DNS host.

Step 3: Validate the domain authentication

After setting up your DNS records, the next step is to validate your domain authentication. This ensures that your DNS records are correctly configured and your domain is ready for use.

Refer to the Validate Domain Authentication documentation for more details.

curl -X POST "https://api.sendgrid.com/v3/whitelabel/domains/{DOMAIN_ID}/validate" \
  --header "Authorization: Bearer <<YOUR_API_KEY_HERE>>"

And the response should look something like this: 

{
  "id": 123456,
  "valid": true,
  "validation_results": {
    "mail_cname": {
      "valid": true,
      "reason": null
    },
    "dkim1": {
      "valid": true,
      "reason": null
    },
    "dkim2": {
      "valid": true,
      "reason": null
    }
  }
}
Step 4: Associate the authenticated domain with your EU-Based Subuser

After validating your domain, the next step is to associate the authenticated domain with your EU-based subuser. This ensures that the subuser can send emails using the authenticated domain.

Refer to the documentation on associating an authenticated domain with a subuser for detailed instructions.

curl -X POST "https://api.sendgrid.com/v3/whitelabel/domains/{DOMAIN_ID}/subuser" \
  --header "Authorization: Bearer <<YOUR_API_KEY_HERE>>" \
  --header "Content-Type: application/json" \
  --data '{
    "username": "eusubuser"
  }'
Step 5: Create a branded link

To create a branded link, you can use the following cURL command. This branded link will be associated with the specified domain in the EU region.

Here’s the cURL command to create a branded link:

curl -X POST "https://api.sendgrid.com/v3/whitelabel/links" \
  --header "Authorization: Bearer <<YOUR_API_KEY_HERE>>" \
  --header "Content-Type: application/json" \
  --data '{
    "domain": "example.com",
    "region": "eu"
  }'
Step 6: Validate the branded link

After creating a branded link, the next step is to validate it to ensure it’s correctly set up. Use the following cURL command to validate your branded link:

curl -X POST "https://api.sendgrid.com/v3/whitelabel/links/{LINK_ID}/validate" \
  --header "Authorization: Bearer <<YOUR_API_KEY_HERE>>"

Use the specific LINK_ID you received when you created the branded link.

Step 7: Associate the branded link with your Subuser

Once the branded link is validated, you can associate it with a specific subuser. This allows the subuser to send emails using the branded link.

curl -X POST "https://api.sendgrid.com/v3/whitelabel/links/{LINK_ID}/subuser" \
  --header "Authorization: Bearer <<YOUR_API_KEY_HERE>>" \
  --header "Content-Type: application/json" \
  --data '{
    "username": "eusubuser"
  }'

Your domain has been successfully verified, and you’re now all set to use it for sending emails!

Create a SendGrid API Key to send emails for the Subuser

SendGrid offers three types of API keys: Full Access, Restricted Access, and Billing Access, each with specific permissions. The first key must be created via the Twilio SendGrid App. Subsequent keys can be managed using the API. More info can be found here.

API Key permissions in SendGrid

Create an API Key in the Console

In the SendGrid Console, navigate to the API Keys section under Settings on the Console landing page. Click Create API Key in the top right corner to open a form on the right side. Name your API key and choose Restricted Access to set permissions.

For security, assign only the necessary permissions. In this tutorial, you'll only need the Mail Send permission. To enable it, scroll to the Mail Send section under Access Details and move the slider to the right.

Finally, click Create & View at the bottom of the form. The API key will be displayed on the screen. Since you won’t be able to retrieve it again after leaving this page, make sure to copy and store the secret securely

Send your email

With your API Key for the EU subuser ready, you can now send an email using the EU-specific base URL api.eu.sendgrid.com.

The cURL command below demonstrates how to send an email through SendGrid's EU region. Simply replace the placeholder email addresses with your authenticated sender email in the "from" field and your recipient's email in the "to" field. For additional details on sending emails programmatically, refer to the full Mail Send API documentation.

curl --request POST \
  --url https://api.eu.sendgrid.com/v3/mail/send \
  --header 'Authorization: Bearer <<YOUR_SUBUSER_API_KEY>>' \
  --header 'Content-Type: application/json' \
  --data '{
    "personalizations": [
      {
        "to": [
          {"email": "<<RECEIPIENT_EMAIL_ADDRESS"}
        ]
      }
    ],
    "from": {"email": "<SENDER_EMAIL_ADDRESS>>"},
    "subject": "Hello, World!",
    "content": [
      {
        "type": "text/plain",
        "value": "Heya!"
      }
    ]
  }' \
  --silent --show-error --fail && echo "Email sent successfully" || echo "Failed to send email"
EU SendGrid email sent successfully on the command line

Conclusion

Twilio SendGrid enables you to manage email sending and receiving at scale.

In this guide, you learned how to send emails in the EU region using Twilio SendGrid's Email API. Here are the steps you performed:

  • Created a subuser assigned to the EU region.
  • Provisioned an IP address in the EU.
  • Authenticated your domain for sending emails.
  • Created a SendGrid API Key with email sending permissions.
  • Send an email using the api.eu.sendgrid.com endpoint.
Regional Email is not available for Marketing Campaigns in this phase. Configurable sending in the EU or Global regions is generally available for initiating email flows, but personal data such as subject, recipient, and sending address are stored globally.

Interested to know more about Sendgrid? Check out our Email API documentation. We can’t wait to see what you build!

Yukti Ahuja is a Principal Solutions Engineer at Twilio. As an SE, she is a problem solver extraordinaire, blending technical expertise to bridge the gap between complex technology and practical solutions for customers.

Related Posts

Related Resources

A newspaper article

Twilio Docs

From APIs to SDKs to sample apps

API reference documentation, SDKs, helper libraries, quickstarts, and tutorials for your language and platform.
An Open book

Resource Center

The latest ebooks, industry reports, and webinars

Learn from customer engagement experts to improve your own communication.
User group reactions

Ahoy

Twilio's developer community hub

Best practices, code samples, and inspiration to build communications and digital engagement experiences.