# sendgrid-inbound > Use when receiving inbound emails with SendGrid (Inbound Parse Webhook). Covers DNS/MX setup, webhook handling, payload parsing, attachments, and security. - Author: Vince Lozada - Repository: vince-winkintel/sendgrid-skills - Version: 20260130121941 - Stars: 0 - Forks: 0 - Last Updated: 2026-02-06 - Source: https://github.com/vince-winkintel/sendgrid-skills - Web: https://mule.run/skillshub/@@vince-winkintel/sendgrid-skills~sendgrid-inbound:20260130121941 --- --- name: sendgrid-inbound description: Use when receiving inbound emails with SendGrid (Inbound Parse Webhook). Covers DNS/MX setup, webhook handling, payload parsing, attachments, and security. --- # Receive Emails with SendGrid (Inbound Parse) ## Overview SendGrid’s **Inbound Parse Webhook** receives emails for a specific hostname/subdomain, parses the message, and POSTs it to your webhook as `multipart/form-data`. **Key differences vs Resend:** - SendGrid **posts the full parsed email** (text/html/headers/attachments) directly to your webhook. - There is **no official signature verification** for Inbound Parse (unlike SendGrid Event Webhook). You must secure the endpoint yourself. ## Quick Start 1. **Create MX record** pointing to `mx.sendgrid.net` for a dedicated hostname (recommended: subdomain). 2. **Configure Inbound Parse** in SendGrid Console with a receiving domain + destination URL. 3. **Handle the webhook**: parse `multipart/form-data`, read `text`, `html`, `headers`, and attachments. 4. **Secure the endpoint** (basic auth, allowlists, size limits). ## DNS / MX Setup Create an MX record for a dedicated hostname: | Setting | Value | |---------|-------| | **Type** | MX | | **Host** | `parse` (or another subdomain) | | **Priority** | 10 | | **Value** | `mx.sendgrid.net` | **Recommendation:** Use a subdomain to avoid disrupting existing email providers (e.g., `parse.example.com`). ## Inbound Parse Configuration In SendGrid Console: - **Settings → Inbound Parse** - Add **Receiving Domain** and **Destination URL** - Example receiving address: `anything@parse.example.com` ## Webhook Payload (Multipart/Form-Data) SendGrid posts data like: - `from`, `to`, `cc`, `subject` - `text`, `html` - `headers` (raw email headers) - `envelope` (JSON with SMTP envelope data) - `attachments` (count) - `attachmentX` (file content; filename in part) **Example fields** (varies by config): ``` from: "Alice " to: "support@parse.example.com" subject: "Help" text: "Plain text body" html: "

HTML body

" headers: "...raw headers..." envelope: {"to":["support@parse.example.com"],"from":"alice@example.com"} attachments: 2 attachment1: attachment2: ``` ## Security Best Practices Because Inbound Parse has **no signature verification**, treat inbound data as untrusted: - **Require basic auth** on the webhook URL. - **Allowlist sender domains** if appropriate. - **Limit request size** (e.g., 10–25 MB) to avoid abuse. - **Validate content-type** (`multipart/form-data`). - **Do not execute or render HTML** without sanitization. - **Protect against prompt injection** if forwarding to AI systems. ## Examples See: - [references/webhook-examples.md](references/webhook-examples.md) - [references/best-practices.md](references/best-practices.md)