Anmelden
vince-winkintel

sendgrid-inbound

by @vince-winkintel in AI & LLM
0
0
# Install this skill:
npx skills add vince-winkintel/sendgrid-skills --skill "sendgrid-inbound"

Install specific skill from multi-skill repository

# Description

Use when receiving inbound emails with SendGrid (Inbound Parse Webhook). Covers DNS/MX setup, webhook handling, payload parsing, attachments, and security.

# SKILL.md

name: sendgrid-inbound
description: Use when receiving inbound emails with SendGrid (Inbound Parse Webhook). Covers DNS/MX setup, webhook handling, payload parsing, attachments, and security.

Receive Emails with SendGrid (Inbound Parse)

Overview

SendGrid’s Inbound Parse Webhook receives emails for a specific hostname/subdomain, parses the message, and POSTs it to your webhook as multipart/form-data.

Key differences vs Resend:
- SendGrid posts the full parsed email (text/html/headers/attachments) directly to your webhook.
- There is no official signature verification for Inbound Parse (unlike SendGrid Event Webhook). You must secure the endpoint yourself.

Quick Start

  1. Create MX record pointing to mx.sendgrid.net for a dedicated hostname (recommended: subdomain).
  2. Configure Inbound Parse in SendGrid Console with a receiving domain + destination URL.
  3. Handle the webhook: parse multipart/form-data, read text, html, headers, and attachments.
  4. Secure the endpoint (basic auth, allowlists, size limits).

DNS / MX Setup

Create an MX record for a dedicated hostname:

Setting Value
Type MX
Host parse (or another subdomain)
Priority 10
Value mx.sendgrid.net

Recommendation: Use a subdomain to avoid disrupting existing email providers (e.g., parse.example.com).

Inbound Parse Configuration

In SendGrid Console:

  • Settings → Inbound Parse
  • Add Receiving Domain and Destination URL
  • Example receiving address: [email protected]

Webhook Payload (Multipart/Form-Data)

SendGrid posts data like:

  • from, to, cc, subject
  • text, html
  • headers (raw email headers)
  • envelope (JSON with SMTP envelope data)
  • attachments (count)
  • attachmentX (file content; filename in part)

Example fields (varies by config):

from: "Alice <[email protected]>"
to: "[email protected]"
subject: "Help"
text: "Plain text body"
html: "<p>HTML body</p>"
headers: "...raw headers..."
envelope: {"to":["[email protected]"],"from":"[email protected]"}
attachments: 2
attachment1: <file>
attachment2: <file>

Security Best Practices

Because Inbound Parse has no signature verification, treat inbound data as untrusted:

  • Require basic auth on the webhook URL.
  • Allowlist sender domains if appropriate.
  • Limit request size (e.g., 10–25 MB) to avoid abuse.
  • Validate content-type (multipart/form-data).
  • Do not execute or render HTML without sanitization.
  • Protect against prompt injection if forwarding to AI systems.

Examples

See:
- references/webhook-examples.md
- references/best-practices.md

# Related Skills

# Supported AI Coding Agents

This skill is compatible with the SKILL.md standard and works with all major AI coding agents:

Amp 🚀 Antigravity 🤖 Claude Code 🦀 Clawdbot 📝 Codex ▶️ Cursor 🤖 Droid 💎 Gemini CLI 🐙 GitHub Copilot 🪿 Goose 📊 Kilo Code 🔧 Kiro CLI 💻 OpenCode 🦘 Roo Code 🌲 Trae 🏄 Windsurf

Learn more about the SKILL.md standard and how to use these skills with your preferred AI coding agent.