Chat +1-888-563-5277 Contact sales
January 25, 2021

Salesforce SPF & DKIM Authentication

Our informative post will help you find out how you can set up Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM) Signatures on your Salesforce email to eliminate spam from your domain and increase security.

SPF records allow receiving servers to check whether an email with the specified source domain was actually sent from a server authorized by the owner of this domain.

DKIM adds a digital signature to each message. This allows the receiving server to check if the message has been sent from an authorized sender, faked, or changed upon delivery.

Setting up SPF Record on Salesforce

Salesforce, by default, uses their own domain as the Return-Path domain. This means DMARC will fail with respect to SPF.

The solution is to disable the Bounce Management and Email Security Compliance from your Salesforce admin console.

Here are the steps:

  1. Click on Setup > Email Administration > Deliverability

Salesforce-Deliverability-SPF-Alignment

2. Deselect the checkbox for ‘Activate bounce management’ and ‘Enable compliance with standard email security mechanisms’

Deselect-the- checkbox-for- Activate- bounce- management

3. Click on Save

4. Add Salesforce SPF mechanism “include:_spf.salesforce.com” in your SPF Record. You can easily achieve this with our SPF Generator Tool

Salesforce-Deliverability-SPF-Alignment-Generator-SPF-record-generator

5. Update your DNS TXT Record for SPF at your domain provider

Important Note: Make sure you don’t create multiple SPF TXT records on one domain. If you do, SPF will return a PermError.

If you are using multiple IPs, ESPs, Third-Party services for your various email strategies, you should include them in a single SPF Record.

E.g v=spf1 ip4:17.67.137.221 include:_spf.salesforce.com include:thirdpartyservice.com ~all

Setting up DKIM Record on Salesforce

  1. Click on Setup > Email Administration > DKIM Keys

DKIM-Salesforce-Authentication-Security

2. Create New Key with Salesforce and Save

In this example, we’ll be using:

a. 2048-bit DKIM key size

b. DKIM selector “sf1” and alternate selector “sf2”

c. “khatchoian.com” for the domain

d. The strictness of the key allowing ‘Exact domain only’

DKIM-Salesforce-Authentication-Security-DKIM-Key-Details

3. Go ‘Back to List’ and click on your added selector

DKIM-Salesforce-Authentication-Security-manage-DKIM-keys

4. Add the provided CNAME Records in your DNS (Cloudflare, GoDaddy, etc.)

DKIM-Salesforce-Authentication-Security-DKIM-key-details

E.g Cloudflare

Salesforce-DKIM-CNAME-CloudFlare-DNS

Salesforce_DKIM_CNAME_CloudFlare_DNS

5. Wait for the changes to take effect, and click on ‘Activate’

Salesforce-SPF-DKIM-Authentication-DKIM-key-is-ready

And you’re all set! Congrats, you now successfully authenticated your outgoing mail stream from Salesforce with SPF and DKIM.

 

More like this article

How to Increase Email Marketing Security For Marketers?
April 19, 2021

How to Increase Email Marketing Security For Marketers?

In the wake of eCommerce and Internet development, businesses worldwide have generally shifted their...

Read More
SparkPost SPF and DKIM Setup: step by step
April 15, 2021

SparkPost SPF and DKIM Setup: step by step

What are the steps for SparkPost SPF and DKIM Configuration? This informative blog post...

Read More
SPF Record Lookup in 3 Steps
April 12, 2021

SPF Record Lookup in 3 Steps

E-mail authentication became more and more important as e-mail phishing attacks grow and the...

Read More
×