Chat +1-888-563-5277 Contact sales
January 25, 2021

Salesforce SPF & DKIM Setup: Step by Step

Salesforce is a US-based customer relationship management (CRM) application that offers marketing automation and analytics tools. This article will help you set up Salesforce email SPF and DKIM Records on your DNS to eliminate unauthorized domain use and increase security.

SPF records allow receiving servers to check whether an email with the specified source domain was actually sent from a server authorized by the owner of this domain.

DKIM adds a digital record to each message. This allows the receiving server to check if the message has been sent from an authorized sender, faked, or changed upon delivery.

Salesforce SPF Record Configuration

Salesforce, by default, uses their own domain as the Return-Path domain. This means DMARC will fail with respect to SPF.

The solution is to disable the Bounce Management and Email Security Compliance from your Salesforce admin console.

Note: Once you disable Bounce Management, Salesforce will no longer automatically handle your bounced addresses. Instead, you’ll have to receive the list from us and remove them manually.

Here’s what you need to do:

Step 1: Click on Setup > Email Administration > Deliverability

Salesforce-Deliverability-SPF-Alignment

Step 2: Deselect the checkbox for “Activate bounce management”

Step 3: Click “Enable compliance with standard email security mechanisms”

Deselect-the- checkbox-for- Activate- bounce- management

Step 4: Click “Save”

Step 5: Add Salesforce SPF mechanism “include:_spf.salesforce.com” in your SPF Record.

You can easily achieve this with our SPF Generator Tool.Salesforce-Deliverability-SPF-Alignment-Generator-SPF-record-generator

Step 6: Update your DNS TXT Record for SPF at your domain provider

Important Note: Make sure you don’t create multiple SPF TXT records on one domain. If you do, Salesforce email SPF will return a PermError.

If you are using multiple IPs, ESPs, Third-Party services, include them in a single SPF Record.

E.g v=spf1 ip4:17.67.137.221 include:_spf.salesforce.com include:thirdpartyservice.com ~all

Salesforce DKIM Record Configuration

Step 1: Click on Setup > Email Administration > DKIM Keys

DKIM-Salesforce-Authentication-Security

Step 2: Create a New Key with Salesforce

Step 3: Click Save”

In this example, we’ll be using:

  1. 2048-bit DKIM key size
  2. DKIM selector “sf1” and alternate selector “sf2”
  3. “khatchoian.com” for the domain
  4. The strictness of the key allowing “Exact domain only”

 

DKIM-Salesforce-Authentication-Security-DKIM-Key-Details

Step 4: Go “Back to List” and click on your added selector

DKIM-Salesforce-Authentication-Security-manage-DKIM-keys

Step 5: Add the provided CNAME Records in your DNS (Cloudflare, GoDaddy, etc.)

DKIM-Salesforce-Authentication-Security-DKIM-key-details

E.g Cloudflare

Salesforce-DKIM-CNAME-CloudFlare-DNS

Salesforce_DKIM_CNAME_CloudFlare_DNS

Step 6: Wait for the changes to take effect, and click on “Activate”

Salesforce-SPF-DKIM-Authentication-DKIM-key-is-ready

And you’re all set! Congrats, you now successfully authenticated your outgoing mail stream from Salesforce with SPF and DKIM.

More like this article

What is a Computer Worm and How Does it Work?
May 26, 2022

What is a Computer Worm and How Does it Work?

Imagine if an unauthorized person gains access to all the important files on your...

Read More
How Dangerous is Hybrid Malware?
May 24, 2022

How Dangerous is Hybrid Malware?

Cybercriminals find one or another way to hack systems, steal, and cause harm. With...

Read More
What is Virus Malware and How Does it Work?
May 23, 2022

What is Virus Malware and How Does it Work?

It doesn’t matter if we’re offline or online, safety of our device and data...

Read More
×