Implementing Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM)

Although Salesforce provides top-notch infrastructure to deliver emails, since it sends them on behalf of your Organization's custom domain, many email providers flag these as spam. To improve deliverability, a few additional configurations steps are necessary. These steps are to implement two of the most common mechanisms to identify Salesforce as a trustworthy sender of your custom domain emails. Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM)  

Implement Sender Policy Framework (SPF)

Under this policy, a record is added to the domain DNS declaring Salesforce as a trustworthy sender for your custom domain.

In order to implement it your system administrator must create or modify a TXT record in the DNS of your custom domain name. Here are the instruction to set it up at most popular DNS providers.

If the record doesn't exist, create it using:

v=spf1 include:_spf.salesforce.com ~all

If the record does exist add the following to the existing record:

include:_spf.salesforce.com

In order to confirm that it was properly set use a tool like http://mxtoolbox.com/spf.aspx

Here is an example of the test using handsonconnect.org.

Here is the official Salesforce documentation Sender Policy Framework (SPF) - Salesforce SPF Record

Implement DomainKeys Identified Mail (DKIM)

Under this policy, emails are signed by Salesforce.  To accomplish this, a record is added to your domain DNS with a public key that is used to verify those signatures.  This makes Salesforce a trustworthy sender for your custom domain.

To implement, your system administrator must create or modify a TXT record in the DNS of your custom domain name. Here are the instruction to set it up using the most popular DNS providers.

  1. Setup Salesforce DKIM following these instructions to create a DKIM Key
  2. Test DKIM configuration using https://toolbox.googleapps.com/apps/dig/#TXT/
  3. If test is successful activate DKIM in Salesforce. 
From Setup, enter DKIM Keys in the Quick Find box, then select DKIM Keys, click on the hoc selector set Activate.


Learn more by watching this video here.

0 Comments

Add your comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.