Salesforce

How to set up DMARC for Salesforce in Valimail

Updated over a week ago
SPF(supported)
DKIM(recommended)

This article covers the SPF and DKIM authentication processes for Salesforce and how they are managed in Valimail. While only one of the two authentication methods is required for an email to pass DMARC, our recommendation is to configure both whenever possible.

Configuring DKIM authentication for your Salesforce emails

1. Log into the Salesforce console, and then from Setup, enter DKIM Keys in the Quick Find box and then select DKIM Keys.

2. Click Create New Key.

3. Select the RSA key size. We recommend setting the keys to 2048-bit.

4. For Selector, enter a unique name.

5. For Alternate Selector, enter a unique name. The alternate selector allows Salesforce to auto-rotate your keys.

6. Enter your domain name.

7. Select the type of domain match you want to use.

8. Click Save.

9. It may take some time for Salesforce to generate the 2 CNAME records. Refresh your page until you see the records for the DKIM keys issued on the page.

10. Copy the values for your new records (the values are those after CNAME) and add the DKIM keys in Valimail Enforce.

11. After publishing the DKIM keys in Valimail Enforce, please return to the Salesforce console and click on the Activate button to activate the DKIM keys.

You also can find these steps on the Salesforce page, here.

Add a Salesforce DKIM key in Valimail

You can find more detailed information on how to add a DKIM key in Valimail, here:

Configuring SPF authentication for your Salesforce emails

Once you establish that Salesforce is an authorized sender for your domain, you will need to add the service in your Enabled Senders.

You will find more detailed information on how to add a service for your domain in Valimail, here:

Note: We encourage you to use the comment section for any useful information about your sending service, such as the name of the service owner, change request ticket numbers, etc.

Enable SPF alignment in Salesforce for your domain

Salesforce does not usually send SPF-aligned mail by default and the reason for that is that the Bounce Management and/or Email Security Compliance settings are enabled.

Steps to disable Bounce Management and Email Security Compliance:

In Salesforce Classic

1. Click on Setup -> Email Administration -> Deliverability

2. Deselect the checkbox for 'Activate bounce management' and 'Enable compliance with standard email security mechanisms'.

3. Click on Save.

In Lightning Experience

1. Click the Gear Icon -> Setup -> Email | Deliverability

2. Deselect the checkbox for 'Activate bounce management' and 'Enable compliance with standard email security mechanisms'.

3. Click on Save.

You can also find the above instructions on the Salesforce page, here.

Did this answer your question?