Salesforce SPF, DKIM, and DMARC Configuration - Domain Authentication Guide

Salesforce SPF, DKIM, and DMARC Configuration - Domain Authentication Guide

October 17, 2024

How to Setup SPF, DKIM, and DMARC Records for Salesforce Domains?

If you are tired of emails going to the spam, this article is for you. It will guide you on how to setup Salesforce SPF, DKIM, and DMARC records for email domain authentication

Email spoofing has become a major threat to businesses these days, that's why email inbox providers like Google require you to comply with their security standards strictly.

SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication Reporting and Conformance) are the commonly used security standards for domain authentication and email verification.

Salesforce provides you with all the necessary records to protect your email communication. You need to add these records to your domain provider and wait for them to get validated.

Setup DKIM Record:

  1. Click the Settings icon in the top right corner of the Salesforce dashboard.

  2. Go to the Open Advanced Setup option.

  3. Expand the Email option in the left navigation menu and go to the DKIM Keys tab.

  4. Click Create New Key.

  5. Select key size 2048-bit. Add the selector "sf1" and "sf2." Write your domain name. In the Domain Match Pattern field, write down your domain name again. Click Save.

  6. Next, you will see two CNAME DKIM records, add them to your DNS provider.

  7. Login to your DNS provider and select your domain.

  8. Go to the DNS tab and click Add Record.

  9. Select type CNAME.

  10. Add the DKIM hostname in the Name field.

  11. Add the DKIM value in the Target field.

  12. Turn off the proxy and click Save.

  13. Now wait for the DKIM records to propagate. Refresh the Salesforce page and click Activate.

Setup Salesforce SPF:

  1. In your DNS management zone, select type TXT.

  2. In the record name field, write your domain name.

  3. In the content field, add this Salesforce SPF value: v=spf1 include:_spf.salesforce.com ~all.

  4. Lastly, hit the Save button.

What to do if there are multiple SPF records?

Having more than one SPF record for a single domain can cause conflicts, and one will stop working. If your domain already has SPF records from any other source, merge it with the Salesforce SPF record.

  1. For merging, use the SPF merge tool.

  2. Add your domain name and Salesforce SPF value.

  3. Click Merge SPF Values.

  4. The tool detects your current SPF value and merges it with the Salesforce SPF.

  5. Copy the merged value and add it to your DNS provider.

Setup Salesforce DMARC Record:

To implement a strict DMARC policy, go to the DmarcDkim.com DMARC check tool. It guides you step by step through the process and gives you actionable insights into your DMARC reports.

  1. Open the DMARC check tool.

  2. Add your domain name and click Check.

  3. Copy the Suggested DMARC value and add it to your DNS provider.

  4. Sign up for the tool to get actionable insights into DMARC reports.

After adding all records, wait 24 hours for the records to get verified. If DNS authentication doesn't happen after 24 hours, it points to a potential misconfiguration in your DNS setup.

For troubleshooting the domain authentication issues, contact the DmarcDkim.com expert.

Domain Check

Check your domain for DMARC, DKIM, SPF and MX records. Get a free report.
Tags