Main | Salesforce Bulk API 2.0 (bigger, stronger, faster) »

Sending emails from Salesforce? Add DKIM...

I was recently troubleshooting an issue with a customer not getting emails I was sending out of Salesforce. It's been years since I even looked at how a mail server works and I went down one of those dev rabbit holes to learn everything I could over a few hours.

One thing lead to another I ended up reading about DKIM (DomainKeys Identified Mail). What I found was the customer who was not getting my emails from Salesforce was in fact getting them they were just getting caught in their SPAM filter. DKIM is designed to help prevent that. The idea behind is that the receiving mail server and spam filter may try to see if the IP address sending the email is the same as the sender's domain. In this case the email is being sent from Salesforce with my email address ( DKIM is a mechanism to make that "sending on behalf of..." look more legit. 

Salesforce added support for DKIM back in Spring 15' and I just never had issues and therefore never looked into it. The idea being that if the digital signature checks out, it provides recipients more confidence that the email being handled by Salesforce has been authorized. It's pretty easy to setup and test and should hopefully increase your email deliverability out of Salesforce.

 1) Navigate to Setup > Email > DKIM Keys


 2) Click Create New Key

3) Enter a selector. In my case I used the word "salesforce". This is going to end up being entered into your DNS record so something short and sweat like "salesforce" or "dkim1" is great. The domain is the "sender" domain (your email domain).

4) Save it. This will generate a "public" and a "private" key 

5) Leave it unactive - but you're going to copy these values to your DNS. So wherever you have registered your domain (GoDaddy etc) you are going to login there and add a new TXT record (GoDaddy Example).


From the info above that we generated the two important bits of info are the "selector" and the "public key". In the release notes for the feature these keys are described about two thirds of the way down the page (Update your domain’s DNS records).

 For GoDaddy, my "Selector" is going to be salesforce._domainkey (salesforce was the name we gave when we defined the DKIM key. And the value for that key is the "public key" string from the textbox.

Once you save that in the DNS record (give it a few minutes to an hour), you can hop back over to Salesforce and activate the key.

When you do so, click on the name to open it up and you should see a green mark at the top noting that it found this DNS TXT record you just added.

DKIM is now enabled!!!


PrintView Printer Friendly Version

EmailEmail Article to Friend

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
All HTML will be escaped. Hyperlinks will be created for URLs automatically.