Improving Outbound Mail Delivery in Salesforce - Internet Creations Blog

Improving Outbound Mail Delivery in Salesforce

Mail Delivery in Salesforce

Have you ever sent an email message from Salesforce only to have it end up unread in the recipient’s spam folder? This can be a frustrating experience where both the sender and recipient feel ignored. To mitigate this, Salesforce provides infrastructure to easily implement Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM). In less than an hour, you can greatly improve the chance that your message will be received.

To implement these frameworks, you will need to add DNS records (you may need to involve your IT department).

Sender Policy Framework (SPF)

SPF allows you to specify servers that may send email on your behalf. The receiving server verifies the sending server against a record stored in a DNS record and returns a Pass, Neutral, or Fail result. It is very simple to set up. If you are not using SPF already, simply add the following DNS record:

Domain: mydomain.com
Type: TXT
Value: v=spf1 mx ip4:mymailserverIP include:_spf.salesforce.com ~all

Example standard zone file format:
mydomain.com IN TXT v=spf1 mx ip4:mymailserverIP include:_spf.salesforce.com ~all

If you are already using SPF, simply add:

include:_spf.salesforce.com

to the existing DNS record. After doing this, mail sent from Salesforce will pass any SPF check performed by the receiving server.

DomainKeys Identified Mail (DKIM)

DKIM uses asymmetric cryptography to create a unique signature for each message. The public key is stored in a DNS record and is used to verify the message signature. DKIM support was added to Salesforce in the Spring 15 release.

To set up DKIM in Salesforce, navigate to Setup → Email Administration → DKIM Keys.  Press ‘New Key’ and populate the fields:

Selector: salesforce
Domain: mydomain.com
Domain Match: Exact Match (or another option if appropriate for your configuration)

Press ‘Save’ and Salesforce will create and display a public/private key pair.

Copy the public key and create a DNS record:

Domain: salesforce._domainkey.mydomain.com
Type: TXT
Value: v=DKIM1; k=rsa; p=publickeyfromsalesforce

Example standard zone file format:
salesforce._domainkey.mydomain.com IN TXT v=DKIM1; k=rsa;
p=publickeyfromsalesforce

Now, bask in the joy of improved message delivery!