Email authentication for outgoing emails

Domain Keys Identified Message (DKIM) is a signature based email authentication technique used to verify if an email was sent from the domain the email sender address claims it was sent from. DKIM adds a digital signature linked to the domain name to outgoing email.

Google and other email recipient servers check for these signatures to determine if the email was actually sent from the sender. Email recipient servers for some organizations operate strict DMARC (Domain-cased Message Authentication, Reporting & Conformance) policies; adding DKIM authentication improves email receivability.

In June 2016 Google announced planned implementation of a strict DMARC email authentication policy. The policy advised DMARC compliant email servers to reject emails with @gmail.com in the From address when those emails do not originate from Google's mail servers. The policy impacts emails from your Salesforce org and originating from Salesforce mail servers but displaying an @gmail.com From address. If these emails are sent to recipients using DMARC compliant email servers the servers may reject the emails and they will not be delivered. Other major email service providers including AOL and Yahoo are also implementing DMARC policies.

How do I know if emails from my Salesforce org are not being received?

A DMARC implementation can be configured to handle rejected emails by:

  • Bounce back

    Depending on configuration the recipient may be flagged as having a bad address, or a bounce notification is sent to the From address.

  • Discarding

    The sender cannot confirm receipt.

  • Marking as spam

  • Delivering

To avoid potential non-delivery of emails ensure you are using a domain you control for all emails sent from your Salesforce org.

If emails from Salesforce are not being received by addresses external to the company's own email domain, such as those hosted by gmail or hotmail, check the configuration for email authentication in the Salesforce Org. Salesforce enables you to set up DKIM keys for email sent out from your org; for more information, see Salesforce help content on best practices to setup DKIM.

You can find more information about setting up email verification through DKIM in this Sage People Community article: Email verification