If you send emails out of your Salesforce org and you don't have DKIM keys configured, there is a good chance your emails might be getting binned at the other end (and you won't know about it). There is no reason why any Salesforce org shouldn't have this set up.
What are DKIM Keys?
DKIM stands for Domain Keys Identified Mail and is a way of authenticating that the server sending the email is authorised to do so for that domain (and therefore the email you are receiving is much more likely to be legitimate email).
How to configure DKIM
You need access to the following (or ask your IT department to do this):
- DNS - you will be required to create a CNAME DNS record
- Salesforce Permissions Manage DKIM Keys & Customize Application
In Salesforce...
- Go to Setup > DKIM Keys
- Click Create New Key
- Select 2048 for key size (unless you know that you need to go down to 1024)
- Enter a name for the selector and an alternate name
- Then select the match type:
- If you're sending email addresses are just from your main domain, select Exact Domain Only in Domain Match
- If email addresses always contain subdomains, like fred@mail.acme.com then choose Subdomains of the Domain Only
- If email addresses are a mixture; some containing subdomains, choose the Exact Domain and Subdomains option.
- Click Save.
What happens next is that your Salesforce org publishes a TXT record to DNS. After this process has completed, which can take some minutes, the DKIM Details page will contain the CNAME and alternate CNAME records that you will need to copy, and then publish to your own DNS (or provide to your IT team to do).
Finally you need to make DNS changes…
If you are asking your IT team to create the CNAME record in DNS, you can ask them this:
In order to apply DKIM to our Salesforce org to improve our deliverability of @domain.com email, please create the following CNAME records in DNS for @domain (where @domain is the domain for the email that is being sent).
In the DKIM record page you will see the following CNAME record details that you need to send to the person that will create the CNAME records:
The first string of characters (sfdkim1._domainkey......) should be entered into the Host Name field of your new CNAME record. The second string of characters (sfdkim1.cs973h.... above) should be entered into the Value field of your CNAME record. The above are just examples - use the ones from your newly generated DKIM record!!
Once your CNAME and alternative CNAME records have been published, select Activate on the DKIM Key Details page. That's it!
Note: to see the CNAME records on the DKIM page, click the Selector, not edit:
