Salesforce DKIM Security on Emails - CNAME

Post date: Jun 05, 2019 8:19:30 PM

If you find that your Salesforce emails are going to spam when they were working fine before- it's because of tightening security measures on the backend. In order to rectify the situation, you will need to create a new DKIM Key in Salesforce. Go to the Setup area in Salesforce, and search for DKIM. It will pop up straight away.

One of the things that is very confusing when creating the key, is that what you are given, is NOT a DKIM key, but instead, you are given a pair of CNAME's.

It took quite a bit of time to figure out what was needed as there is really no explanation given, but, the bottom line, is you need to go into your domain registrar, and create 2 CNAME Txt Records and insert the data you are given. What Salesforce does is that they have created secure records on their backend, which they don't share with you, and you are simply setting up a CNAME which points to that location, and their servers will handle the rest.

Example of what you are given when creating the keys:


Alternate CNAME Record IN CNAME

The way this looks in your registrar might be different, but for me, it looks like this:

Alias TTL Refers to Host Name Other Host

____________________ ____________ _____________________ _________________________

specialkey1._domainkey 3600

specialkey2._domainkey 3600

The important thing here is to make sure that you have your "Alias" without your domain name added to it as Salesforce does on the detail view of the supposed DKIM record results that they give you. You have to copy paste the right parts over to your TXT record fields in the registrar.

Once you have saved the CNAME's to your registrar, it takes about 30 minutes for the changes to take place. Once you have waited the 30 minutes, go back to the location where you created the DKIM key in Salesforce, and click the button that says "Activate".

Once activated, the check box next to your key will be ticked, and your emails will now be fixed and flowing back to your inbox instead of spam. You can test this by running the Test Deliverability (Emails from Salesforce or Email Relay Only) option in the control panel, type your email in, and a series of 16 emails will go out, and they should come to your inbox instead of spam. If they don't immediately go to the inbox, just wait another 30 minutes. It will work.

Note to Salesforce: (These links aren't helpful), you need to spell out what it is happening.