Domain Configuration
What is DKIM?
DKIM (DomainKeys Identified Mail) allows Salesforce to digitally sign emails using your domain. This improves trust, prevents spoofing, and improves email deliverability.
Emails will be signed as: example.com instead of salesforce.com.
Architecture Diagram
flowchart LR
Salesforce[Salesforce Email Server]
DNS[Your DNS Provider]
Recipient[Recipient Email Server]
Salesforce -->|Signs Email| Recipient
Recipient -->|Requests Public Key| DNS
DNS --> Recipient
Recipient -->|Verifies DKIM| Recipient
Step-by-Step Salesforce Setup
- Login to Salesforce
- Go to Setup
- Search for DKIM Keys
- Click Create New Key
-
Enter values:
- Selector: selector1
- Alternate Selector: selector2
- Domain: example.com
- Key Size: 2048
- Click Save
- Copy generated DNS records
- Add DNS records in DNS provider
- Wait for DNS propagation
- Click Activate in Salesforce
- Status should show Active
- Send test email and verify DKIM PASS
DNS Records to Add
Expected Email Header Result
Personnel Involved
Salesforce Administrator
- Create DKIM key
- Provide DNS records
- Activate DKIM
- Verify DKIM PASS
DNS Administrator
- Add DNS CNAME records
- Verify DNS propagation
- Support DNS troubleshooting
Security Team
- Approve DKIM setup
- Ensure DMARC compliance
- Monitor email security
Application Team
- Test emails
- Verify deliverability
- Confirm DKIM PASS
Responsibility Flow
flowchart LR
SFAdmin[Salesforce Admin]
DNSAdmin[DNS Admin]
Security[Security Team]
AppTeam[Application Team]
SFAdmin --> DNSAdmin
DNSAdmin --> SFAdmin
SFAdmin --> Security
Security --> AppTeam
AppTeam --> Active[DKIM Active]
Activation Flow
flowchart TD
Create[Create DKIM Key]
DNS[Add DNS Records]
Activate[Activate DKIM]
Send[Send Email]
Pass[DKIM PASS]
Create --> DNS
DNS --> Activate
Activate --> Send
Send --> Pass