Salesforce DKIM Setup 

DKIM (DomainKeys Identified Mail) is an authentication protocol that uses cryptographic signatures to ensure that email messages are not tampered with during transit and truly originate from your domain.

This guide outlines how to configure DKIM for Salesforce, a leading customer relationship management (CRM) platform that enables businesses to communicate effectively with customers through email and other channels.

Salesforce DKIM Requirements

 Enable Signing and Publish Record

To enable DKIM signing on Salesforce requires access to a user account with the ‘Customize application’ and ‘Manage DKIM Keys’ authority.

  1. From Setup, enter DKIM Keys in the Quick Find box, and then select “DKIM Keys”.Salesforce Dkim Screenshot 1
  2. Click “Create New Key“.
  3. Select the RSA key size. Consider email recipient limitations and industry-specific security regulations when choosing the key size.
  4. For “Selector”, enter a unique name.
  5. For Alternate Selector, enter a unique name. The alternate selector allows Salesforce to auto-rotate your keys.
  6. Enter your domain name.
  7. Select the type of domain match you want to use.Salesforce Dkim Screenshot 2
  8. Click “Save”. Your CNAME and alternate CNAME records appear on the DKIM Key Details page when the DNS publication is complete. 
  9. Publish the CNAME and alternate CNAME records to your domain’s DNS. If you use Sendmarc’s DKIM Management feature, you can save the keys there.Salesforce Dkim Screenshot 3
  10. Select “Activate” on the DKIM Key Details page.

How to update your DKIM settings using Sendmarc

To update your DKIM record through Sendmarc, please refer to the Sendmarc DKIM Setup Documentation.

Salesforce’s Documentation

Salesforce’s official DKIM configuration guide can be found here.

Looking for SPF Settings?

Find out how to configure your Salesforce SPF settings here.