Setting Up Organization-Wide Senders

DKIM Keys

DKIM (DomainKeys Identified Mail) is an email authentication protocol that helps protect emails sent by your organization against spoofing and improves email deliverability. It ensures that email providers (Gmail, Outlook, etc.) recognize that the emails were indeed sent from your domain.

Why configure DKIM in Salesforce:

• Prevent your emails from being marked as spam.
  
• Ensure emails are not altered in transit.
  
• DKIM uses asymmetric encryption keys to digitally sign outgoing emails.

How to create a DKIM Key

1. In Setup, type DKIM Keys in the Quick Find box and select DKIM Keys.
   
2. Click Create New Key.
   
3. In Selector, enter a unique name to identify the key.
   
4. In Alternate Selector, enter a unique name (allows Salesforce to rotate keys automatically).
   
5. Enter the domain name used to send emails from your organization.
   
   
   Note: once a DKIM key is created, the domain cannot be edited.
   
   
6. In Domain Matching Pattern, enter a comma-separated list of domain patterns that must match before Salesforce signs an email with this key:
   
   • example.com – DomainOnly: Signs if the sending domain matches only the main domain.
     
   • *.example.com – SubdomainsOnly: Signs if the sending domain matches only subdomains.
     
   • example.com,*.example.com – DomainAndSubdomains: Signs if the sending domain matches both the main domain and subdomains.
     
7. Click Save. Salesforce will publish the TXT records for this DKIM key in your domain’s DNS.
   
8. Before activating the key, add the Salesforce CNAME and Alternate CNAME records to your domain’s DNS.
   
9. On the DKIM Key Details page, click Activate.
   

Organization-Wide Addresses

1. In Setup, type Organization-Wide Addresses in the Quick Find box and select Organization-Wide Addresses.
   
2. Click Add.
   
3. Enter the organization email address information.
   
4. Select the Purpose.
   
5. Select the profiles that are allowed to send emails using this address, or check Allow all profiles to use this sender address.
   
6. Click Save.
   

Set Access via Permission Sets

1. In Setup, type Permission Sets in the Quick Find box and select Permission Sets.
   
2. Click the name of the desired permission set.
   
3. Select Organization-Wide Email Addresses Access.
   
4. Click Edit.
   
5. Add the desired addresses to the Enabled Organization-Wide Email Addresses section.
   
6. Click Save.