Understanding the Challenge
Email inbox applications have become increasingly strict in their filtering processes due to the rise in spam and fraudulent email activity. This heightened security can affect legitimate emails, including those sent through Salesforce by Appointiv.
Appointiv uses Salesforce to send emails on behalf of your business email domain. While this system is efficient, it can sometimes trigger security measures in recipients' email inboxes, potentially causing delays or preventing delivery of important communications.
Why We Recommend DKIM and SPF
Salesforce offers various methods for sending emails, including options like "Send through Gmail" and "Send through Office 365." However, these methods have significant limitations:
- They only apply to emails sent through the Lightning Email Composer or certain emails sent via specific API calls.
- Emails sent through workflows, most API calls, and system emails are still sent through Salesforce or Email Relay, depending on your configuration.
Given that Appointiv relies heavily on automated processes and API calls to send emails, these alternative methods are not suitable for ensuring comprehensive email deliverability.
See "Considerations for Using Send through Gmail and Send through Office 365" at Salesforce Help.
Instead, we strongly recommend implementing DKIM (DomainKeys Identified Mail) and SPF (Sender Policy Framework) authentication. This approach provides the most robust solution for improving email deliverability across all types of emails sent by Appointiv through Salesforce.
What are DKIM and SPF?
- DKIM adds a digital signature to your emails, allowing receiving servers to verify that the email hasn't been tampered with and comes from an authorized sender.
- SPF specifies which servers are allowed to send email on behalf of your domain.
Detailed Implementation Process
Setting up DKIM and SPF involves both your Salesforce Admin and your website admin. Here's a step-by-step guide for each part of the process.
Step 1: Salesforce Configuration (Salesforce Admin)
- Log into Salesforce:
-
- Go to your Salesforce org and log in as an administrator
-
- Navigate to DKIM Settings:
-
- Click on "Setup" in the top right corner
- In the Quick Find box, type "DKIM" and select "DKIM Keys" under "Email" settings
-
- Create a DKIM Key:
-
- Click on "Create New Key"
- Choose your "Key Size" (2048 bits recommended)
- Make up a selector name (e.g., "salesforce")
- Make up an Alternative Selector name (e.g., "sfdc")
- Add your Domain (examplecompany.com whatever comes after the @ in your email)
- Add Domain Match Pattern (usually just enter the same as you entered in Domain but see the pop up information for other examples on wildcard and subdomains)
- Click "Save
-
- Generate the DKIM DNS Record:
-
- After saving, TXT Record Status will say Publishing in Progress
- Wait just a minute or so
- Grab a coffee
- Refresh your browser page
- Verify TXT Record Status = Published
- Click "Edit" on the key to view details.
- You'll see a CNAME record that needs to be added to your website DNS. It will look something like this:
- salesforce._domainkey.mycompany.com IN CNAME salesforce.ffn7cy.custdkim.salesforce.com.
- Copy this entire TXT record.
- It should look something like this now:
- After saving, TXT Record Status will say Publishing in Progress
-
- Don't worry that the Activate button is greyed out:
-
- You can only do this after the DNS records are added to your domain server.
-
Step 2: DNS Configuration (Website Admin)
- Access Your DNS Management:
-
- Log into your domain hosting service provider's admin area
- Navigate to the DNS management section for, in our example, mycompany.com
-
- Add the DKIM Record:
-
- Find your DNS settings
- Click Add New Record or equivalent
- Choose the TXT type for the new record
- For the host/name field, enter the CNAME Record copied from over in Salesforce but just the first part before the "IN CNAME"
- in our example from above it would be salesforce._domainkey.mycompany.com
- For the value/data field, paste everything after "IN CNAME" from Salesforce
- in or example from above it would be salesforce.ffn7cy.custdkim.salesforce.com
- For TTL, choose 1 hour but anything is fine
- Here is how it looks in GoDaddy's hosting control panelSave the new record.
-
- Add or Update SPF Record:
-
- In the same area where you created that new TXT record, look for an existing TXT record with information in it that starts with "v=spf1".
- If it exists, edit it to include Salesforce. Add "include:_spf.salesforce.com" before the last "all" mechanism.
- Here's how GoDaddy shows it
- If it doesn't exist, create a new TXT record with the following:
- The host/name for this record should be "@" or left blank, depending on your DNS provider.
- Value should be v=spf1 include:_spf.salesforce.com ~all
-
- Save Changes and Wait:
-
- Save all changes to your DNS records.
- DNS changes can take up to 48 hours to propagate, though often it's much quicker.
- Get coffee number 2 and wait.
- Usually 1 hour will be enough
-
Step 3: Activate DKIM in Salesforce (Salesforce Admin)
- Activate the DKIM Key:
-
- After waiting at least an hour for DNS propagation, return to the DKIM Keys page in Salesforce.
- Click on your DKIM key.
- If verification is successful, the "Activate" button will no longer be greyed out.
- Click Activate!
-
Now you're done. But wait, there's more if you want to go the extra mile and earn coffee number 3.
Verifying the Setup
- Test Email Delivery:
- Send a test email from Appointiv to an external email address.
- Check the email headers of the received message to confirm DKIM and SPF are working correctly.
- Use Online Tools:
- Utilize online SPF and DKIM checker tools to verify your setup.
Troubleshooting
If you encounter issues:
- Double-check all DNS entries for typos.
- Ensure you've waited long enough for DNS propagation.
- Verify that the Salesforce IP ranges are correctly included in your SPF record.
- Contact Appointiv support if you need further assistance.
Benefits
By implementing these authentication methods:
- Your emails are more likely to bypass spam filters
- Recipients' email servers can verify the legitimacy of your emails
- Overall deliverability and trustworthiness of your Appointiv and Salesforce emails will improve
Remember, improving email deliverability is an ongoing process, and staying up-to-date with best practices is key to ensuring your important communications reach your clients effectively.
Comments
0 comments
Please sign in to leave a comment.