Setting DKIM keys for Salesforce
Deploying and configuring DKIM, along with implementing DMARC, is critical for Salesforce users to protect their domain’s reputation, improve email deliverability, and maintain the integrity and authenticity of their email communication. DKIM and DMARC work together by integrating cryptography and policy-based authentication to verify if a cybercriminal changed an email’s content or spoofed the sender while it was in transit.
What’s even impressive is that Salesforce itself encourages the adoption of email authentication protocols within its platform. This makes it quite simple for you to get started with the process and keep going. Moreover, emails signed with DKIM instill trust in recipient’s mailboxes and have fewer chances of getting flagged for being spam. This helps most of your emails reach the intended recipients’ inboxes and not spam folders.
Steps to generate a DKIM key in Salesforce
Here’s what you need to do-
- Use your login credentials to sign in to your Salesforce account with administrative privileges.
- Go to DKIM settings by clicking on the gear icon you will see in the top right corner.
- Spot a ‘Quick Find’ box and type ‘DKIM.’ You will see the ‘Email’ section, under which you have to select ‘DKIM Keys.’
- To create a new DKIM key, click on the ‘Create New Key’ button, where you have to fill in the required fields-
- Domain: Enter the domain name you want to sign your emails with.
- Selector: Enter a unique name for the DKIM selector (e.g., salesforce2024). This selector will be used to differentiate this key in your DNS records.
- Key size: Choose a key size. Salesforce typically offers 1024-bit or 2048-bit keys, which provide stronger security.
5. Once you have filled out the details in the required fields, click ‘Generate.’ You will receive a pair of public and private keys produced by Salesforce exclusively for your domain.
Steps to add the DKIM key in Salesforce
- Once the key is generated, Salesforce will display the public key and the exact DNS TXT record format you need to add to your domain’s DNS settings. So copy that.
- Log in to your DNS provider’s platform and look for an option to add a new TXT record with the following details-
- Name: This should be the combination of the DKIM selector and your domain, e.g., salesforce2024._domainkey.yourdomain.com.
- Type: Select TXT.
- Value: Paste the public key provided by Salesforce.
- When done, save the new TXT record in your DNS settings. Please wait for 24 to 48 hours for the changes to propagate across the internet.
Steps to activate the DKIM key in Salesforce
- Return to the Salesforce DKIM Key setup page.
- Click on ‘Activate’ next to the key you generated.
- Salesforce will check if the DNS TXT record is correctly set up and, once verified, will start signing your emails with the DKIM key.
- Then, test the DKIM signature by sending an email from Salesforce and checking the email headers to ensure that your signature is valid and properly formatted.
Monitoring and Maintenance
Monitor the status of your DKIM key in Salesforce regularly to ensure it continues to function correctly. Following a similar process, consider rotating your DKIM keys periodically for added security.