How to ensure emails sent from Salesforce arrive in the recipient's Inbox, not Junk/Spam
You want to ensure emails sent from Salesforce are successfully delivered to the Inbox of the recipient, and do not wind up in Junk/Spam.
When email messages are sent, they contain two “from” addresses: the “envelope from” (e.g., return path) and the “header from” (e.g., the friendly from).
Since both of these addresses can be spoofed by cybercriminals relatively easily, email authentication methods have been introduced over time to help prevent malicious emails from ending up in the recipient's Inbox.
If these authentication methods are configured incorrectly, or not at all, email recipients may notice more emails going to Junk/Spam than they'd like.
To help increase the likelihood of your emails from Salesforce landing in the recipient's inbox rather than Junk/Spam, consider implementing the following email authentication methods.
Note: To fully implement these policies, consult with your organization's IT team.
Sender Policy Framework (SPF):
What is it?
SPF is an email authentication protocol that allows the owner of a domain to specify which mail servers they use to send mail from that domain.
Brands sending email publish SPF records in the Domain Name System (DNS). These records list which IP addresses are authorized to send email on behalf of their domains.
During an SPF check, email providers verify the SPF record by looking up the domain name listed in the “envelope from” address in DNS. If the IP address sending email on behalf of the “envelope from” domain isn’t listed in that SPF record, the message fails SPF authentication.
Per Salesforce, Sender Policy Framework is a simple email validation system designed to detect email spoofing by providing a process to verify which providers are permitted to send emails on your behalf. It also aims to reduce spam and fraud by making it harder for anyone to hide their identity.
If you send an email from a Salesforce application and your domain is ABC.com, you can create an SPF record which authorizes Salesforce.com mail servers as allowed mail servers for the ABC.com domain. When the recipient receives your email, it checks the SPF record of ABC.com to determine if it is a valid email. The message will have a high chance of delivery if it can be validated using SPF.
In line with this, Salesforce has implemented an SPF record for our domain and we encourage our customers to implement SPF records for their domains as well.
Failing SPF authentication is the MOST COMMON cause of an email being delivered to Junk/Spam instead of the Inbox, so this is the first authentication method you should check.
Am I using this?
If you're sending emails from Salesforce, whether or not you're using an Internet Creations application, ensure that your IT team has set up an SPF record for Salesforce on their DNS. You can provide s/he with the following Salesforce Knowledge Article which provides specific instructions on how to setup SPF for Salesforce.
To check if a Salesforce SPF record was created for your organization, navigate to a free SPF lookup tool such as MXToolBox. Enter your organization's domain, and click the SPF Record Lookup button.
Considerations with SPF:
DomainKeys Identified Mail (DKIM):
What is it?
DKIM is a protocol that allows an organization to take responsibility for transmitting a message in a way that can be verified by mailbox providers. This verification is made possible through cryptographic authentication.
Per Salesforce, Use the DKIM (DomainKeys Identified Mail) key feature to let Salesforce sign outbound email sent on your company’s behalf. These signatures give recipients confidence that the email was handled in a way that’s consistent with your company.
See the following documentation on Creating a DKIM Key in Salesforce.
Once the DKIM Key is created, provide the details to your IT Team. From there, they can add this to the DNS record for the respective domain.
Am I using this?
DKIM records cannot be searched in the same fashion as SPF. To confirm if a DKIM record has been set up for your domain, ask your IT team to review the DNS record setup. Your IT team can also adjust the DKIM version, and what aspects of the email are being authenticated (the email header, body, or entire email).
Considerations with DKIM:
Domain-based Message Authentication, Reporting and Conformance DMARC:
What is it?
DMARC ensures that legitimate email is properly authenticating against established SPF and DKIM standards and that fraudulent activity appearing to come from domains under the organization’s control (active sending domains, non-sending domains, and defensively registered domains) is blocked.
DMARC’s alignment feature prevents spoofing of the “header from” address by:
To set up DMARC, you MUST have already setup both SPF and DKIM for your domain.
Am I using this?
To check if a DMARC record was created for your organization, navigate to a free DMARC lookup tool such as MXToolBox. Enter your organization's domain, and click the DMARC Record Lookup button.
In regards to email delivery when using Internet Creations' applications, these applications are 100% native to the Salesforce platform and rely on Salesforce's Email Infrastructure. This includes whether the email was sent via Apex code (such as those emails sent by Email to Case Premium) or those sent through Email Alerts using Workflow / Process Builder.
In addition to this knowledge article, Salesforce provides documentation and a number of helpful articles to help ensure a proper configuration for sending emails. See the following links for reference.
Guidelines for Configuring Deliverability Settings for Emails Sent from Salesforce
Improve Deliverability of Emails Sent from Salesforce
Test the Deliverability of Emails Sent Through Salesforce
Troubleshoot email delivery problems
Salesforce Ben: Ensure Emails Sent from your Salesforce Org are Delivered! Salesforce Email Deliverability Tips
Please note: This knowledge article is provided as-is. Configuration of email authentication policies is not supported under the scope of support included with your purchase of Internet Creations applications.
For further assistance, please contact your Salesforce administrator, Salesforce implementation partner, or your Internet Creations Account Executive to inquire about our IT professional services.