The Skysnag Blog

How to Setup DKIM for Salesforce?

October 11, 2023  |  2 min read

DKIM is specified in RFC 6376, and it is used by a number of email service providers, including Google, Yahoo, and Microsoft. DKIM is designed to address some of the flaws in the existing email system, such as spoofing, phishing, and message tampering. It allows email senders to digitally sign their messages in a way that can be verified by email receivers. This allows receivers to verify that the message truly came from the sender, and has not been tampered with.

How to Setup DKIM for Salesforce

  • Enter DKIM in the quick find by going to the Salesforce Setup menu and selecting it.
  • Select DKIM Keys.
  • Then select Create New Key.
  • Select your key size now, and then type s1 into the primary DKIM selector. Enter s2 as your alternate choice.
  • Type your domain name here; we’ve used in this instance.
  • Your preferences can influence the domain match you select. I have opted to use the exact match in this instance.
  • Click “Save.”
  • Salesforce will need some time to create the 2 CNAME records. If you refresh your browser, you will see something similar to this:

Adding DKIM CNAME Records to Your DNS

  • Launch your DNS administration interface.
  • In the first row of your DNS for the particular domain, copy the portion of your CNAME record that comes before “IN CNAME.”
  • In the second row of your DNS for the particular domain, copy the portion of your alternative CNAME record that comes before “IN CNAME.”
  • The text following “IN CNAME” in the CNAME records should be copied and pasted as follows:
  • Allow some time for your DNS to process the recent updates.
  • Then select “Activate” from the DKIM record’s menu.

You can use Skysnag’s free DKIM Checker to check the health of your DKIM record here

Enable DMARC for your domains to protect against spoofing. Sign up for a free trial today!

For more information on Salesforce DKIM setup, you can refer to their reference documentation

Check your domain’s DMARC security compliance

Enforce DMARC, SPF and DKIM in days - not months

Skysnag helps busy engineers enforce DMARC, responds to any misconfigurations for SPF or DKIM which increases email deliverability, and eliminates email spoofing and identity impersonation.