- \n
- DMARC (Domain-based Message Authentication, Reporting, and Conformance):\u00a0<\/strong>It\u00a0has\u00a0been created to\u00a0empower owners to control their email domain and prevent unauthorized use\u00a0(email spoofing). This protocol tells the receiving email servers how to handle emails coming from the company’s domain.<\/li>\n
- DKIM (Domain Keys Identified Mail):<\/strong>\u00a0It\u00a0is a protocol that\u00a0allows a company to assume responsibility for the transmission of a message by signing it<\/strong>\u00a0, allowing mailbox providers to verify it. Therefore, DKIM requires a public key in the DNS, and the recipient’s email server uses this information to accept emails with the corresponding private key.<\/li>\n
- SPF (Sender Policy Framework):<\/strong>\u00a0is an email authentication technique used to\u00a0prevent spammers from sending messages on behalf of your domain.\u00a0<\/strong>Similar to the DKIM configuration, SPF will ask you to add its records to your DNS to authorize Pardot or Salesforce to send emails from the company’s own domain.<\/li>\n<\/ul>\n
These protocols initially originated as a\u00a0measure to strengthen the security of the Simple Mail Transfer Protocol\u00a0(SMTP) and address the rise of spam, since SMTP itself lacks authentication mechanisms. Each of these protocols has its own configuration and must be implemented and verified before sending emails from each platform.<\/p>\n
How does email authentication work?<\/h2>\n
SPF\u00a0is responsible for confirming that the email is sent from an\u00a0authorized sender\u00a0, while\u00a0DKIM\u00a0performs\u00a0email authentication\u00a0by comparing and validating public and private keys.<\/p>\n
\u00a0
![\"Autenticaci\u00f3n](\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\")
<\/p>\nWhy is it advisable to implement authentication protocols?<\/h2>\n
There are multiple reasons why we should implement these protocols:<\/p>\n
- \n
- The proper implementation of SPF, DKIM and DMARC can\u00a0save the reputation of your brand, as well as the trust of your clients and leads.<\/strong><\/li>\n
- They\u00a0<\/strong>affect the delivery capacity of the email<\/strong>\u00a0. If email authentication protocols are not configured properly, there is a high probability that customers will not receive emails, and they\u00a0will end up in the spam folder<\/strong>.<\/li>\n
- These email authentication methods\u00a0prevent phishing attempts<\/strong>\u00a0by allowing email servers to reject messages that were not actually generated by your company.<\/li>\n<\/ul>\n
Preparing to configure SPF\/DKIM<\/h2>\n
Before starting the SPF and DKIM adjustment process, it is crucial to establish contact with the IT department.\u00a0This will allow you\u00a0to obtain a list of available domains and understand in detail the procedure necessary to make changes to the DNS. The time required for this process may vary, estimated between 2 and 4 weeks, depending on internal IT policy.<\/p>\n
How to configure SPF and DKIM in Salesforce<\/h2>\n
- \n
- Settings > search for \u201cDKIM\u201d > navigate to DKIM Keys in Email > click Generate New Key.<\/li>\n<\/ol>\n<\/p>\n
2. Selector > Alternative Selector and Domain for the required field > select the preferred Domain Matching policy.<\/p>\n
3. Once published, you should see the following message “Salesforce has published the TXT records for this DKIM key to DNS. Before activating this key, add the CNAME and Alternate CNAME records to DNS for your domain.” Copy the values \u200b\u200bfrom the CNAME and Alternate CNAME records > send to IT in step 4.<\/p>\n
<\/p>\n4.\u00a0Update the text below with the appropriate information for your organization and send it to the IT team.<\/p>\n
Hello [name],<\/em><\/p>\n
I’m working with the Salesforce team to allow Salesforce to send emails from @yourdomain.com. To ensure high email deliverability, we need to make the following changes.<\/em><\/p>\n
We need to configure SPF and DKIM so that Salesforce is authorized to send emails on our behalf.<\/em><\/p>\n
- \n
- \n
- \n
- To configure SPF, you must add the following to your DNS entries:<\/em>\n
- \n
- Type: TXT<\/em>
<\/em><\/li>\n- Entry: v=spf1 mx include:_spf.salesforce.com ~all<\/em>\n
- \n
- If an SPF record already exists in the DNS entry, just add the following: _spf.salesforce.com<\/em><\/li>\n<\/ul>\n<\/li>\n
- To configure DKIM, you must create two CNAME entries<\/em>\n
- \n
- CNAME record<\/em>\n
- \n
- Domain: [insert host record here]._domainkey.yourdomain.com<\/em><\/li>\n
- Type: CNAME<\/em><\/li>\n
- Input: [enter host value here].<\/em><\/li>\n<\/ul>\n<\/li>\n
- Alternative CNAME record<\/em>\n
- \n
- Domain: [insert alternate host record here]._domainkey.yourdomain.com<\/em><\/li>\n
- Type: CNAME<\/em><\/li>\n
- Input: [insert host value here].<\/em><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n
Please let me know when these steps are complete so we can complete the setup process within Pardot. If you have any questions, please feel free to contact me.<\/em><\/p>\n
Greetings,<\/em><\/p>\n
Marketing operations<\/em><\/p>\n
When the IT team adds the CNAME entries, return to the DKIM Keys page.\u00a0DNS changes can take up to 72 hours\u00a0. If Salesforce finds relevant CNAME entries in DNS, you can click the Activate button and you can start sending emails from Salesforce.<\/p>\n
<\/p>\nIf the Activate button is still gray after the IT team confirms the configuration and 72 hours have passed,\u00a0you can use the DKIM Record Lookup tool to validate these records.<\/p>\n
You can also review the published DNS record through a DNS interface, but this view will only be accessible to the IT team, so you can ask them for a screenshot.<\/p>\n
Email authentication\u00a0is an essential part of secure communication\u00a0with recipients. If you’re still having trouble validating your SPF or DKIM records in Salesforce,\u00a0please contact us<\/a>\u00a0and we’ll be happy to help.<\/strong><\/p>\n
\nIf you liked this article, you might also be interested in:<\/span><\/p>\n
- Type: CNAME<\/em><\/li>\n
- Type: CNAME<\/em><\/li>\n
- Domain: [insert host record here]._domainkey.yourdomain.com<\/em><\/li>\n
- To configure DKIM, you must create two CNAME entries<\/em>\n
- Entry: v=spf1 mx include:_spf.salesforce.com ~all<\/em>\n
- Type: TXT<\/em>
- To configure SPF, you must add the following to your DNS entries:<\/em>\n
- \n
- They\u00a0<\/strong>affect the delivery capacity of the email<\/strong>\u00a0. If email authentication protocols are not configured properly, there is a high probability that customers will not receive emails, and they\u00a0will end up in the spam folder<\/strong>.<\/li>\n
- DKIM (Domain Keys Identified Mail):<\/strong>\u00a0It\u00a0is a protocol that\u00a0allows a company to assume responsibility for the transmission of a message by signing it<\/strong>\u00a0, allowing mailbox providers to verify it. Therefore, DKIM requires a public key in the DNS, and the recipient’s email server uses this information to accept emails with the corresponding private key.<\/li>\n
![\"Autenticaci\u00f3n](\"https:\/\/www.marketinet.com\/wp-content\/uploads\/2024\/06\/blog\/Autenticaci%C3%B3n%20de%20email%20de%20Salesforce\/El%20email%20se%20env%C3%ADa.png\")
<\/p>\n![\"Generar](\"https:\/\/www.marketinet.com\/wp-content\/uploads\/2024\/06\/blog\/Autenticaci%C3%B3n%20de%20email%20de%20Salesforce\/Salesforce-Email-Authentication-for-Pardot-Salesforce-and-Marketing-Cloud-Salesforce-Ben.png\")
<\/p>\n![\"DKIM](\"https:\/\/www.marketinet.com\/wp-content\/uploads\/2024\/06\/image-png-Jan-09-2024-08-39-27-0885-AM.png\")
<\/p>\n![\"Activaci\u00f3n](\"https:\/\/www.marketinet.com\/wp-content\/uploads\/2024\/06\/image-png-Jan-09-2024-08-43-04-3612-AM.png\")
<\/p>\n![\"\"](\"https:\/\/www.marketinet.com\/wp-content\/uploads\/2024\/05\/cap4.png\")
<\/a><\/figure>\n","protected":false},"excerpt":{"rendered":"