DomainKeys Identified Mail (DKIM) is an anti-tamper protocol that safeguards your emails while in transit. DKIM uses digital signatures to check that the email was sent by a specific domain.
NOTE: Salesforce automatically rotates DKIM keys to reduce the risk of the keys being hacked or compromised by a third party. This is done periodically to ensure the security and legitimacy of your account.
Creating a DKIM Key for Salesforce
- Navigate to the Setup menu and, in the ‘Quick Find’ box, type in ‘DKIM Keys’.
- Click on ‘Create New Key’.
- Select the key size.
- Enter a unique name for the selector.
NOTE: Selecting a unique name for the alternate selector allows Salesforce to auto-rotate the DKIM keys.
- Enter your domain name and select your domain match.
- Click on ‘Save’.
- CNAME records will be generated after you refresh the page.
Publish the CNAME and alternate CNAME records to your domain’s DNS management console using the following steps:
- Log in to your DNS management console.
- Copy your CNAME record and paste it into the first row of your domain’s DNS.
- Copy your alternative CNAME record and paste it into the second row of your domain’s DNS.
- Click on ‘Activate’ and wait for your DNS to process the changes.
You have now successfully finished setting up DKIM on your Salesforce account. Check your DKIM record using EmailAuth’s free DKIM validator tool.