Skip to main content
Skip table of contents

Setting up Email Security Mechanisms

When sending emails through your Salesforce instance, it is strongly recommended to have at least one of the four Email Security Mechanisms set up. These security mechanisms are required for the following reasons:

Salesforce supports several email security mechanisms:

  • DomainKeys Identified Mail (DKIM),

  • Transaction Layer Security (TLS),

  • Sender Policy Framework (SPF),

  • and Domain-based Message Authentication, Reporting, and Conformance (DMARC).

Goldfinch recommends using DKIM to secure your emails.

Setting up Secure DKIM Keys

  1. a DKIM key must be created on the Client’s Salesforce instance, one key per instance (i.e. one for dev, one for production); this will create two CNAME records per key.

  2. The two CNAME records must be created on the Client’s Email Domain DNS. After the DNS has been updated with the two CNAME records, activate the DKIM key on the Customer’s SF instance.

Follow these instructions to Create a DKIM Key (

  • Key Size: 1024 bit

  • Selector: CompanyNameDKIM1 (note: this must be an alphanumeric string)

  • Alternate Selector: CompanyNameDKIM2

  • Domain: Email domain of Customer (ex:, the email domain is

  • Domain Match: Exact domain only

After creating the DKIM Key, a CNAME Record and an Alternate CNAME Record will be generated.




  • The CNAME and alternate CNAME records must be published to the customer’s email domain’s DNS. If necessary, send the CNAME records to the Customer’s Email Domain Admin / Webmaster with the following instructions:

  • Create 2 CName records under the Email Domain






  • Append “” to your existing SPF1 record. For example, if you currently have the following value for SPF1:

v=spf1 ~all

  • After appending Salesforce spf value, it will look like

v=spf1 ~all

After the CNAME records are published to DNS and recognized by Salesforce, the DKIM Key can be activated on Salesforce. For additional info:

Best practices to setup DKIM (

How to Setup DKIM Key | Salesforce - YouTube


Email Domains

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.