You are here:
Authenticating Account Engagement Emails
To help you achieve good email deliverability, Account Engagement requires that you verify ownership for each sending domain. Sender Policy Framework (SPF) authentication is configured for you by default. We recommend that you also set up these additional authentication methods: DomainKeys Identified Mail (DKIM) and Domain-Based Message Authentication, Reporting, and Conformance (DMARC).
Validation Key
In Account Engagement, you can only send from domains that you own. For each sending domain that you add, Account Engagement generates a validation key to add to your DNS configuration. The key verifies ownership and validates your domain for email sending.
Sender Policy Framework (SPF)
SPF is a form of email authentication that makes forging the sender of an email, or email spoofing, more difficult. SPF isn’t aimed at stopping spammers. Rather, it tightens loopholes used by spammers to spoof emails. SPF provides a list of all outbound email sources for a domain as a DNS TXT record.
Emails you send through Account Engagement pass SPF automatically because they're controlled by Salesforce, which has an authenticated SPF record. When a receiving mail server gets a message appearing to be sent from a certain domain, it checks the return-path sender’s SPF statement to verify that information.
DomainKeys Identified Mail (DKIM)
DKIM is a common email authentication system that adds another layer of verifying ownership with DNS records. We recommend setting up DKIM because ISPs have strict security policies to prevent spam.
Domain-Based Message Authentication, Reporting, and Conformance (DMARC)
With DMARC, you notify receiving servers that your messages use SPF and DKIM and instruct them on what to do if those checks fail. Work with your IT team to set up DMARC in your DNS configuration.
