Email Requirements and Security

Email domain verification is required before anyone can send email from Salesforce, and each user must verify their email address and return email address. Salesforce supports several email security mechanisms to protect outgoing email.

Before Salesforce can send email on behalf of your users, domain-level and user-level verification is required. Salesforce admins verify the domains that you own, and users verify their email and return email addresses. To help users, Salesforce admins can identify users with unverified email addresses and help them complete this required step.

Salesforce supports several email security mechanisms: Transaction Layer Security (TLS), Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting, and Conformance (DMARC). Each mechanism protects different aspects of an email message.

For details about verifying your email-sending domains, helping users verify their email address, and email security mechanisms, see Email Security.