Loading
Salesforce Enforces New Security Requirements in Summer 2026Read More
Secure Your Salesforce Org
Table of Contents
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

          Search all of Salesforce Help
          Determine How to Verify Your Email-Sending Domains

          Determine How to Verify Your Email-Sending Domains

          To send email from Salesforce on domains that you own, verification is required for each of your email-sending domains. Determine the best method to verify your email domains: DomainKeys Identified Mail (DKIM), authorized email domains, or both options.

          Verify ownership of your email-sending domains via one of these methods.

          DKIM keys (recommended)
          DKIM attaches a digital signature to your emails, which proves they came from your domain and that the content wasn't altered in transit. This builds trust with email providers and helps your messages land in the inbox rather than in the spam folder.
          Authorized email domains
          A record in Salesforce for your domain that uses a DNS update to verify ownership. Consider this option if you can’t set up DKIM keys.
          Because you can copy authorized email domains from production to a sandbox org, consider setting up authorized email domains in addition to DKIM keys.

          Determine Your Verification Method

          1. Identify Your Email-Sending Domains.
            Use the resulting list to check your existing configuration in the next steps.
          2. For each of your email-sending domains, check for a key on the DKIM Keys page in Setup.
            • If a DKIM key exists for the domain and the key is active, no further action is required to send email for that domain.
            • If a DKIM key exists for the domain but the key isn’t active, update DNS and activate the key.
            • If no DKIM key exists for the domain, create one and activate it.
            To create and activate a DKIM key, see Create a DKIM Key.
          3. If you can’t create a DKIM key for one or more of your email-sending domains, set up an authorized email domain.

          Send Email from Sandboxes

          To send email from Salesforce, every org requires email domain verification, including sandboxes. Here are the options to enable Salesforce to send email from your sandbox.

          • Enable the Deliverability setting, Use a substitute email address for unverified domains. See Send Email for Users with Unverified Domains.
          • To verify email domains in a sandbox, use one of these options.
            • Set up DKIM keys in the sandbox.

              To maintain the security of DKIM key email signatures, you can’t copy a DKIM key to a sandbox.

            • Import authorized email domains from production into the sandbox. See Copy Authorized Email Domains into a Sandbox.

              If you use DKIM keys in production, also set up an authorized email domain in production for each domain that you want to copy to a sandbox.

            • Set up authorized email domains in the sandbox.
           
          Loading
          Salesforce Help | Article