SPAM, Security Configuration, and Problems When You Send Emails from Salesforce

Note: Information in this article applies to both Classic and Lightning Experience

If your company's email server is configured with a security filter, it’s possible that it can interfere with the delivery of emails from the Salesforce application when an administrator reset password or creates a new user and send them password information. A typical error might be:

553 FROM address from sending host is invalid.

This problem occurs because the user's email (SMTP) server has a security (for example, spam) filter set. This setting prevents delivery of email FROM a user that also exists on the recipient user's email server. Since our application sends the following emails FROM the user, their email server will intercept them and the user will get various errors such as the above or "Returned mail: Data format error" and won't receive the email at all.

Affected Emails:

• New user email (not sign-up, just new user creation)
• Email sent when Password reset by Admin of Organization
• Emails to a Contact or Lead from within the application where the users themselves are CC'd or BCC'd on the email.

Note: In this case, the email will successfully be delivered to the contact or lead recipient; just the copy to the sender will fail.

Unfortunately, there’s nothing we can do to circumvent these types of security measures, so the user should relay the following information to their email administrator in order for an email from our application to be delivered to them properly:

1. Confirm that this is the problem (see below for how to do this).
2. Have your email administrator or IT department allowlist Salesforce's IP address space

For more on IP addresses, review Test the Deliverability of Emails Sent Through Salesforce.


A typical concern is whether our SMTP server has been protected from relaying. The answer is yes since salesforce.com's SMTP server isn't available for incoming SMTP traffic from the web, therefore we’re protected.

Tips for the email server admin:
To confirm that this is the problem, the user should ask their IT Salesforce admin to telnet to their own SMTP server and set the "from" to one of their own email addresses. If this is indeed the problem, then they get an error message; likewise, If they set the "from" to an address outside their mail system, there will be no error. After they’ve confirmed this, they should add the above addresses as trusted servers (otherwise known as allowlisting).

For example:
telnet mail.server.com 25
helo salesforce.com
mail from:
553 FROM address from sending host is invalid
quit
telnet mail.server.com 25
mail from:
250 from okay

Useful resources:

Troubleshoot Delivery problems for Salesforce emails
'Add IP addresses to allowlists in Gmail' on the Gmail Support site
'Block or allow (junk email settings)' on the Microsoft Support site