Enhance Salesforce Email Deliverability to Google and Yahoo : A Deliverability Guide

Checklist to Comply with Google Sender Requirements

Use the following checklist to understand what settings to review to comply with Google’s new spam policy.

1. Sender Policy Framework (SPF) authentication

2. DomainKeys Identified Mail (DKIM) authentication

3. Keep spam levels below 0.3%

4. Set up DMARC (Domain-based Message Authentication, Reporting, and Conformance) authentication

5. Domain From header must match SPF or DKIM domain

6. Salesforce automatically enforces RFC 5322 Internet standards for email messaging

Authenticate Your Emails

At the most basic level, authenticating your Salesforce emails is the surest way to guarantee deliverability. Review the following articles to authenticate emails sent through Salesforce. 

1. Set Up Secure DKIM Keys

2. What Is DMARC?

3. Considerations for Opting Out of Email

4. Maintaining Email Security

5. Email Deliverability Concepts Trailhead

IPs with valid forward and reverse Domain Name System (DNS)  records

IPs with valid forward and reverse DNS records have both directions of domain name resolution properly configured. This bidirectional lookup process enhances network reliability and security by verifying the authenticity of the sender.

• Forward DNS Lookup: When an IP address is queried for its associated domain name.

• Reverse DNS Lookup: When the queried result matches the domain name's IP address. 

When Salesforce sends mail on your behalf from a verified email address, it comes from our IP addresses. No additional steps are required to set up IP addresses with valid forward and reverse records.

TLS Connection for Transmitting Email

Transport Layer Security (TLS) is a cryptographic protocol used to secure communications over a computer network. It ensures that data transmitted between devices, such as between a user's email client and a mail server, remains confidential and protected from eavesdropping or tampering by unauthorized parties.

Notes: The default TLS setting doesn't need to be changed in your email configuration. With the default setting of Preferred, Salesforce uses TLS when it's offered. 

Google's new spam policy indirectly relates to TLS in the context of email security. While TLS itself doesn't prevent spam, it plays a role in the security of email transmissions. Google requires secure connections (using TLS) for email delivery to protect against eavesdropping and interception of email content. By enforcing TLS encryption for email communication, Google helps prevent unauthorized access to emails and reduces the risk of spam-related security breaches.

Spam and Bounce Rate Considerations

Maintain low spam rates of less than 0.3% spam output: Gmail’s existing bulk sender rules advises senders to keep their spam output below 0.3 percent as a best practice.

Some common reasons recipients issue complaints are: 

• Unwanted content

• Unsolicited emails 

• Misleading subject lines

• Volume of emails received from one sender

Actions to Take to Keep Spam Rates Low

• Review bounce rates: Messages sent to inboxes that never existed or no longer exist will bounce. If you continue to message these “dead inboxes” your bounce rates will rise and your reputation as a sender will be negatively impacted.
• Remove unengaged subscribers from your email list: If a subscriber hasn’t registered an open/click/purchase in the last 6-12 months, they are unlikely to do so in the future. Use this as an opportunity to maximize your ROI and focus on those highly engaged subscribers who are more likely to convert a click to a purchase. Keeping bounce rates down and opens/clicks up ultimately helps with building a strong reputation as a sender and ensures you reach the inbox of your subscribers versus the spam folder.
• Correctly formatted messages: Format messages according to the Internet Message Format standard (RFC 5322).

Salesforce Spam and Abuse Policy

Orgs that send emails through Salesforce agree to the Salesforce Email Abuse Policy.