You are here:
Email Integration in Government Cloud
Maximize productivity while meeting email security and compliance requirements with Salesforce Government Cloud. Understand email behavior, including domain limitations, and configuration impact, essential to maintain secure, reliable communication. Follow this guidance to help avoid email deliverability issues in Federal Risk and Authorization Management Program (FedRAMP) and Department of Defense (DoD)-authorized instances.
Required Editions
| Available in: Enterprise and Unlimited Editions |
Email is an important tool available in Salesforce for government agencies. To meet security and compliance standards, configure Salesforce to balance security—including integration with approved email systems—and deliverability. Proper configuration enhances agency communication, automation, and case management while maintaining regulatory compliance.
Considerations for Email Domains in Government Cloud
Government Cloud environments are isolated from Salesforce infrastructure available to the general public. These environments are modified to meet many compliance and security requirements, which can result in differences in features or user experience. Many enterprise customers simultaneously want to connect to FedRAMP or DoD-authorized third-party email-based systems, which can also change the experience.
Limitations for Government Cloud Plus
Architecturally, email services in Government Cloud Plus mirror the Salesforce
infrastructure available to the general public. The only difference is that Salesforce has
dedicated email servers for Government Cloud. By default, Government Cloud customers send
emails from @*.salesforce.com. The integration of Microsoft 365 with
Government Community Cloud (GCC)-High and Government Cloud Plus can require additional
configuration from Microsoft to enable traffic routing. Contact Microsoft to allow expected
functionality.
Limitations for Government Cloud Plus - Defense
The Government Cloud Plus - Defense environment is isolated from both the Salesforce version
that's available to the general public and Government Cloud Plus infrastructure. All network
traffic—including email/SMTP—routes to the DoD's Non-classified Internet Protocol Router
Network (NIPR). By default, all system-generated emails are sent from the
@*.salesforce.mil domain and route through the Defense Information
Systems Agency's (DISA) Enterprise Email Security Gateway (EEMSG). If you experience email
deliverability issues due to the use of EEMSG as a relay, Domain-based Message
Authentication, Reporting, and Conformance (DMARC), DomainKeys Identified Mail (DKIM), and
Sender Policy Framework (SPF) enhancements can help.
Salesforce customers in the military healthcare sector can request email routing to the Defense Health Agency's email relay instead. To make that request, contact Salesforce Customer Support.
Email Functionality Limitations for Government Cloud Plus - Defense
- Salesforce email infrastructure doesn't support the Secure/Multipurpose Internet Mail Extensions (S/MIME) protocol.
- Government Cloud Plus - Defense supports Email-to-Case but not Email-to-Salesforce.
.com My Domain may encounter technical
challenges when they try to set up Email-to-Case or email forwarding to Salesforce. The DoD
can block forwarding of emails with .mil addresses to top-level domains
that use a suffix other than .mil.
myuser@example.mil is forwarded to the
service address mycompany@example.subdomain.salesforce.com, DoD email
policies can block the process because it forwards from a .mil address to a
.com address.See Also
- Set Up Email-to-Case
- Set Up Email Relay
- Considerations for Setting Up Email Relay
- Government Cloud Email to Salesforce Services Considerations
- Enable Email Security Compliance
- Sender Policy Framework and Salesforce SPF Records
- Set Up Secure DKIM Keys
- Best Practices to setup DKIM
- SPF and DKIM Alignment Fails
- Outlook and Gmail Integration and Inbox Email Productivity Features
- Email Template Builder Removal in Government Cloud
