Transaction Layer Security (TLS) encrypts the contents of an email transaction during
transmission. The sender and receiver can also use it to verify each other's identity. You can
choose a TLS setting when sending email through Salesforce or through an email relay.
Required Editions
Available in: Salesforce Classic and
Lightning Experience
Available in: all editions except Database.com
User Permissions Needed
To configure email deliverability:
Customize Application
Note Salesforce no longer supports TLS versions 1.1 or 1.0. If the receiving mail server only
supports TLS 1.1 or 1.0 ciphers, then the email is sent unencrypted unless the sending org has
specified that TLS is required.
From Setup, enter Deliverability in the Quick Find box, and then
select Deliverability.
In the Transport Layer Security (TLS) (Emails from Salesforce or Email Relay Only) section,
select your TLS Setting:
Preferred—If the message transfer agent (MTA) advertises TLS
and a common cipher can be negotiated, TLS is used. If TLS can’t be negotiated, the email is
delivered unencrypted. This setting is the default.
Required—If TLS can’t be negotiated or a common cipher can’t
be agreed on, the email bounces back to the originator.
Preferred Verify—If the MTA advertises TLS, a common cipher
can be negotiated, and Salesforce can verify the receiver, TLS is used. Verification means
that a valid certificate authority has signed the receiver’s certificate and the hostname in
the certificate matches the host to which we connected. If TLS can’t be negotiated or the
verification fails, the email is delivered unencrypted.
Required Verify—If TLS can’t be negotiated, a common cipher
can’t be agreed on, or the sender can’t be verified, the email bounces back to the
originator. Verification means that a valid certificate authority has signed the receiver’s
certificate and the hostname in the certificate matches the host to which we connected.
Optionally, if you selected a setting other than Preferred, you can select
Restrict TLS to these domains and enter the comma-separated list of
domains. When delivering to domains that aren’t listed, we use the "Preferred" setting.
Click Save.
Did this article solve your issue?
Let us know so we can improve!
Loading
Salesforce Help | Article
Cookie Consent Manager
General Information
Required Cookies
Functional Cookies
Advertising Cookies
General Information
We use three kinds of cookies on our websites: required, functional, and advertising. You can choose whether functional and advertising cookies apply. Click on the different cookie categories to find out more about each category and to change the default settings.
Privacy Statement
Required Cookies
Always Active
Required cookies are necessary for basic website functionality. Some examples include: session cookies needed to transmit the website, authentication cookies, and security cookies.
Functional Cookies
Functional cookies enhance functions, performance, and services on the website. Some examples include: cookies used to analyze site traffic, cookies used for market research, and cookies used to display advertising that is not directed to a particular individual.
Advertising Cookies
Advertising cookies track activity across websites in order to understand a viewer’s interests, and direct them specific marketing. Some examples include: cookies used for remarketing, or interest-based advertising.
