Loading
Secure Your Salesforce Org
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Set Up an Authorized Email Domain

            You are here:

            1. Salesforce Help
            2. Docs
            3. Secure Your Salesforce Org

            Set Up an Authorized Email Domain

            To verify your email-sending domain without DomainKeys Identified Mail (DKIM), set up an authorized email domain. For example, if your users’ email addresses are in the format name@example.com, set up an authorized email domain for example.com.

            Required Editions

            Available in: Salesforce Classic and Lightning Experience
            Available in: all editions except Database.com
            User Permissions Needed
            To modify authorized email domains: Email Administration

            Before you set up an authorized email domain, review these important considerations.

            • Salesforce recommends DKIM keys instead of authorized email domains. See Considerations for Sending Email from Salesforce and Create a DKIM Key.
            • You can copy an authorized email domain from production to a sandbox. Consider whether to create an authorized email domain in addition to a DKIM key for this functionality. See Copy Authorized Email Domains into a Sandbox.
            • Both authorized email domains and DKIM keys require an update to your domain’s DNS record. Prepare to work with your IT team or DNS provider to complete those updates.
            • To authorize a partner’s email sending domain with an authorized email domain, work with your partner to complete these steps.

            If you decide to set up an authorized email domain after you review those considerations, here are the steps.

            1. From Setup, in the Quick Find box, enter Authorized Email Domains, and then select Authorized Email Domains.
            2. To add an authorized email domain, click Add.
            3. Enter the domain name. For example, example.com.
            4. Save your changes.

              Salesforce generates a verification key for the authorized email domain, for example: 00D000000000P08=1TB00000000000B.

            5. If you own the domain, add a TXT (text) record in DNS for the domain name that includes the verification code.

              Work with your IT team or DNS provider to complete this step.

              Note
              Note DNS changes take up to 72 hours to propagate.

              There are three valid domain formats for the name in the DNS TXT record.

              • Your domain name.

                Here’s an example of a DNS TXT record for an authorized email domain with a domain name of example.com and a verification key of 1TB00000000000B in an org with a 15-digit ID 00D000000000P08.

                Name                 TTL   CLASS   TYPE    VALUE
--------------------------------------------------------------------
example.com.         600   IN      TXT     "00D000000000P08=1TB00000000000B"
              • Your domain with the _sfdv. prefix.

                Here’s an example of a DNS TXT record for the same domain and verification key with the _sfdv. prefix.

                Name                 TTL   CLASS   TYPE    VALUE
--------------------------------------------------------------------
_sfdv.example.com.   600   IN      TXT     "00D000000000P08=1TB00000000000B"
              • Your domain name with the orgId._sfdv. prefix, where orgID is the org’s 18-digit ID.

                Use this option if you manage multiple orgs that use the same email-sending domain and you want unique names in DNS.

                Here’s an example of a DNS TXT record with multiple values separated by a semicolon.

                Name                                   TTL  CLASS  TYPE    VALUE
--------------------------------------------------------------------
00D000000000P08EAE._sfdv.example.com.   600   IN    TXT     "00D000000000P08=1TB00000000000B"
              Tip
              Tip If a DNS TXT record already exists for one or more of these names, you can create a second TXT record for that name. Or you can append the verification code to the value list. To append a value, separate the values with a semicolon (;).

              Here's an example of a DNS TXT record with multiple values separated by a semicolon.

              Name                 TTL   CLASS   TYPE    VALUE
--------------------------------------------------------------------
example.com.         600   IN      TXT     "00D000000000X09=1TB00000000000C;00D000000000P08=1TB00000000000B"
            6. If you don’t own the domain, work with the domain owner to add the required TXT record in DNS.

              For example, to enable users to send email from Salesforce with a partner’s email domain, work with the partner to add a record to that domain’s DNS record.

              Provide the domain owner with the verification key from Setup and your 18-digit org ID.

            7. In Salesforce, verify ownership of the domain.
              1. From Setup, in the Quick Find box, enter Authorized Email Domains, and then select Authorized Email Domains.
              2. Next to your domain record, click Edit.
              3. On the record page, enable Verify domain ownership..

                If domain verification is successful, “Verify domain ownership” remains enabled.

                If domain verification is unsuccessful, verify that the required TXT record exists in DNS and that enough time has passed for the change to propagate.

              4. To require user-level email verification for this domain, enable Require email verification.

                This setting is enabled by default.

                Warning
                Warning When you disable this setting, you risk impersonation fraud because any user who can create users in Salesforce can also send email from any address on this authorized domain. For that reason, we recommend that you always enable Require email verification. See Considerations for Sending Email from Salesforce.
              5. Save your changes.

            See Also

             
            Loading
            Salesforce Help | Article