You are here:
Enable Compliance with Standard Email Security Mechanisms
Org‑level toggle that enables Salesforce to align with commonly expected email‑security standards.
Control Name
Email Security - Deliverability (Select 'Enable compliance with standard email security mechanisms').
Control Overview
Org‑level toggle that enables Salesforce to align with commonly expected email‑security standards (for example, SPF/DKIM/DMARC‑like handling, header hygiene, and anti‑spoofing practices) so that outbound Salesforce emails behave more like messages from a modern, secure email platform.
Description
When enabled, Salesforce applies additional internal controls and metadata practices that mimic standard email‑security mechanisms, improving the likelihood that external mail servers treat Salesforce‑originated messages as legitimate rather than as spam or spoofed traffic.
Recommended Configuration
Select 'Enable compliance with standard email security mechanisms' in Setup>Email Administration>Deliverability or Email Security.
Security Impact
Improves the trustworthiness of your outbound email at the receiving side, reduces the chance that messages are flagged as suspicious or spam, and supports broader email‑security posture by signaling that Salesforce is participating in standard anti‑spoofing and header‑validation patterns.
Business Impact
Increases email deliverability and sender reputation, reduces user complaints about missing or delayed emails, and supports brand‑trust and compliance narratives around secure communication.
Security Risk If Not Configured
Disabled compliance with standard email security mechanisms means that Salesforce emails may be treated more harshly by external gateways, increasing the risk that legitimate messages are filtered or blocked and giving attackers more room to mimic your domain.
Threat Scenarios
Increased risk that malicious emails can more easily bypass spam filters or be perceived as “on‑par” with your legitimate Salesforce‑based messages, making it easier for attackers to use similar sending patterns or spoofing techniques that exploit your domain’s reputation.
Estimated CVSS Score Range
Critical (9.0–10.0).
Risk Impact Considerations
The impact is highest when Salesforce sends email to external customers or partners, or when the company’s domain has a strong reputation that attackers can abuse.
Higher Risk When
You send high‑volume or high‑impact emails (marketing, alerts, billing) from Salesforce, and those messages are critical for time‑sensitive business operations or customer‑trust.
Low Risk When
Email traffic is low‑volume, mostly internal, or already routed through a separate email gateway that enforces the same security mechanisms.
Business and Integration Considerations
A must have for any org that sends outbound email to external parties. Ensure this setting is coordinated with overall email‑security strategy (DKIM, TLS, SPF, DMARC) and domain‑verification choices.
Security Health Review Guidance
Must have.
Who Is Impacted
System administrators, marketing and customer‑communication teams, sales and service users who rely on outbound email, and external recipients who receive Salesforce‑generated messages.
