DKIM configuration for Salesforce cloud

Please follow the below two steps to configure DKIM for the Salesforce cloud

  • Create DKIM keys from your Salesforce console.
  • Publish two CNAME records for your custom domain in DNS.
  • Activate DKIM signing in Salesforce (“DKIM Key Details” page).

Create DKIM keys from your Salesforce console

  • From Setup, enter DKIM Keys in the Quick Find box, and then select DKIM Keys.
  • Click Create New Key.
  • Select the RSA key size. Consider email recipient limitations and industry-specific security regulations when choosing the key size. (recommended value is 2048 bits)
  • For Selector, enter a unique name.
  • For Alternate Selector, enter a unique name. The alternate selector allows Salesforce to auto-rotate your keys.
  • Enter your domain name.
  • For domain match pattern, Provide a list of domain patterns separated by commas. The domain name must match these patterns before Salesforce signs an email with this DKIM key.
    • Example.com – DomainOnly: Sign if sending domain matches at the domain level only (example.com, but not mail.example.com).
    • *.example.com – SubdomainsOnly: Sign if sending domain matches at the subdomain level only (mail.example.com, but not example.com).
    • example.com,*.example.com – DomainAndSubdomains: Sign if sending domain matches at the domain and subdomain levels (example.com and mail.example.com).
  • Click Save.

Publish two CNAME records for your custom domain in DNS

Your CNAME and alternate CNAME records appear on the DKIM Key Details page when the DNS publication is complete. It can take time for DNS publication to finish.

Activate DKIM signing in Salesforce

Select Activate the DKIM Key Details page.

Note:

Please refer to the below URL for further details

https://help.salesforce.com/articleView?id=emailadmin_create_secure_dkim.htm&type=5

If your Salesforce org was created before Winter ’19 (if the console does not allow you to do above configuration steps), enable the critical update. From Setup, enter Critical Updates in the Quick Find box, and then select Critical Updates.

If you are using Salesforce pardot, please refer to below configuration.

https://help.salesforce.com/articleView?id=pardot_email_authentication_generate_dkim.ht m&type=5

For more DKIM configurations please refer to the following link.

https://knowledge.progist.net/index.php/2022/11/21/how-to-set-up-dkim-a-comprehensive-guide-for-dkim-setup/