Please follow the below two steps to configure DKIM for the Salesforce cloud
- Create DKIM keys from your Salesforce console.
- Publish two CNAME records for your custom domain in DNS.
- Activate DKIM signing in Salesforce (“DKIM Key Details” page).
Create DKIM keys from your Salesforce console
- From Setup, enter DKIM Keys in the Quick Find box, and then select DKIM Keys.
- Click Create New Key.
- Select the RSA key size. Consider email recipient limitations and industry-specific security regulations when choosing the key size. (recommended value is 1024 bits)
- For Selector, enter a unique name.
- For Alternate Selector, enter a unique name. The alternate selector allows Salesforce to auto-rotate your keys.
- Enter your domain name.
- Select the type of domain match you want to use.
- Click Save.
Publish two CNAME records for your custom domain in DNS
Your CNAME and alternate CNAME records appear on the DKIM Key Details page when the DNS publication is complete. It can take time for DNS publication to finish.
Activate DKIM signing in Salesforce
Select Activate the DKIM Key Details page.
Note:
Please refer to the below URL for further details
https://help.salesforce.com/articleView?id=emailadmin_create_secure_dkim.htm&type=5
If your Salesforce org was created before Winter ’19 (if the console does not allow you to do above configuration steps), enable the critical update. From Setup, enter Critical Updates in the Quick Find box, and then select Critical Updates.
If you are using Salesforce pardot, please refer to below configuration.
https://help.salesforce.com/articleView?id=pardot_email_authentication_generate_dkim.ht m&type=5