Quick summary
Activating a DKIM key in Salesforce lets you digitally sign outbound emails, improving deliverability and protecting your domain from spoofing. This process involves generating a key in Salesforce Email Setup, waiting for it to publish, then adding the resulting CNAME records to your DNS provider.
Steps
- Go to Setup on the top right of your Salesforce instance.
- Search for DKIM Keys in the Quick Find box.
- Click the Create New Key button to begin generating a new DKIM key.
- Fill in the DKIM Key details in the form that appears.
- Enter your Domain, Selector, and Alternate Selector fields (hover over the "i" button for context on each field).
- Select the appropriate Key size based on your organization's security regulations.
- Wait for the keys to finish publishing before proceeding.
- Once published, copy the CNAME records that appear — these will be added to your DNS settings.
- Go to your DNS provider (such as Cloudflare), select your domain, navigate to DNS Settings, and add the primary CNAME record.
- In the Name field enter the host name for the primary CNAME record, and in the Content field enter the CNAME value — then repeat the process to add the Alternate CNAME record.
