Warmy Blog

Salesforce SPF Record Setup: Ensuring Email Deliverability

Talk with a deliverability expert!

No need to flee, it’s totally free


    Email communication stands as a cornerstone for businesses worldwide. Whether it’s nurturing leads, communicating with clients, or internal team collaboration, the reliability of email deliverability can make or break a business’s success. 

    For Salesforce users, ensuring that emails sent through the platform land in the recipient’s inbox and not the spam folder is paramount. Enter the SPF record—a crucial tool in the arsenal of email authentication. In this blog post, we’ll delve deep into the world of Salesforce SPF record setup, highlighting its importance and guiding you step-by-step to optimize your email deliverability. 

    Whether you’re a seasoned Salesforce veteran or just getting started, this guide is tailored to ensure your emails find their rightful place in the recipient’s inbox. Let’s embark on this journey to fortify your email strategy!

    What is Salesforce?

    Salesforce, Inc. is an American cloud-based software company headquartered in San Francisco, California. The company specializes in providing customer relationship management (CRM) software and applications that focus on various areas such as sales, customer service, marketing automation, e-commerce, analytics, and application development. 

    In the context of email security, SPF records play a crucial role in ensuring that the emails you receive are from legitimate sources. When an email is received, the receiving mail server checks the SPF record of the sending domain to verify its authenticity. If the email comes from a server not listed in the SPF record, it can be flagged as suspicious or rejected outright.

    SPF records:

    – Help in authenticating the source of emails.

    – Protect against email spoofing and phishing attacks.

    – Enhance the reputation of a domain by ensuring that only authorized servers send emails on its behalf.

    – Reduce the chances of emails being marked as spam.

    Given the increasing number of cyber threats and the importance of email as a communication tool, having a correctly configured SPF record is crucial for businesses and individuals alike.

    Salesforce and SPF records: the connection

    In the intricate web of digital communication, Salesforce and SPF records might seem like disparate entities. However, when it comes to ensuring the authenticity and deliverability of emails, their interrelation becomes crystal clear. Let’s explore this connection further.

    Why Salesforce users need SPF records

    Salesforce, as one of the world’s leading CRM platforms, handles a vast amount of email communication daily. From marketing campaigns to transactional emails, Salesforce is the backbone for many businesses in reaching out to their clients and prospects. But with the rise of cyber threats, especially email spoofing and phishing, the authenticity of these emails can be questioned by receiving servers.

    This is where SPF records come into play. An SPF record acts as a whitelist, specifying which mail servers are authorized to send emails on behalf of a domain. For Salesforce users, setting up an SPF record means ensuring that emails sent from Salesforce on their domain’s behalf are recognized as legitimate by receiving servers. Without an SPF record, there’s a higher risk that these emails might be flagged as spam or, worse, not delivered at all.

    Setting up Salesforce SPF records

    Navigating the technicalities of SPF records might seem daunting, especially when integrating with a platform as robust as Salesforce. However, with a clear roadmap and awareness of potential pitfalls, the process can be streamlined and effective. Let’s dive into the specifics.

    Step-by-step guide to configuring Salesforce SPF records

    1. Identify Your Domain's DNS Provider

    Before making any changes, determine where your domain’s DNS settings are hosted. This could be with your web hosting provider, domain registrar, or a specialized DNS host.

    2. Access DNS Management

    Log in to your DNS provider’s dashboard and locate the DNS management or domain settings section.

    3. Locate Existing SPF Record

    Check if your domain already has an SPF record. It will typically start with “v=spf1”.

    4. Modify or Create SPF Record:

    ◾ If an SPF record exists, append Salesforce’s mail servers to it. For example, if your current record is 

    v=spf1 include:_spf.google.com ~all, modify it to v=spf1 include:_spf.google.com include:_spf.salesforce.com ~all.

    ◾ If no SPF record exists, create a new TXT record with the value v=spf1 include:_spf.salesforce.com ~all.

    5. Save Changes.

    After updating or adding the SPF record, save the changes.

    6. Propagate DNS Changes.

    DNS changes can take anywhere from a few minutes to 48 hours to propagate across the internet. It’s essential to be patient during this period.

    7. Verify SPF Record

    Once the changes have propagated, use an SPF record checker tool to verify that the record is correctly set up for Salesforce.

    Common challenges and how to overcome them

    1. Multiple SPF Records. A domain should only have one SPF record. If multiple records are detected, consolidate them into a single record to avoid delivery issues.

    2. Exceeding the SPF Lookup Limit. SPF records have a limit of 10 DNS lookups. If you have many “include” mechanisms, you might exceed this limit. Prioritize and consolidate where possible.

    3. Syntax Errors. SPF records are sensitive to syntax. Ensure there are no extra spaces, missing colons, or other typographical errors.

    4. Delayed DNS Propagation. If changes aren’t reflecting even after 48 hours, reach out to your DNS provider for assistance.

    5. Inconsistent Deliverability. Even with a correctly configured SPF record, other factors like content, DKIM, and DMARC can impact deliverability. Ensure all aspects of email authentication and best practices are in place.

    Setting up Salesforce SPF is a crucial step in ensuring email deliverability and authenticity. While challenges may arise, with the right knowledge and tools, they can be effectively addressed, paving the way for seamless and secure email communication.

    Beyond SPF: other salesforce security measures

    While SPF records play a pivotal role in email authentication for Salesforce, they are just one piece of the broader security puzzle. Salesforce, understanding the criticality of data protection and the evolving landscape of cyber threats, offers a suite of security measures to fortify its platform. Let’s delve deeper into some of these advanced security mechanisms.

    Implementing DMARC and DKIM with Salesforce

    1. DMARC (Domain-based Message Authentication, Reporting, and Conformance):

    ◾ DMARC builds upon SPF and DKIM (DomainKeys Identified Mail) protocols, providing an additional layer of security. It allows domain owners to specify how receiving mail servers should handle unauthenticated emails, either by quarantining or rejecting them.

    ◾ Salesforce supports DMARC and allows users to publish DMARC policies for their domains. When integrated, Salesforce will align the ‘From’ address domain with the ‘Return-Path’ domain, ensuring DMARC alignment and successful email delivery.

    2. DKIM (DomainKeys Identified Mail):

    ◾ DKIM adds a digital signature to the email headers, which receiving servers then verify against a public cryptographic key in the domain’s DNS records. This ensures the email’s integrity and confirms the sender’s authenticity.

    ◾ Salesforce provides a straightforward process to enable DKIM for custom domains. Once activated, Salesforce signs all outgoing emails with the domain’s private key

    The role of multi-factor authentication in Salesforce security

    3. Multi-Factor Authentication (MFA):

    ◾ MFA adds an extra layer of security by requiring users to provide two or more verification methods to access an account. This typically combines something the user knows (password) with something the user has (a verification code sent to a phone) or something the user is (biometric verification).

    ◾ Salesforce strongly recommends enabling MFA for all user accounts. The platform offers Salesforce Authenticator, a mobile app that generates time-based one-time passwords (TOTPs) or uses location-based authentication. By integrating MFA, organizations can significantly reduce the risk of unauthorized account access, even if passwords are compromised.

    Expert opinions

    The realm of cybersecurity is ever-evolving, and when it comes to a platform as vast and integral as Salesforce, expert insights can be invaluable. Drawing from the wisdom of seasoned professionals in the Salesforce security domain, let’s explore some key insights and recommendations.

    Insights from Salesforce security experts

    – Holistic Approach. Security isn’t just about setting up protocols; it’s about understanding the entire ecosystem. Experts emphasize the importance of a holistic approach, considering everything from user behavior to infrastructure vulnerabilities.

    – Continuous Learning. The digital threat landscape is constantly changing. Experts highlight the need for continuous learning and adaptation, urging Salesforce users to stay updated with the platform’s latest security features and best practices.

    – Data is Gold. Many experts reiterate that data is an organization’s most valuable asset. Protecting it isn’t just about compliance; it’s about preserving the trust of customers and stakeholders.

    – Beyond Technicalities. While technical measures like SPF, DMARC, and MFA are crucial, experts also stress the importance of fostering a security-conscious culture within organizations. Regular training and awareness sessions can go a long way.

    Recommendations for businesses using Salesforce

    – Regular Audits. Conduct regular security audits to identify potential vulnerabilities. Salesforce provides tools like Health Check and Security Command Center to assist in this.

    – Limit Access. Implement the principle of least privilege (PoLP). Ensure that users have only the permissions they need to perform their tasks, reducing the potential damage from compromised accounts.

    – Backup Data. While Salesforce has robust data protection measures, experts recommend maintaining regular backups of critical data. This ensures business continuity in the face of unforeseen events.

    – Stay Updated. Salesforce frequently rolls out updates and patches. Ensure that your organization is using the latest version of the platform and any integrated apps.

    – Engage Experts: Consider hiring or consulting with Salesforce security experts, especially if your organization handles sensitive data or operates in a highly regulated industry.

    – Educate Users. Human error is a significant security risk. Regularly train your Salesforce users about best practices, phishing threats, and the importance of strong, unique passwords.

    👉 To enhance email deliverability, especially for new domains or email addresses, it’s crucial to adopt strategies that build a positive sender reputation. One highly recommended best practice is the use of email warm-up tools, such as Warmy.io. These tools gradually increase email sending volume, simulating genuine email interactions and ensuring that your emails don’t land in the spam folder. By mimicking organic email behavior, Warmy.io and similar platforms can significantly improve deliverability rates, ensuring your messages reach their intended recipients.


    Setting up Salesforce SPF records is not just a technical requirement; it’s a commitment to safeguarding your brand’s reputation, fostering trust among your clients, and ensuring that your messages always find their rightful place in the recipient’s inbox.

    But as we’ve explored, the journey doesn’t end with SPF. From DMARC to DKIM, and from regular audits to user education, a holistic approach to email security is essential. 

    In closing, let this guide serve as a beacon, illuminating the path to impeccable email deliverability with Salesforce. Embrace the tools, heed the expert advice, and fortify your email strategy for a future where every message counts.

    Scroll to Top