How to Set Up/Modify SPF for Salesforce Marketing Cloud
The following description addresses how to update a Domain Name Service (DNS) record to use SPF with your custom domain in Salesforce Marketing Cloud (formerly ExactTarget).
To utilize a custom domain, the Salesforce provider requires an SPF TXT record be added to the DNS record. This TXT record is then used by DNS to recognize email servers allowed to send messages on behalf of your custom/third-party domain. To determine whether a correspondence from the specified domain comes from an authorized messaging server, the recipient system relies on the implemented SPF TXT record. At that point, the message is either accepted, quarantined, or rejected by the email receiving system.
To implement SPF authentication for your domain, you will need access to your DNS records in the domain hosting account. Important: If you already have an SPF record, then you should modify that existing record. You must not have more than one SPF record.
For convenience, be sure to log in to your Salesforce account to verify your domain and copy your TXT records. Salesforce Marketing Cloud utilizes an include mechanism during the set-up process. For example, if you do not have an SPF record on your domain, the following scenario is the most common and would pass SPF:
v=spf1 include:cust-spf.exacttarget.com ~all
If you do already have an SPF record on your domain, simply add the following to it:
include:cust-spf.exacttarget.com
To create an SPF record for your domain name, follow these steps:
1. Log in to control panel for your domain DNS host
2. Create a TXT record with the following specifications:
If you do not have an SPF record insert the below into the value field:
v=spf1 include:cust-spf.exacttarget.com ~all
If you already have an SPF record, then you simply need to add the below to your existing record:
include:cust-spf.exacttarget.com
4. Save changes
How to Set Up/Modify DKIM for Salesforce
If your domain publishes a DMARC (Domain-based Message Authentication, Reporting, and Conformance) policy, recipients can use the applied DKIM signature to verify that the mail conforms to DMARC. Follow the below steps:
1. In Setup, enter DKIM Keys in Quick Find box, then select DKIM Keys
2. Click Create New Key
3. For Selector, enter unique name
4. Enter your domain name
5. Select preferred type of domain match
6. Save changes
7. Publish your public domain key to DNS using TXT file name format: selector._domainkey.domain.com; For TXT file value, use: v=DKIM1; k=rsa; p=[yourPublicKey]
As a user of this outbound email provider, Salesforce customers are afforded DKIM signing because it supports that mechanism. By utilizing Salesforce’s self-service portal, you can manually set up DKIM at your convenience via TXT records mentioned above. Overall, this Salesforce product provides beneficial components (e.g., DKIM signing, custom DKIM records, self-service set up with TXT records) that result in a streamlined process.