Salesforce Dictionary - Free Salesforce GlossarySalesforce Dictionary
Full Deliverability entry
How-to guide

How to configure Deliverability for production-grade outbound email

The pattern: confirm delivery mode is Default for production, configure SPF/DKIM/DMARC end to end, enable Bounce Management, test with Test Deliverability, monitor delivery rates over weeks. The setup is significant; the impact on inbox placement is real.

By Dipojjal Chakrabarti · Founder & Editor, Salesforce DictionaryLast updated May 18, 2026

The pattern: confirm delivery mode is Default for production, configure SPF/DKIM/DMARC end to end, enable Bounce Management, test with Test Deliverability, monitor delivery rates over weeks. The setup is significant; the impact on inbox placement is real.

  1. Open Setup, Email, Deliverability

    Confirm the delivery mode (Default for production). Sandboxes should be on System Email Only to prevent accidental sends.

  2. Register sending domains via Authorized Email Domains

    Every distinct sending domain (acme.com, news.acme.com) needs registration plus a DKIM record on DNS. Without DKIM, deliverability suffers.

  3. Configure SPF on the sending domain DNS

    Add the Salesforce SPF include string to the domain's SPF TXT record. Without SPF, deliverability suffers and DMARC enforcement fails.

  4. Publish DMARC at policy "none" first, then escalate

    DMARC at "none" reports without enforcing. Validate that all legitimate senders pass authentication, then escalate to "quarantine" then "reject".

  5. Enable Bounce Management

    Setup, Email, Deliverability, Bounce Management. Salesforce starts processing bounces and updating Lead/Contact records with bounce reasons.

  6. Test with Test Deliverability

    Click Test Deliverability. Confirm test emails arrive at recipient mailboxes and the per-IP results show success.

  7. Monitor delivery rates and DMARC reports over weeks

    DMARC aggregate reports show how often emails pass authentication at each receiving provider. Sustained high pass rates indicate healthy deliverability.

Key options
Delivery moderemember

Default, System Email Only, No Access. Production runs Default; sandboxes run System Email Only.

SPF, DKIM, DMARCremember

The three authentication mechanisms that together produce inbox delivery. All three needed for modern deliverability.

Compliance BCCremember

Org-wide BCC of outbound emails to a compliance archival address.

Email Relayremember

Routes outbound through customer-managed mail server instead of Salesforce IPs.

Bounce Managementremember

Processes bounce notifications and updates Lead/Contact bounce fields.

Gotchas
  • System Email Only on sandbox is the safe default. Switching to Default in sandbox produces accidental sends to real recipients during testing.
  • Authentication missing one of SPF, DKIM, DMARC drops inbox delivery significantly. All three are needed for modern mail provider acceptance.
  • Without Bounce Management, the org keeps sending to invalid addresses, hurting reputation. Enable as part of the deliverability baseline.
  • Salesforce IPs have shared reputation across customers. Bad-actor customers can hurt your delivery; Email Relay isolates reputation for high-volume sending.
  • DMARC at "none" indefinitely is not enforcement. The escalation to "quarantine" then "reject" is what actually makes DMARC matter.

See the full Deliverability entry

Deliverability includes the definition, worked example, deep dive, related terms, and a quiz.