Set up IP-range filtering in two stages: confirm email tracking is on, then add the ranges you want excluded. You need the Customize Application permission. Both settings live in Setup.
- Confirm tracking is enabled
In Setup, use Quick Find to open Activity Settings. Make sure the option to enable email tracking is selected and Enhanced Email is active, so opens and clicks are being recorded in the first place.
- Open Filter Email Tracking
In Setup, type Filter Email Tracking in Quick Find and open the page. This is where you manage the list of IP address ranges that should be excluded from open and click tracking.
- Gather the IP ranges to exclude
Work with your network team to list the public IP ranges for your offices, VPN exits, and any mail-scanning gateways. These are the sources that generate false opens and are the right things to filter.
- Add each range
Enter a start IP address and an end IP address for each range, then save. Use a single address in each field and keep the end value higher than the start. Repeat for every range you identified.
- Verify and document
Send a test campaign that includes an internal recipient inside a filtered range, then check that their open does not appear on the record. Note who owns each entry so future audits are easy.
The lowest IP address in the range you want excluded from email tracking. For a single machine, this is the same as the end of a one-address range.
The highest IP address in the range. Keep this value greater than the start so the range is valid and covers the addresses in between.
The ranges apply org-wide to native Salesforce email tracking only. They do not affect Marketing Cloud or Account Engagement, which have separate exclusion settings.
- This page filters by IP address, not by email address or domain. To suppress tracking for a person, use the per-record Don't Track preference instead.
- Filtering does nothing until email tracking is enabled in Activity Settings. Enable tracking first, then add ranges.
- Ranges deploy as the IpAddressRange metadata type, so they move between sandboxes and production with your other config.
- The filter only affects opens and clicks. Bounces, delivery failures, and replies are recorded separately and are not excluded.