What is the most important tip for working with Organization-Wide Address?

Verification email goes to the proposed address. Ensure the address is monitored before adding; without click, the address cannot be used.

Organization-wide addresses keep customer communications consistently branded regardless of which user sends them.

AdministrationIntermediate

Organization-Wide Address

Q: What is an Organization-Wide Address?

Organization-Wide Addresses provide branded shared sending addresses for org-wide use.

Q: What's required before using an organization-wide address?

Each address must be verified before Salesforce will send emails from it.

Hear it

§ 01

Definition

An Organization-Wide Address (or Org-Wide Email Address) is a Salesforce-configured shared email address that authorized users can choose as the From address on outbound mail instead of their personal Salesforce email. Common examples: billing@yourcompany.com, support@yourcompany.com, hello@yourcompany.com. The address must be verified through a confirmation email before becoming available, and access is restricted to specific profiles or all users based on configuration. The feature lets multiple users send mail under a single branded address without sharing email account credentials.

The capability is essential for any organization where outbound mail should appear from a consistent business address rather than individual reps. Sales teams use shared sender addresses for company-branded outreach; support teams send Case-related mail from a support@ address; billing teams send invoices from billing@. Without Org-Wide Addresses, every send appears from the individual user's address, which is unprofessional in many contexts and creates trust issues (customers may not recognize the sender).

§ 02

How Organization-Wide Addresses work

Verification flow

Adding an Org-Wide Address requires verification: Salesforce sends a verification email to the address; someone must receive and click the link. Without verification, the address cannot be used as From. This prevents users from configuring addresses they do not actually control. The verification email goes to the proposed address itself; ensure the address is monitored before adding.

Profile restrictions

Each Org-Wide Address has Allowed Profiles configured. Users with allowed profiles see the address in the From dropdown when composing email; other users do not. Use this to restrict billing@ to the finance team, support@ to the support team, etc. Allowing all profiles is the default for less sensitive addresses.

Use across send paths

Org-Wide Addresses can be selected in the email composer, in Apex Messaging.SingleEmailMessage (setOrgWideEmailAddressId), in Workflow Email Alerts, and in Flow Send Email actions. Each path has its own configuration for picking the address. For Email Alerts especially, configuring the Org-Wide Address centralizes the From address rather than relying on individual user addresses.

Reply-To configuration

Some Org-Wide Address configurations allow setting a different Reply-To address. The From is what recipients see; Reply-To is where their replies route. Using a different Reply-To is useful when the sending address is non-monitored (auto-billing@) but replies should go to a monitored inbox (billing-support@).

Compliance and DMARC

Org-Wide Addresses send through Salesforce mail servers. For sends to be accepted by recipient mail systems (and not flagged as spoofed), the sending domain must have proper SPF and DKIM configuration authorizing Salesforce. DMARC policies on the domain need to permit Salesforce-sent mail. Without proper DNS configuration, Org-Wide Addresses may produce deliverability problems.

Special purpose use cases

Beyond user-facing sends, Org-Wide Addresses configure system mail (password resets, license expiration warnings, system notifications). The Special Purpose category lets you specify Salesforce-side mail comes from a branded address. This is appropriate when you want every email from your org to come from a corporate domain rather than @salesforce.com.

Maintenance and verification expiry

Verified Org-Wide Addresses do not expire on a schedule but can become invalid if the underlying email account is decommissioned. Audit periodically: confirm each address is still operational and still a valid send-as option. Pair with monitoring of bounce rates per Org-Wide Address; rising bounces indicate the address or domain has issues.

§ 03

Set up an Organization-Wide Address

Setting up an Org-Wide Address involves DNS verification, profile restriction, and downstream send-path configuration. The steps below cover the full setup.

Identify the address and owner
Decide which shared address to add (billing@, support@, hello@). Confirm someone monitors the inbox to receive verification mail.
Configure DNS for the domain
Set up SPF authorizing Salesforce. Configure DKIM signing through Setup > DKIM Keys. Without proper DNS, sends are flagged.
Open Organization-Wide Addresses
Setup > Email > Organization-Wide Addresses. The page lists current addresses.
Add the address
Click Add. Enter Display Name, Email Address, optional Reply-To. Choose Allowed Profiles. Save.
Verify through the link
Salesforce sends a verification email. Someone with inbox access clicks the link. The address becomes available for use.
Test from a profile-allowed user
Log in as a user with allowed profile. Open the email composer. Confirm the address appears in the From dropdown. Send a test mail to an external address you control.
Configure downstream paths
For Email Alerts using this address, edit the alert to select Org-Wide Address as From. For Apex sends, set setOrgWideEmailAddressId on Messaging.SingleEmailMessage.

Key options

Display Nameremember

Friendly name shown to recipients. Distinct from email address.

Email Addressremember

The actual sending address. Must be verified.

Allowed Profilesremember

Profiles whose users can select this address.

Reply-Toremember

Optional different address for replies.

Special Purposeremember

Use for system-generated mail like password resets.

Gotchas

Verification email goes to the proposed address. Ensure inbox is monitored before adding.
Without SPF and DKIM, sends may be flagged as spoofed. Configure DNS before relying on the address.
Restricting profiles is per address. Users with disallowed profiles do not see the address in the composer.
Org-Wide Address sends still respect Email Delivery Settings access level. Sandbox refresh resets to System Email Only; address sends will fail until reset.
Reply-To redirects replies away from sender mailbox. Use deliberately; accidental Reply-To breaks customer reply flows.

Was this entry helpful?

Help us write better definitions. Quick reactions or detailed edit suggestions.

About the Author

Dipojjal Chakrabarti is a B2C Solution Architect with 29 Salesforce certifications and over 13 years in the Salesforce ecosystem. He runs salesforcedictionary.com to help admins, developers, architects, and cert/interview candidates sharpen their fundamentals. More about Dipojjal.

Test your knowledge

Q1. What is an Organization-Wide Address?

Q2. Why use them?

Q3. What's required before using an organization-wide address?

Discussion

Loading…

Loading discussion…

Back to Dictionary