How to Handle Emails trigger from salesforce moving to SPAM folder instead of Inbox

How to Handle Emails which are trigger from salesforce ends up with SPAM folder instead of Inbox

Authentication. Is the mail server that you are using properly authenticated to send mail on your behalf? This involves setting up some technologies such as SPF, DKIM and DMARC. To set this up with Salesforce and your DNS provider and Email Relaying.

If any of your customer reported Emails trigger from salesforce moving to SPAM folder instead of Inbox issue first need to check if the IP’s which is shared by salesforce is whitelisted or not.

https://help.salesforce.com/articleView?id=000003652&type=1

1     
         Email Security filters
     Email Relaying
     Salesforce IP ranges

If you feel all good but still emails moving to spam, you should get the email header for the emails which moved to spam and analyse. In this example I am using Gmail. For this you need to follow below steps to check what went wrong. Collect the email headers for the emails which went into Spam. Follow the below steps to capture email Headers.

- Open an email which landed in Spam

- Click on Show Original

- It will open in new tab

- Download Original OR Copy

- In header itself you can see which got failed, I mean SPF OR DMARC.

Use the following open source tool to analyse.

https://mxtoolbox.com/EmailHeaders.aspx

-        After you click the ‘Analyze Header’ button you It will analyse the header then you could see the results.

-         You need to focus on following header names.

1.     ARC-Authentication-Results

2.     Authentication-Results

3.     Received-SPF

-     

           Most probably you can see DMARC fail else SPF.

      Let’s start with SPF : Configured by Network team at their end

      This helps reduce people using your address as a forged from address.

      Set this up in your DNS you need to create a TXT record.

      The name should be the fully qualified name of your domain and the text part should include:

       “v=spf1 mx include:_spf.salesforce.com ~all”

Let’s Setup DKIM: Will be configured at salesforce side

In Classic Salesforce Setup, enter DKIM in the quick find box and select DKIM Keys under Email Administration.

Click Create A New Key and enter “smail” as the Selector, followed by your email domain and then select Exact domain only as the domain match. Click save

You will now see a Public and a Private Key. Copy the complete text of the Public Key and return to your DNS editor.

Create another TXT record as before. Enter the name as the smail._domainkey.yourdomain

In the text box you should enter “v=DKIM1; k=rsa; t=s; p=” and then paste your entire public key and add a semicolon. Then save the record. Note that the entry is case sensitive and that each parameter is separated by a semicolon and a space. You can check the validity of your new DNS record at: “http://dkimcore.org/c/keycheck“.

Return to Salesforce and the DKIM key record and click Activate. You should see the following message:

DMARC : This is something configured by your net work team at their side not salesforce side

Essentially DMARC tells the Email systems that you are using SPF and/or DKIM and also what to do with messages that fail authentication.

In your DNS editor create a DMARC record. The name of this record is _dmarc.yourdomain

You should configure the following parameters:

In the two email fields you should enter the email address of the person you wish to receive failure reports.

Finally let’s switch it all on and test it.

In Classic Salesforce Setup enter “Deliverability” in the quick find box and open Deliverability under Email Administration. Make sure that “Enable compliance with standard email security mechanisms” and “Enable Sender ID compliance” are both checked.

Email Relays Activation : get the email host from your email relay team and configure in salesforce.

In any case your network / email team is refused to do the DMARC and SPF , then you can proceed with salesforce Email relaying , this will restrict emails not to move to spam.

Classic a Setup|Administer | Email Administration | Email relay Activation

Once email relay is enabled in Salesforce, companies do not necessarily need all the Salesforce Email Deliverability settings located in Setup. Some of these settings modify the envelope-from address of emails sent from Salesforce. The header From address remains set to the sender's email address. The return-path in the headers is also modified. This change in the email headers may affect email delivery to your email server, as the modified return-path includes a Variable Envelope Return Path value (VERP). 

Example of a standard return-path: <name@domain.com> 

Example of a VERP return-path: <name@domain.com__x@x.bnc.salesforce.com> 

Disable the following two email deliverability options when using email relay. 

Make sure to Turn off the following settings:

Navigate to: Setup | Aminister | Email Administration | Deliverability

1. Enable compliance with standard email security mechanisms 

2. Turn off Email Security Compliance (Emails from Salesforce and Email Relays only)

3. Consider turning off Activate Bounce Management 

https://help.salesforce.com/articleView?id=emailadmin_email_relay_considerations.htm&type=5 

test this, you can

Navigate to: Setup |Administer|Email Admninistration|Test Deliverability

You can shoot email from here and now you can see emails in your inbox this time.

That’s all for now!!!