Skip to content

Email Deliverability Setup

VIDEO TRANSCRIPT | Recorded: 2025-08-19 | Verify against current system state

Abstract

Comprehensive walkthrough of email deliverability configuration in Salesforce. Covers DKIM key setup and verification, adding CNAME/TXT records in Cloudflare for amp.org domain, deliverability settings (bounce management, domain verification), organization-wide email addresses (no-reply@amp.org), staff email sending options (Outlook integration vs Salesforce), and experience cloud email templates for password reset and welcome emails. Both staging and production environments are configured.

Key Procedures

  • Navigate to Setup > DKIM keys to create and verify keys
  • Add CNAME and TXT records in Cloudflare for amp.org (not QA subdomain)
  • Set records with no proxy, add tags for identification (DKIM, Salesforce)
  • Verify DKIM keys active using online test tools
  • Configure deliverability settings: uncheck bounce management, enable compliance
  • Check "verify ownership of email sending domains by DKIM keys"
  • Add organization-wide email addresses (no-reply@amp.org) and verify via email
  • Staff can send from verified addresses or their own @amp.org address
  • Configure experience cloud emails via All Sites > Workspaces > Administration > Emails

Notable Statements

  • 0:00:15 "We purchased a product called SAP which provided us a valid setup of DKIM and SPF records."
  • 0:01:12 "I am saying that this Salesforce instance has access to send email on my behalf."
  • 0:03:52 "You're going to want to uncheck those and then verify ownership of email sending domains by DKIM keys."
  • 0:04:07 "If I check it, that means that if someone tries to send an email... and their domain for their email address is amp.org, it's just going to let them do it."
  • 0:05:38 "All of the emails that are coming out of our system through the templates and everything should have an email address of no-reply@amp.org."
  • 0:08:06 "My main concern is the day of go live when we're sending out a ton of emails for the welcome to amp email address with the reset password process."

Systems & Configurations

Systems Mentioned

  • Salesforce Admin (DKIM, Deliverability)
  • Salesforce Marketing Cloud (SAP product)
  • Cloudflare (DNS management)
  • Experience Cloud (D2C store emails)
  • Outlook/Office 365 (optional integration)

Specific Configurations

Item Value/Setting Timestamp Notes
DKIM Location Setup > DKIM Keys 0:01:03 Create and verify
DNS Records amp.org (not QA subdomain) 0:02:15 CNAME and TXT
Cloudflare Tags DKIM, Salesforce 0:02:56 For identification
Proxy Setting No proxy 0:02:59 Required for email
Org-Wide Email no-reply@amp.org 0:05:25 Verified address
Bounce Management Unchecked 0:03:48 Deliverability setting
Domain Verification Checked 0:03:52 Via DKIM keys

Credentials/Access Mentioned

  • Salesforce admin setup access
  • Cloudflare DNS management
  • Email verification for org-wide addresses

Errors & Troubleshooting

  • Issue: DKIM records must be on amp.org, not QA subdomain
  • Cause: Initial search in wrong Cloudflare zone
  • Resolution: Use amp.org zone for all DKIM records

  • Timestamp: 0:02:15

  • Issue: Email templates reverting to projects@i2c

  • Cause: Repos/deployments overwriting from address
  • Resolution: Request I2C to maintain no-reply@amp.org setting
  • Timestamp: 0:09:14

Transcript Gaps & Quality Notes

  • Both staging and production configured and ready
  • Go-live concern: batch welcome emails with password reset
  • Experience cloud email template locations documented
  • Staff can choose Outlook integration or Salesforce sending
  • Online DKIM test kit link to be provided separately