Can Salesforce's shared IP addresses cause my emails to be blocked?

Yes, it is possible. Salesforce uses shared IP addresses for many of its core email services. If other senders on the same shared IP engage in spammy practices, the reputation of that IP can decline, leading to your legitimate emails being blocked or sent to spam folders by mailbox providers. Using a dedicated IP, or a service with a stronger reputation, can help mitigate this.

What role do SPF, DKIM, and DMARC play in Salesforce email deliverability?

SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting, and Conformance) are critical email authentication protocols. Misconfigurations or missing records for these protocols can lead to recipient servers rejecting your emails because they cannot verify their authenticity. Ensuring these are properly set up and aligned with your sending domain is fundamental to email deliverability.

What are the most effective solutions for persistent Salesforce email blocking issues?

Regularly cleaning your email lists, implementing robust email authentication (SPF, DKIM, DMARC), monitoring your domain and IP reputation, and ensuring your email content is relevant and not spammy are essential. For persistent issues, especially for transactional emails, consider integrating a dedicated email service provider with Salesforce for enhanced deliverability and control over your sending reputation.

How do bounce rates affect Salesforce email deliverability?

Bounces occur when an email cannot be delivered. Hard bounces are permanent failures (e.g., invalid email address), while soft bounces are temporary (e.g., full inbox). High bounce rates, particularly hard bounces, signal a poor list quality to mailbox providers and can negatively impact your sender reputation, leading to more blocked emails. Regularly removing hard bounces and addressing soft bounces is crucial.

Can email content itself cause Salesforce emails to be blocked?

Yes, email content can trigger spam filters even if authentication is perfect. Factors like spammy keywords, suspicious links, poor HTML formatting, or a high image-to-text ratio can lead to your emails being flagged and blocked. Personalizing content and ensuring it provides value to the recipient can improve engagement and bypass these filters.

Why are Salesforce emails blocked or refused, and what are potential solutions? - Sender reputation - Email deliverability - Knowledge base

Emails sent from Salesforce, whether from Core Salesforce, Pardot, or Marketing Cloud, are a critical part of many business operations. When these emails are blocked or refused, it can severely impact communication with customers, prospects, and internal teams. This issue often stems from a combination of technical configurations, sender reputation, and recipient filtering policies.

I often see companies struggle with their Salesforce email deliverability, even when sending low volumes of transactional emails. While Salesforce provides a robust platform, the underlying email infrastructure and your sending practices heavily influence whether your messages reach the inbox or end up in a spam folder, or are outright blocked.

Understanding why your Salesforce emails are being blocked or refused is the first step toward finding effective solutions. It involves delving into technical authentication, monitoring your sender reputation, and adapting to the evolving requirements of email service providers (ESPs) and mailbox providers (MBPs).

Authentication and technical misconfigurations

One of the most common reasons Salesforce emails are blocked or refused relates to authentication failures. Email authentication protocols such as SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting, and Conformance) are crucial for verifying that an email genuinely originates from the stated sender and has not been tampered with in transit. Salesforce itself emphasizes the importance of these records for email security.

A misconfigured or missing SPF record means that recipient servers cannot verify that Salesforce is authorized to send emails on behalf of your domain. Similarly, if your DKIM setup is incorrect, the cryptographic signature attached to your emails will fail verification, leading to rejection. DMARC, which builds upon SPF and DKIM, dictates how mailbox providers should handle emails that fail these checks, ranging from monitoring to outright rejection.

Common technical pitfalls

Incorrect SPF record: Not including Salesforce's sending IP addresses or domains in your SPF record, or having multiple SPF records that conflict.
Missing DKIM setup: Failing to generate and publish the correct DKIM keys provided by Salesforce in your DNS.
DMARC policy: Setting a DMARC policy too strictly (e.g., p=reject) without proper SPF/DKIM alignment, causing legitimate emails to be blocked.

Solutions

Verify DNS records: Use a DNS lookup tool to ensure your SPF, DKIM, and DMARC records are correctly published and valid. Ensure Salesforce's sending domains are authorized.
Implement DMARC: Start with a p=none policy to collect DMARC reports and identify authentication issues without impacting delivery. Gradually move to p=quarantine or p=reject only when you are confident in your setup.
Check email headers: Examine the full email headers of a blocked message to identify specific authentication failures (SPF fail, DKIM fail, DMARC fail).

IP and domain reputation issues

Even with perfect authentication, your Salesforce emails can be blocked if your sending IP address or domain has a poor reputation. This is a common issue, especially for companies using shared IP addresses on Salesforce's core platform. If other users on the same shared IP engage in spammy practices, your legitimate emails can suffer, even if your own sending behavior is impeccable. Being on an email blacklist (or blocklist) is a strong indicator of reputation issues.

Poor sending practices from your Salesforce account can also directly harm your domain's reputation. This includes sending to invalid or old email addresses, generating high bounce rates, sending unwanted emails that lead to spam complaints, or sending emails with suspicious content. Mailbox providers, like Barracuda, employ sophisticated content filters to identify and block suspicious messages, impacting your deliverability even for transactional emails.

Salesforce's own deliverability team has to manage the reputation of its shared IPs. While they are highly skilled, the sheer volume and variety of sending practices on shared infrastructure can make it challenging to maintain a consistently high reputation. Recent observations suggest that Salesforce's CSA certification has been partially suspended, indicating ongoing challenges with abuse handling on their platform, which can trickle down and affect all senders.

Even if your technical setup is perfect and your sending reputation is solid, individual recipient servers or internal company filters can block your emails. This often happens due to content issues, such as suspicious links, spammy keywords, or attachments. Organizations frequently employ anti-spam filters or security settings that may block emails originating from external sources, like Salesforce.

Furthermore, recipient-side issues, such as a full inbox, an invalid email address (leading to a hard bounce), or a recipient's specific mail client settings (e.g., Outlook blocking your email), can cause emails to be refused. Salesforce's Marketing Cloud also uses a proprietary database called List Detective to scrub lists, rejecting known bad email addresses or generic ones like admin@ and info@.

In some cases, especially when an organization is sending marketing emails from Salesforce, the issue might be related to permission. Sending to non-opt-in lists, or engaging in cold prospecting, can lead to high spam complaints and blockages. Even transactional emails can be impacted if they share the same sending reputation as problematic marketing sends.

Leveraging external sending services

If you're primarily using Salesforce Core for email sends, especially for transactional emails or low-volume communications, and repeatedly face deliverability challenges despite optimizing your technical setup and content, it might be beneficial to consider an external email sending service. Salesforce Core's shared IP infrastructure can be a contributing factor to blocking issues, as your deliverability is tied to the sending practices of other users on those IPs.

Platforms like Pardot (now Marketing Cloud Account Engagement) or Marketing Cloud, while still part of the Salesforce ecosystem, have dedicated deliverability teams and more sophisticated sending infrastructure designed for high-volume and critical email sends. While they come with a higher cost, their focus on email deliverability can significantly improve your inbox placement rates, especially for important transactional communications.

Alternatively, you could look into integrating a third-party email service provider (ESP) with your Salesforce instance for all outbound emails. This approach allows you to leverage the ESP's dedicated IP addresses, specialized deliverability tools, and expert support, effectively decoupling your email reputation from Salesforce's shared infrastructure. Services like Mailgun, SendGrid, or Postmark are often used for transactional email needs and offer robust APIs for integration.

Salesforce Core vs. External ESP

I often compare using Salesforce Core for email sending to navigating a busy highway where you share lanes with many other drivers, some good, some bad. Your journey's speed and safety depend on everyone else. If others cause accidents or traffic jams, you're delayed, regardless of how well you drive. Conversely, a dedicated ESP is like having your own private road, where you have more control over your journey and less exposure to external risks. While this option offers greater control, it requires careful consideration to resolve deliverability issues. It is important to carefully evaluate your sending volume, budget, and specific deliverability challenges when making this decision.

Solutions and best practices

To effectively resolve Salesforce email blocking issues, I suggest a comprehensive approach that addresses all potential causes. This includes rigorous list hygiene, continuous monitoring of your sending reputation, and adherence to email authentication best practices. Even with perfect authentication, other factors can lead to blocks.

For ongoing monitoring, use tools like DMARC reporting to keep an eye on your authentication results and identify any potential issues early. Regularly check if your domain or sending IP has been placed on a blacklist (or blocklist) using monitoring services. This proactive approach helps in quick detection and remediation.

Finally, ensure your email content is relevant, engaging, and avoids characteristics that might trigger spam filters. Personalization, clear calls to action, and clean HTML can all contribute to better inbox placement. Consistently analyze your email performance metrics, such as open rates, click-through rates, and bounce rates, to identify trends and areas for improvement.

Views from the trenches

Best practices

Maintain a clean email list by regularly removing invalid or inactive addresses to reduce bounce rates.

Implement strong email authentication (SPF, DKIM, DMARC) for your sending domain.

Monitor your domain and IP reputation regularly to detect and address blocklist issues promptly.

Ensure email content is valuable and relevant to recipients, minimizing spam trigger words and excessive links.

Common pitfalls

Relying solely on Salesforce's shared IP space for critical, high-volume sends without external ESP integration.

Neglecting DMARC reporting, missing insights into authentication failures and potential spoofing attempts.

Sending to purchased or unverified email lists, leading to high spam complaints and bounces.

Failing to update DNS records after changes to Salesforce email configuration or domain.

Expert tips

Consider using a dedicated IP address or a third-party email service provider for sensitive or high-volume transactional emails.

Regularly review Salesforce's official documentation and updates on email deliverability.

Engage with your email recipients to encourage positive engagement (opens, replies, clicks), which boosts sender reputation.

Use email logs and bounce reports within Salesforce to diagnose specific delivery failures and address underlying causes.

Expert view

Expert from Email Geeks says that if technical issues like SPF and DKIM have been addressed without success, it is highly probable that the problem is related to sender reputation. Checking whether the client uses shared or dedicated IP addresses for sending emails is crucial to determine if external factors on the IP could be causing issues.

2022-12-02 - Email Geeks

Expert view

Expert from Email Geeks says that emails sent from Salesforce Core often utilize shared infrastructure. This means deliverability issues might stem from the collective sending behavior of all users on that shared IP, rather than isolated problems from a single sender.

2022-12-03 - Email Geeks

Maintaining deliverability

Addressing Salesforce email blocking or refusal requires a multi-faceted approach. It's not just about setting up your DNS records correctly, but also about cultivating a strong sender reputation through consistent, high-quality sending practices. This includes rigorous list management and proactive monitoring of your email deliverability metrics. Many factors contribute to emails landing in spam, not just outright blocking.

By understanding the root causes, from technical misconfigurations to reputation challenges and content filters, you can implement the necessary solutions, whether it's optimizing your existing Salesforce setup or exploring external sending services for more control and improved deliverability. Consistently reviewing how your email lands on a blacklist and what happens when your domain is blocklisted will empower you to maintain strong email deliverability.