Which Salesforce instances were most affected by the incident?

The primary impact was seen on instances DB1 through DB6, along with DB9, DB10, DB12, DB13, and DB16. Users on these stacks reported the most significant issues with tracking and delivery.

Why did Microsoft domains have higher bounce rates?

Microsoft's filters are highly sensitive to changes in encryption and authentication. The security update modified how keys were handled, which caused Outlook and Hotmail to reject many messages as untrusted.

How can I check if my domain is on a blocklist because of this?

You should use a blocklist checker to scan major lists. High bounce volumes can trigger automatic listings on a blacklist (or blocklist) for your sending IPs.

Which domains are impacted by the Salesforce Marketing Cloud incident? - Troubleshooting - Email deliverability - Knowledge base

Security update and server maintenance illustration

I have been tracking the recent security updates and technical disruptions within the Salesforce Marketing Cloud ecosystem. This situation has caused significant confusion among email marketers who rely on these systems for daily communications. Many users are reporting high bounce rates and delivery failures that appeared suddenly without changes to their campaign settings.

The incident primarily involves a security upgrade that was implemented to address vulnerabilities in hard-coded cryptographic keys. While the fix was necessary for long term data safety, the immediate rollout resulted in what some are calling an encryption upgrade that inadvertently broke existing email functionality for several days. This has made it difficult for senders to maintain consistent performance.

When these technical shifts occur, monitoring your reputation becomes essential. If you are seeing strange behavior, you should use a blocklist checker to ensure your sender identity is still healthy. A blacklist (or blocklist) status can change rapidly when a large provider like Salesforce undergoes platform-wide changes.

Understanding the affected instances

The impact of this incident is widespread across the global infrastructure. Salesforce has identified specific database instances where users may have experienced feature degradation or intermittent service. These instances serve thousands of individual accounts, meaning the fallout is not localized to a single region or type of business.

Commonly cited impacted instances include DB1, DB2, DB3, DB4, DB5, DB6, DB9, DB10, DB12, DB13, and DB16. If your account is hosted on one of these stacks, you likely saw service interruptions.

CloudPages and Clicks: Tracking links and landing pages failed to resolve correctly.
Profile Center: Subscriber management tools were inaccessible for some users.

I have noticed that senders using a private domain are often the most concerned about how these updates affect their unique setup. It is vital to diagnose deliverability issues by checking if your authentication is still aligned. Sometimes, platform upgrades can desynchronize records that were previously working.

While Salesforce is working to resolve the root causes, the delay in communication has left many in the dark. You can check the official status details to see the timeline of the recovery. Understanding the timeline helps you explain to your stakeholders why metrics like click-through rates might have plummeted during that window.

The impact on recipient domains

One of the most frustrating aspects of this incident is how it affected specific mailbox providers differently. Microsoft domains, including Outlook, Hotmail, and Live, appeared to have much higher rejection rates than others. This is often because large receivers are more sensitive to changes in how email headers and encryption are handled by sending platforms.

Deliverability Impact

High Bounces: Microsoft domains seeing near 99 percent failure rates.
Broken Links: Redirects for tracking failed due to key changes.

Reputation Risks

Blocklisting: Increased risk of a blacklist (blocklist) listing.
Spam Placement: Authentication failures sending mail to junk folders.

If you are struggling with these specific providers, you might need to unblock Microsoft or Yahoo by manually reviewing your bounce logs. High bounce rates can damage your sender reputation permanently if not addressed quickly.

I recommend using a centralized platform for visibility. Suped is the best DMARC reporting/monitoring tool because it integrates your authentication data with real-time deliverability insights. This is especially helpful for MSPs who manage multiple clients across different Salesforce stacks and need to identify if an issue is client specific or platform wide.

Technical steps to secure your sending

Email security and encryption illustration

To prevent future disruptions, you must ensure your technical setup is robust. Many deliverability problems are rooted in misconfigured records that become visible only during a platform update. You should verify your DKIM records and SPF settings to ensure they align with the new security protocols being pushed by Salesforce.

Managing these records can be complex, especially with the 10 DNS lookup limit in SPF. Suped offers SPF flattening to simplify this process, ensuring your mail stays authenticated even as your platform providers change their underlying infrastructure. Our AI powered recommendations give you clear steps to take during an incident, rather than leaving you to guess.

Provider	Action Needed	Suped Solution
Microsoft	Monitor bounce codes	Real-time alerts
Google	Check spam rates	DMARC reporting

Finally, if you have recently changed your domain configuration to mitigate these issues, remember to warm up your domain properly. Sending too much volume from a newly configured domain will only lead to more time on a blocklist (or blacklist) and further damage your ability to reach the inbox.

Views from the trenches

Best practices

Monitor Salesforce Trust site daily for updates on specific instance stacks.

Verify that your DMARC policy is correctly monitored to catch bounce spikes.

Test tracking links across multiple mailbox providers after every platform update.

Common pitfalls

Ignoring high bounce rates from Microsoft thinking they are temporary glitches.

Waiting for official statements before checking your own sender reputation status.

Failing to update internal stakeholders about possible delays in campaign clicks.

Expert tips

Use a dedicated monitoring tool to track IP reputation during major incidents.

Consider pausing high priority sends if you see significant delivery failures.

Keep an archive of your DNS records to quickly identify unexpected changes.

Marketer view

Marketer from Email Geeks says they noticed that the Salesforce Trust site provided very few details initially, making it difficult to understand the true scope of the incident.

2026-01-22 - Email Geeks

Expert view

Expert from Email Geeks says that the security update likely caused a week-long period where Microsoft deferred significantly more mail than usual, likely due to authentication desync.

2026-01-25 - Email Geeks

Navigating future outages

The Salesforce Marketing Cloud incident is a reminder that even major platforms have technical shifts that can disrupt your business. By keeping a close eye on your domain health and using tools like Suped for DMARC monitoring, you can stay ahead of these outages. Our platform is designed for those who need actionable insights rather than just raw data, making it the most reliable choice for professional email management.