Improve Email Security with Redesigned DKIM Keys (Previously Released Critical Update)

As announced in Winter ’19, to address potential security vulnerabilities with DomainKeys Identified Mail (DKIM) keys, we improved the way they’re created. You no longer have to work with public and private keys. Instead, Salesforce publishes the TXT record containing your public key to DNS. We also added automatic key rotation to reduce the risk of your keys becoming compromised by a third party. After you enable this critical update, keys generated via the old method continue to work, but in Winter ’20, you must generate any new keys using the more secure method. And, because sharing keys can introduce security vulnerabilities, we removed the ability to import DKIM keys.

Where: This change applies to Lightning Experience, Salesforce Classic, and all versions of the Salesforce app in all editions.

When: This critical update is enforced in the Winter ’20 release. We recently updated the auto-enforcement date to August 2019 to align with sandbox updates for Winter ’20.

How: Enable this critical update to improve security and make it easier to create and maintain DKIM keys. From Setup, enter Critical Updates in the Quick Find box. Then select Critical Updates. For Enable Redesigned DomainKeys Identified Mail (DKIM) Key Feature with Increased Email Security, click Activate.