As announced in Winter ’19, to address potential security
vulnerabilities with DomainKeys Identified Mail (DKIM) keys, we improved the way they’re
created. You no longer have to work with public and private keys. Instead, Salesforce
publishes the TXT record containing your public key to DNS. We also added automatic key
rotation to reduce the risk of your keys becoming compromised by a third party. After you
enable this critical update, keys generated via the old method continue to work, but in Winter
’20, you must generate any new keys using the more secure method. And, because sharing keys
can introduce security vulnerabilities, we removed the ability to import DKIM
Where: This change applies to Lightning Experience, Salesforce Classic, and all
versions of the Salesforce app in all editions.
When: This critical update is enforced in the Winter ’20 release. We recently updated
the auto-enforcement date to August 2019 to align with sandbox updates for Winter ’20.
How: Enable this critical update to improve security and make it easier to create and
maintain DKIM keys. From Setup, enter Critical Updates in the Quick
Find box. Then select Critical Updates. For Enable Redesigned
DomainKeys Identified Mail (DKIM) Key Feature with Increased Email Security, click