· Salesforce Guide · 3 min read
Salesforce Email Domain Verification- What You Need to Know for March 2026
If your organization sends emails through Salesforce using a custom domain, upcoming domain verification requirements could stop your emails from being delivered unless you act before the deadlines.
Salesforce Email Domain Verification: What You Need to Know Before March 2026
If your organization sends emails through Salesforce using a custom domain, there’s an important deadline coming up — and missing it means your emails won’t be delivered.
What’s Changing?
Starting March 9, 2026, Salesforce is requiring all organizations to verify ownership of any email domain used to send mail through the platform. This is a security measure to prevent unauthorized use of email domains.
The good news: if you’re sending from common public email domains like gmail.com or outlook.com, you’re not affected. This also has no impact on emails sent through Gmail and Office 365 integrations, other email integrations, or Salesforce Einstein Activity Capture (EAC).
Who Does This Affect?
This change impacts anyone sending emails in Salesforce from a custom domain — for example, @yourcompany.com. If that sounds like you, action is required before the deadlines below.
Key Deadlines
| Situation | Deadline |
|---|---|
| New domains in existing orgs | Immediately (March 9, 2026+) |
| All domains in new orgs & sandboxes | Immediately (March 9, 2026+) |
| Existing sandbox domains | March 30, 2026 |
| Existing production org domains | April 27, 2026 |
Salesforce recommends verifying your domains as soon as possible, even if your deadline is further out.
How to Verify Your Domain
Verification requires a small update to your domain’s DNS records — something your IT team or email server administrator can typically handle in minutes. There are two methods:
Option 1: DKIM (DomainKeys Identified Mail)
Set up a DKIM key through Salesforce. This adds a DNS record that proves Salesforce is authorized to send email on your domain’s behalf. Follow the setup process in Salesforce Help.
Option 2: Authorized Email Domains
Verify your domain ownership directly through Salesforce’s Authorized Email Domains process. Once verified, any user with an email address on that domain can send through Salesforce. Follow the steps in Salesforce Help.
What Happens If You Don’t Act?
Simple: emails sent from unverified domains will not be delivered. There are no exceptions for custom domains once the deadlines pass.
Note that individual user-level email address verification remains mandatory as well — that requirement hasn’t changed.
Action Checklist
- Identify all custom domains your org uses to send email through Salesforce. You can identify which are in use by running a report on outbound email messages and checking the From Address.
- Determine which method you’ll use: DKIM or Authorized Email Domains
- Loop in your IT team or DNS administrator
- Complete DNS record updates before your applicable deadline
- Verify the patch version for your org via Salesforce Trust Status
Bottom Line
This is a straightforward but time-sensitive task. The technical lift is small — a single DNS record update — but the consequences of missing the deadline are significant. Don’t wait until April to start the conversation with your IT team.
