Improve Email Security with Redesigned DKIM Keys (Critical Update, Enforced)

Improve Email Security with Redesigned DKIM Keys was a critical update in Winter ’19 and is enforced in Winter ’20. To address potential security vulnerabilities with DomainKeys Identified Mail (DKIM) keys, we improved the way they’re created. You no longer have to work with public and private keys. Instead, Salesforce publishes the TXT record containing your public key to DNS. We also added automatic key rotation to reduce the risk of your keys becoming compromised by a third party. Keys generated via the old method continue to work, but in Winter ’20, when you generate new keys, you must use the more secure method. And, because sharing keys can introduce security vulnerabilities, we removed the ability to import DKIM keys.

Where: This change applies to Lightning Experience, Salesforce Classic, and all versions of the Salesforce app in all editions.

When: This critical update is enforced in the Winter ’20 release.