Skip to main content

Verify Your Email Sending Domain in Rethink or Apto

Required to continue sending automated emails after April 27, 2026.

Updated this week

Salesforce is introducing a new security requirement beginning Spring ’26, designed to prevent email spoofing and improve deliverability and security. It ensures that only verified domains can send email from Salesforce.

If your Rethink or Apto org sends automated emails (such as Smart Alerts, workflow notifications, or Action Plan emails), or sends manual emails through the email composer, you must verify your email domain in Salesforce.

If not verified, automated emails sent from Salesforce may stop delivering after April 27, 2026. In addition, when a user tries to send email from an unverified domain, the composer blocks the send and shows this error: Not allowed to send from an unauthorized domain.

This does NOT affect:

  • Emails sent directly from Gmail

  • Emails sent directly from Outlook

  • Einstein Activity Capture emails

Only emails sent through Salesforce are affected.

What You Need to Do

Step 1: Identify Your Email Domain

Look at your email address:

Step 2: Verify Domain in Salesforce

1. In Rethink or Apto, go to Setup > DKIM Keys

2. Create a new DKIM key with the following:

  • 2048-bit: This is typical.

  • Selector: This is simply a name for the DKIM key. You can call it anything up to 62 characters. This becomes part of the record later.

  • Alternate Selector: A backup name for the DKIM key.

  • Domain: The domain name used to send email from Salesforce; for example, if I email from kacey@buildout.com, then my domain would be @buildout.com.

  • Domain Match Pattern: Usually the same as the domain.

Example:

3. Click Save, and in about 15-30 minutes, a DNS record is created. Just go back to the DKIM Key you created and click on the Selector name:

You'll see something like this:

4. If you manage your own domain (e.g., smaller brokerages), add that DNS record in your domain provider (GoDaddy, Google Domains, etc.).

Otherwise, if you have IT folks who manage your domain (e.g. larger brokerages), then simply provide your IT team with the DNS record you created so they can do this part and pass along these full steps from Salesforce.

5. Return to Rethink/Apto and activate the key

For Smaller Brokerages

If you:

  • Own your domain (you pay for it)

  • Use Google Workspace or Microsoft 365

  • Have access to your domain registrar (GoDaddy, Namecheap, Squarespace, etc.)

You can do this yourself in about 10–15 minutes.

You do NOT need:

  • An IT team

  • A developer

  • A consultant

You just need access to:

  • Your Rethink or Apto instance

  • Your domain DNS settings

If you do not manage your domain directly, contact whoever set up your email originally (often the person who set up Google Workspace or Microsoft 365).

Next up:

How to Add the DNS Record to Your Domain Provider Settings

Now that you’ve created a DKIM Key, let’s walk through adding the DNS record. Let’s say you’re a one-person brokerage who uses GoDaddy and has zero IT help. This is the part that sounds scary but really isn’t.

What “Add the DNS Record” Actually Means

Salesforce gives you something that looks like this:

  • Type: CNAME

  • Host / Name: something._domainkey

  • Value / Points To: something.dkim.salesforce.com

  • TTL: 1 hour (or default)

You are simply copying that into GoDaddy.

That’s it. You’re not “coding.” You’re pasting values into fields.

Step-by-Step: GoDaddy Example

Step 1: Log into GoDaddy

  1. Go to godaddy.com

  2. Click Sign In

  3. Go to My Products

  4. Find your domain (ex: yourbrokerage.com)

  5. Click DNS

You’re now in the DNS Management page.

Step 2: Add a New Record

  1. Click Add

  2. Choose:

    • Type: CNAME ---- this is important

Now fill in the fields using what Salesforce gave you:

  • Host: (Paste the DKIM Host value — do NOT include your full domain again)

  • Points To: (Paste the Salesforce value)

  • TTL: Leave default (usually 1 hour)

Click Save

Step 3: Return to Salesforce

  1. Go back to Setup → DKIM Keys

  2. Click Activate

Salesforce will verify it. Sometimes it works instantly. Sometimes DNS takes 5–30 minutes.

If You Use Google Workspace Instead of GoDaddy

Same idea.

  1. Log into domain provider (not Gmail itself)

  2. Go to DNS settings

  3. Add CNAME

  4. Paste values

  5. Activate in Salesforce

What If You Don’t Know Your Domain Login?

This is the most common issue. Log into wherever you pay for your domain.

Usually:

  • GoDaddy

  • Namecheap

  • Squarespace

  • Google Domains

  • Bluehost

If you don’t know:

  • Search your email inbox for “domain renewal”

  • Or check credit card statements

This:

  • Does NOT affect website

  • Does NOT break email

  • Does NOT change Gmail

  • Is safe

  • Is reversible

You’re just proving to Salesforce that you own the domain.

Did this answer your question?