Emails from salesforce.com are being flagged by Email Impersonation Control (EIC)
search cancel

Emails from salesforce.com are being flagged by Email Impersonation Control (EIC)

book

Article ID: 175411

calendar_today

Updated On:

Products

Email Security.cloud

Issue/Introduction

Emails coming from Salesforce.com are being flagged by Email Impersonation Control (EIC) despite having "salesforce.com" in the Approved Senders domain list.

 

Environment

Note that while this article specifically targets "salesforce.com" emails, the concept holds true for any mass-mailing platform.

Cause

All entries in the Email Impersonation Control (EIC) Approved Senders lists are taken literally. An entry of "salesforce.com" would only include "salesforce.com" and not include subdomains, such the ones used by the Salesforce mailing platform (for example, *@devs00x00chv00h0.eyl0go.0r-fltveai.ca00.bnc.salesforce.com). The Approved Senders list also do not accept wildcard entries.

Resolution

In order to allow salesforce.com emails to bypass Email Impersonation Control (EIC), use the sending IP ranges as opposed to the domain or email address.

As of the time of posting, a list of IP ranges used by Salesforce can be found at their support page "What are the Salesforce IP Addresses & Domains to whitelist?" under the section Email Security Filters. You can also use the new Hyperforce IP ranges from your hyperforce portal here.

The Approved Senders list will accept IP ranges in CIDR notation (eg. 192.0.2.1/24).