Email Admin Settings
Email Administration in Salesforce represents an organization’s email administration settings, including email deliverability, security compliance, relay configurations, and system notifications.
This governs how outbound emails are handled across your org. These include default behaviors like:
Compliance features (like bounce management and logging)
TLS settings
Mail Server Management
Footers, headers, and more
With Salesforce, you will not be able to deploy this setting as part of your package.xml. It will have to be a manual deployment. To avoid this, AutoRABIT has an ‘EmailAdminSettings’ option under ‘Manage Email Administration Deliverability’ – this allows users to manage email administration settings as follows:
Access to Send Email - This setting applies to production and sandboxes. The values can be one of:
No access—Allows only password reset emails. Prevents all other outbound email to and from users.
System email only—Allows only automatically generated emails, such as new user and password reset emails.
All email—Allows all types of outbound email. Default for new orgs that aren’t sandboxes.
TLS Setting – This setting configures your TLS for outbound emails. The values include:
Preferred—If the message transfer agent (MTA) advertises TLS and a common cipher can be negotiated, TLS is used. If TLS can’t be negotiated, the email is delivered unencrypted. This setting is the default.
Required—If TLS can’t be negotiated or a common cipher can’t be agreed on, the email bounces back to the originator.
Preferred Verify—If the MTA advertises TLS, a common cipher can be negotiated, and Salesforce can verify the receiver, TLS is used. Verification means that a valid certificate authority has signed the receiver’s certificate and the hostname in the certificate matches the host to which we connected. If TLS can’t be negotiated or the verification fails, the email is delivered unencrypted.
Required Verify—If TLS can’t be negotiated, a common cipher can’t be agreed on, or the sender can’t be verified, the email bounces back to the originator. Verification means that a valid certificate authority has signed the receiver’s certificate and the hostname in the certificate matches the host to which we connected.
Restrict TLS To These Domains - To enable this preference, you must specify a TLS Setting other than ‘Preferred’ and provide the comma-separated list of domains through Domains Name in ARM. When this field is set to true, any domains not in the list use the system default TLS Setting of ‘Preferred’.
Note – With ‘TLS Setting’ set to ‘Preferred’, the option of ‘Restrict TLS to these domains’ should not be selected in ARM. If it is, ARM will throw an error during the deployment.
Domains Name – With TLS Setting set to anything other than ‘Preferred’, you can provide a list of domains that should adhere to the TLS Setting configured from earlier.
Last updated
Was this helpful?