The Big Picture
Salesforce is introducing new rules to protect your data. The most urgent change is Email Domain Verification. You must prove you own your charity’s email address, or your system may stop sending emails to donors and stakeholders entirely.
Looking ahead:
June 2026: Multi-factor authentication (MFA) will be mandatory for all logins.
New Limits: There will be stricter controls on where people can log in from and how much data can be downloaded at once.
Why is Email Verification such a big deal?
It ensures your emails land in a donor’s inbox rather than their spam folder. Proper authorisation (digital "permission") means your newsletters, tax receipts, and fundraising appeals don't go unseen.
Platforms to Watch
You should check any platform that sends email on your behalf. High-priority tools include:
Fundraising Tools: Raisely, Donorbox, or Fundraisin (for tax receipts).
Event Management: Eventbrite or Humanitix (for tickets).
Newsletters: Mailchimp or Campaign Monitor.
CRMs & Apps: Salesforce, Asana, or Slack.
How do I check this?
To verify your emails are being sent correctly, you can:
Use a free service: Send a test email to Mail-Tester or MXToolbox to see if your records are "Passing."
The DIY Check: Open an email sent by your organisation in Gmail. Click the three dots (top right), select "Show original," and ensure SPF, DKIM, and DMARC all show PASS.
How often should I check?
Whenever you add a new tool: Never start sending from a new platform without updating your records first.
Every 6 months: Perform a "health check" to remove old platforms you no longer use.
Quarterly: Review your DMARC reports to ensure no one is trying to spoof your charity's identity.
Who can help me?
We can help you during our next "Ask Us Anything" session. To make changes, you will need access to your Domain Name Settings (DNS). If you aren't sure how to access these, reach out to the person who manages your website or IT.
We have been supporting our customers with these security best practices for years, as they have been recommended but not previously enforced.
However, it always pays to check, and we are always happy to help.
