Salesforce

Send and receive secure messages in Salesforce

Introduction

With Zivver you can send and receive secure messages in Salesforce. This guide explains how to enable sending Zivver messages from Salesforce and how to receive Zivver messages in Salesforce without the need to use a Zivver client such as the Zivver WebApp or Zivver Office Plugin to decrypt the message.

Using the Zivver Salesforce integration could impact other Zivver products being used.

  • Your organization needs to use the Zivver Office plugin V4 or higher when using the Zivver Salesforce integration to also send and receive messages from Microsoft Outlook with Inbound Direct Delivery enabled.

Send secure messages

Zivver Mail Submission enables your organization to securely send messages from Salesforce. This chapter explains how Zivver Mail Submission is implemented in Salesforce.

Requirements

Your organization must meet the following requirements to securely send messages from Salesforce.

  • Salesforce must be able to make an authenticated SMTP connection with smtp.zivver.com:587.
  • A subdomain is available or can be created to send messages from Salesforce.

    With a subdomain users can visually choose in Salesforce between sending email and Zivver messages. If you cannot create a subdomain, all the messages from Salesforce will be converted to Zivver messages.
    You can use any subdomain of your organization’s domain, for example send.yourcompany.com.
  • Your mail server can send and receive messages from the subdomain mentioned above.

  • The subdomain should be claimed in Zivver.

  • OPTIONAL: The subdomain can be added as an alias to a user mailbox or shared mailbox at your mail server.

    If adding an alias is not possible, a new Zivver account can be created for the subdomain. See the section adding aliases to manually add an account.
Sending secure messages from Salesforce uses organization-wide email addresses. According to Salesforce documentation it is currently not possible to send secure messages from scheduled reports, scheduled emails, mail merge emails, list emails and meeting requests. Refer to the Salesforce documentation for the latest status.

Claim a subdomain in Zivver

Securely sending messages from Salesforce makes use of a subdomain, for example as secure.yourcompany.com or sec.yourcompany.com.

Your organization can choose which subdomain is going to be used. As long as the mail server of your organization can send and receive email from this subdomain. This is important as Zivver sends you email on the subdomain to inform you that the recipient replied to your message or if the message couldn’t be delivered to the recipient.

The subdomain needs to be claimed in Zivver. Do the steps in the Zivver admin manual to add the subdomain to your Zivver organization.

Add aliases

An address in the new subdomain should be added as an alias to each existing Zivver account which should to be able to send Zivver messages via Salesforce.

See the SyncTool manual on how to synchronize aliases for your Zivver organization or contact Support if you are having trouble synchronizing aliases with the SyncTool.

If it is not possible to add an alias to an existing Zivver account, a new Zivver account can be created for an address in the subdomain. Do the steps in the Zivver admin manual to create a Zivver account or create a Zivver functional account and make sure to exclude the added email address in the SyncTool profile. Otherwise the automated synchronization will block the added account during the next synchronization.

For example existing Zivver functional account customerservice@yourcompany.com should have an alias like customerservice@sec.yourcompany.com. If you can’t set it up like this at your mail server, then you should create a separate Zivver functional account customerservice@sec.yourcompany.com in the Zivver WebApp.

Set up Mail Submission in Zivver

With Zivver Mail Submission third-party applications can set up an SMTP Connection with the Zivver SMTP Server to submit messages. Do these steps as a Zivver administrator to generate Zivver SMTP credentials. These credentials will be used to authenticate the connection with the Zivver SMTP Server.

  1. Go to the Zivver Webapp.
  2. Log in as an admin.
  3. Go to the Organization Settings.
  4. Go to Mail submission.
  5. Click Generate.
  6. Enter a description.
    For example: Salesforce.
  7. Click on Generate.

    This data is only shown once. Save it immediately. These credentials are used to authenticate the connection to smtp.zivver.com.

  8. Click CLOSE.
    Use the generated SMTP credentials in the next section.

Set up an Email Relay in Salesforce

An Email Relay in Salesforce routes outgoing messages from Salesforce to the Zivver SMTP Server. Do these steps to set up this Email Relay.

  1. Go to Salesforce.
  2. Log in as an admin.
  3. Go to Setup.
  4. Go to Quick find.
  5. Search for Email Relays.
  6. Select Email Relays in the search results.
  7. Click Create Email Relay.
  8. Enter for Host smtp.zivver.com.
  9. Select port 587.
  10. Select for TLS Setting required.
  11. Enable the option Enable SMTP Auth.
  12. Enter for Username the SMTP Username generated in the previous section.
  13. Enter for Password the SMTP Password generated in the previous section.
  14. Enter again the SMTP Password in Confirm Password.
  15. Click Save.
    The authenticated SMTP Connection from Salesforce to the Zivver SMTP Server is now set up.

Set up an Email Domain Filter in Salesforce

Not all outgoing messages from Salesforce need to be routed to the Zivver SMTP Server. Therefore a filter will make sure that only the required messages are routed to smtp.zivver.com. The filtering is done based on the domain of the sender. In this case, we make use of a subdomain as described in the introduction. Do these steps to set up an Email Domain Filter in Salesforce for this subdomain.

  1. Go to Salesforce.
  2. Log in as an admin.
  3. Go to Setup.
  4. Go to Quick find.
  5. Search for Email Domain Filters.
  6. Select Email Domain Filters in the search results.
  7. Click Create Email Domain Filter.
  8. Remove the * in the Sender Domain field.
  9. Enter the subdomain for which you want to filter on.
    For example: secure.yourcompany.com.
  10. For Email Relay select the Email Relay that you have created in the previous chapter.
  11. Enable the option Active.
  12. Click Save.
    The Email Domain Filter for the subdomain is now active. Any outgoing message in Salesforce that is sent from this subdomain will be routed to the Zivver SMTP Server.

Add an organization-wide email address in Salesforce

With an Organization-Wide Email Address, you can share a common alias in Salesforce among different users. These users can send an email from their own email address or from an organization-wide email address. We are going to add such an organization-wide email address so users can securely send messages.

Do these steps to create an organization-wide email address in the subdomain, as set up in the previous section Email Domain Filter.

  1. Go to Salesforce.
  2. Log in as an admin.
  3. Go to Setup.
  4. Go to Quick find.
  5. Search for Organization-Wide Addresses.
  6. Select Organization-Wide Addresses in the search results.
  7. Click Add.
  8. Enter a name.
    For example: [Secure] Contact Center.
  9. Enter an email address.
    For example: contact@secure.example.com.
  10. Enable one of the following options: Allow All Profiles to Use this From Address or Allow Only Selected Profiles to Use the From Address.
  11. OPTIONAL: select which profiles are allowed to send from this email address.
  12. Click Save.
    The organization-wide email address is created and all messages sent from this email address will be routed to the Zivver SMTP Server. Repeat the steps above if more than one organization-wide email address is used to securely send a message.

Send a secure message

The setup is now completed and ready for testing. To test, create a message in Salesforce, select the desired organization-wide email address to send the message from and send the message.

Check that the message is received as a Zivver message. If the message does not arrive or if an email is delivered, then Zivver Mail Submission is not implemented correctly. Review the sections above to verify everything is configured correctly.

Receive secure messages

Zivver Inbound Direct Delivery enables users in your organization to read a Zivver message directly in Salesforce, without the need to use a Zivver client such as the Zivver Webapp or the Zivver Office plugin.

Inbound Direct Delivery is activated for a domain and effects all Zivver messages that are received by your organization on that domain. It is common that Zivver messages on a specific domain are received in both Microsoft Outlook and Salesforce at the same time. When an unencrypted message is received in Outlook, the Zivver Office plugin will still show the Zivver conversation. If your organization does use Zivver Outlook Web Access Add-in, note that this Zivver add-in currently cannot display the Zivver conversation, when an unencrypted Zivver message is received.

Technical Requirements

Your organization must meet the following requirements to directly read secure received messages in Salesforce.

  • The domain used to receive Zivver messages in Salesforce is claimed in Zivver.
  • The domain used to receive Zivver messages in Salesforce offers DNSSEC for the domain.
  • The domain used to receive Zivver messages must support DANE or PKIX.
  • The domain used to receive Zivver messages in Salesforce has Inbound Direct Delivery turned on for every account within your Zivver organization.

Claim a domain in Zivver

To be able to read a Zivver message directly in Salesforce, the domain on which Zivver messages are received must be claimed by your Zivver organization. Check if the domain is claimed in Zivver according to the Zivver admin manual.

Check the DNS Settings

With Inbound Direct Delivery in place, Zivver messages are received as unencrypted messages. For this reason, the connection made between the Zivver SMTP Server and the email server of your organization needs to be secured.

Other email servers can make a secure connection with the email server of your organization by offering both DNSSEC on domain + DANE or DNSSEC on domain + PKIX.

Check the Zivver DNS Settings page to see which, if any, of the requirements are met by your domain(s).

Read more about DNSSEC in this Cloudflare article on DNSSEC.

Speak to your mail server or DNS administrator on how to fulfil the requirements for a secure connection between ZIVVER and the mail server of your organization. DNSSEC and DANE are configured outside of and separately from Zivver.

Ask Zivver to enable Inbound Direct Delivery

Currently Inbound Direct Delivery is enabled on request by your organization. Contact support to enable Inbound Direct Delivery.

Request Zivver to enable Inbound Direct Delivery only after the previous sections have been completed.

Turn Inbound Direct Delivery on

The last step is toggle Inbound Direct Delivery for the domain that is claimed by your Zivver organization. Do the instructions in this article about inbound direct delivery.

Receive a secure message

The setup is now completed and can be tested. Create a message in Salesforce, select the desired organization-wide email address to send the message from, and send the message to an address outside of your organization. Once received, reply to that message.

Verify that the reply is received in Salesforce and that the message can be read. If the reply does not arrive or if the reply arrives as an encrypted message, then Zivver Inbound Direct Delivery is not implemented correctly. Make sure that you did all the instructions in this manual.