function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
philbophilbo 

E-mail sender domain restrictions on SFDC e-mail services

Hey,

 

I have an e-mail service set up, with no restrictions on the source domain (i.e. 'Accept Email From' is blank - it says on the GUI 'All email addresses (subject to security settings)').  I am able to send e-mails to the service's address from my WORK account, but not from my PERSONAL account - the latter bounces, saying '<personalEmailAddr> is not authorized to send emails to this service'.  I would like to understand what it is that is imposing this restriction - some org-level setting presumably. 

 

Our real issue is that we have a client with an automated system that is sending e-mails to this service - and we just discovered that the e-mails have not been processed since around 12 February, both in PROD and in SANDBOX.  Unquestionably the e-mails are being sent and their format is correct - not sure if they're bouncing (client is checking right now).  My current theory is that some security setting changed around that time and now the SFDC e-mail service is no longer accepting e-mails from our client's domain.  I'd like to know how I can confirm/refute this theory.  I haven't found anything helpful in the discussion boards or help pages.....

 

Anybody got any words of wisdom on this?

 

Thanks!

JimRaeJimRae

There are 2 places that the restriction can be set, one on the service, which is probably what you are looking at, and the other is on the inbound email address itself.  This second one is the one that got me.

First look at your email service, the 5th line down should be "Accept Email From", verify this is correct.

Then, goto the email addresses related list, and select "View"

You should see a second "Accept Email From" here that also needs to be set correctly

 

Hope this helps, took me forever to figure this out.

 

 

philbophilbo

Hey,

 

That's a nice catch, and I had not appreciated that there were these two places where valid source domains can be specified.  I added my personal e-mail address to the 'allowed list' and sure enough, I can now send e-mails to the service without having them bounce.

 

Strangely, though, our client's e-mails are still not getting processed by the service.  The only thing I can think of is that these e-mails are coming from an address of the form:  senderApp@app.xyz.com (note - three-component domain).  I have added both 'xyz.com' and 'app.xyz.com' to the 'allowed list' in an effort to get the e-mails processed, but no luck.

 

Could it be possible that e-mails from addresses of this form are not allowed through?  Seems a bit far-fetched, but I can't see what else it could be (assuming the client is indeed sending those e-mails, which it looks like they are).

 

Thanks

JimRaeJimRae

I have not heard of this limitation, but that does not mean it doesn't exist.

I would suggest 3 other things you should do.

 

1) get the bounce message back from your sender so you can evaluate the error.

2) open the service to all addresses to see if they are then allowed through

3) turn on the debug log monitor for the running user of your service, then you should be able to watch the processing and potentially see any errors that are occurring.