×

Want to Search?

Go here

Switch Language

Nederlands English

Contact Us

Get Help Give feedback

I am a Zivver admin

Configure and manage Zivver

Send and receive secure messages in Salesforce

Introduction

With Zivver, you can send and receive secure messages in Salesforce. This guide explains how to enable sending Zivver messages from Salesforce and how to receive Zivver messages in Salesforce without needing a Zivver client such as the Zivver WebApp or the Zivver Office plugin to decrypt the message.

Warning

Using the Zivver Salesforce integration can impact other Zivver products in use.

  • Your organization needs to use the Zivver Office plugin V4 or higher when using the Zivver Salesforce integration to also send and receive messages from Microsoft Outlook with Inbound Direct Delivery enabled.

Send secure messages

Zivver Encryption Gateway enables your organization to securely send messages from Salesforce. This chapter explains how Zivver Encryption Gateway is implemented in Salesforce.

Requirements

Your organization must meet the following requirements to securely send messages from Salesforce.

  • Salesforce must be able to make an authenticated SMTP connection to smtp.zivver.com:587.
  • A subdomain is available or can be created to send messages from Salesforce.
    Info
    With a subdomain, users can visually choose in Salesforce between sending email and Zivver messages. If you cannot create a subdomain, all messages from Salesforce will be converted to Zivver messages.
    You can use any subdomain of your organization’s domain, for example send.yourcompany.com.
  • Your mail server can send and receive messages for the subdomain mentioned above.
  • The subdomain should be claimed in Zivver.
  • Optional: The subdomain can be added as an alias to a user mailbox or shared mailbox on your mail server.
    Info
    If adding an alias is not possible, a new Zivver account can be created for the subdomain. See the section adding aliases to manually add an account.
Note
Sending secure messages from Salesforce uses organization-wide email addresses. According to the Salesforce documentation, it is currently not possible to send secure messages from scheduled reports, scheduled emails, mail merge emails, list emails, and meeting requests. Refer to the Salesforce documentation for the latest status.

Claim a subdomain in Zivver

Securely sending messages from Salesforce uses a subdomain, for example secure.yourcompany.com or sec.yourcompany.com.

Your organization can choose which subdomain to use, as long as your mail server can send and receive email for this subdomain. This is important because Zivver sends email to the subdomain to inform you when a recipient replies to your message or when a message cannot be delivered.

The subdomain needs to be claimed in Zivver. Follow the steps in the Zivver admin manual to add the subdomain to your Zivver organization.

Add aliases

An address in the new subdomain must be added as an alias to each existing Zivver account that should be able to send Zivver messages via Salesforce.

See the Synctool manual for instructions on how to synchronize aliases for your Zivver organization with the Zivver Synctool. With CloudSync, aliases are automatically synchronized if the domain is claimed. Contact Support if you are having trouble synchronizing aliases with the Synctool or CloudSync.

If it is not possible to add an alias to an existing Zivver account, a new Zivver account can be created for an address in the subdomain. Follow the steps in the Zivver admin manual to create a Zivver account or create a Zivver functional account, and make sure to exclude the added email address in the Synctool profile or in the CloudSync settings. Otherwise, the automated synchronization will block the added account during the next synchronization.

Info
For example, the existing Zivver functional account customerservice@yourcompany.com should have an alias such as customerservice@sec.yourcompany.com. If you cannot configure this on your mail server, then you should create a separate Zivver functional account customerservice@sec.yourcompany.com in the Zivver WebApp.

Set up Encryption Gateway in Zivver

With Zivver Encryption Gateway, third-party applications can set up an SMTP connection with the Zivver SMTP server to submit messages. Follow these steps as a Zivver administrator to generate Zivver SMTP credentials. These credentials are used to authenticate the connection with the Zivver SMTP server.

  1. Log in to the Zivver WebApp.
  2. Click Organization Settings.
  3. Expand Integrations.
  4. Click SMTP credentials.
  5. Click the button.
  6. Enter a description.
    For example: Salesforce.
  7. Click .
    Note
    This data is only shown once. Save it immediately. These credentials authenticate the connection to smtp.zivver.com.
  8. Click .
    Use the generated SMTP credentials in the next section.

Set up an Email Relay in Salesforce

An Email Relay in Salesforce routes outgoing messages from Salesforce to the Zivver SMTP server. Follow these steps to set up the Email Relay.

  1. Go to Salesforce.
  2. Log in as an admin.
  3. Go to Setup.
  4. Go to Quick find.
  5. Search for Email Relays.
  6. Select Email Relays in the search results.
  7. Click Create Email Relay.
  8. Enter smtp.zivver.com for Host.
  9. Select 587 for Port.
  10. Select Required for TLS Setting.
  11. Enable Enable SMTP Auth.
  12. Enter the SMTP username generated in the previous section for Username.
  13. Enter the SMTP password generated in the previous section for Password.
  14. Re-enter the SMTP password in Confirm Password.
  15. Click Save.
    The authenticated SMTP connection from Salesforce to the Zivver SMTP server is now set up.

Set up an Email Domain Filter in Salesforce

Not all outgoing messages from Salesforce need to be routed to the Zivver SMTP server. A filter ensures that only the required messages are routed to smtp.zivver.com. The filtering is based on the sender’s domain. In this case, a subdomain is used as described in the introduction. Follow these steps to set up an Email Domain Filter in Salesforce for this subdomain.

  1. Go to Salesforce.
  2. Log in as an admin.
  3. Go to Setup.
  4. Go to Quick find.
  5. Search for Email Domain Filters.
  6. Select Email Domain Filters in the search results.
  7. Click Create Email Domain Filter.
  8. Remove the * from the Sender Domain field.
  9. Enter the subdomain you want to filter on.
    For example: secure.yourcompany.com.
  10. For Email Relay, select the Email Relay you created in the previous chapter.
  11. Enable Active.
  12. Click Save.
    The Email Domain Filter for the subdomain is now active. Any outgoing message in Salesforce sent from this subdomain will be routed to the Zivver SMTP server.

Add an organization-wide email address in Salesforce

With an Organization-Wide Email Address, you can share a common alias in Salesforce among different users. These users can send an email from their own email address or from an organization-wide email address. We are going to add such an organization-wide email address so users can securely send messages.

Do these steps to create an organization-wide email address in the subdomain, as set up in the previous section Email Domain Filter.

  1. Go to Salesforce.
  2. Log in as an admin.
  3. Go to Setup.
  4. Go to Quick find.
  5. Search for Organization-Wide Email Addresses.
  6. Select Organization-Wide Email Addresses in the search results.
  7. Click Add.
  8. Enter a Displayname.
    For example: [Secure] Contact Center.
  9. Enter an Email address.
    For example: contact@secure.example.com.
  10. Enable one of the following options: Allow All Profiles to Use this From Address or Allow Only Selected Profiles to Use the From Address.
  11. Optional: select which profiles are allowed to send from this email address.
  12. Click Save.
    The organization-wide email address is created and all messages sent from this email address will be routed to the Zivver SMTP Server. Repeat the steps above if more than one organization-wide email address is used to securely send a message.

Send a secure message

The setup is now complete and ready for testing. To test, create a message in Salesforce, select the desired organization-wide email address to send the message from, and send the message.

Verify that the message is received as a Zivver message. If the message does not arrive, or if it is delivered as a regular email, then Zivver Encryption Gateway is not configured correctly. Review the sections above to ensure everything is set up properly.

Receive secure messages

Zivver Inbound Direct Delivery (IDD) enables users in your organization to read a Zivver message directly in Salesforce, without the need to use a Zivver client such as the Zivver WebApp or the Zivver Office plugin.

Inbound Direct Delivery is activated for a domain and affects all Zivver messages received by your organization on that domain. It is common for Zivver messages on a specific domain to be received in both Microsoft Outlook and Salesforce simultaneously. When an unencrypted message is received in Outlook, the Zivver Office plugin will still show the Zivver conversation. If your organization uses the Zivver Outlook Web Access Add-in, note that this Zivver add-in currently cannot display the Zivver conversation when an unencrypted Zivver message is received.

Technical Requirements

Your organization must meet the following requirements to directly read securely received messages in Salesforce:

  • The domain used to receive Zivver messages in Salesforce is claimed in Zivver.
  • The domain used to receive Zivver messages in Salesforce supports DNSSEC.
  • The domain used to receive Zivver messages must support DANE or PKIX.
  • The domain used to receive Zivver messages in Salesforce has Inbound Direct Delivery turned on for every account within your Zivver organization.

Claim a domain in Zivver

To read a Zivver message directly in Salesforce, the domain on which Zivver messages are received must be claimed by your Zivver organization. Verify whether the domain is claimed in Zivver according to the Zivver admin manual.

Check the DNS Settings

With Inbound Direct Delivery in place, Zivver messages are received as unencrypted messages. Therefore, the connection between the Zivver SMTP server and your organization’s email server needs to be secured.

Other email servers can establish a secure connection with your organization’s email server by supporting either DNSSEC on the domain + DANE or DNSSEC on the domain + PKIX.

Check the Zivver DNS Settings page to see which, if any, of the requirements are met by your domain(s).

Read more about DNSSEC in this Cloudflare article on DNSSEC.

Consult your mail server or DNS administrator on how to meet the requirements for a secure connection between Zivver and your organization’s mail server. DNSSEC and DANE are configured outside of, and separately from, Zivver.

Ask Zivver to enable Inbound Direct Delivery

Inbound Direct Delivery is enabled upon request by your organization. Contact support to enable Inbound Direct Delivery.

Note
Request Zivver to enable Inbound Direct Delivery only after completing the previous sections.

Turn Inbound Direct Delivery on

The final step is to toggle Inbound Direct Delivery for the domain claimed by your Zivver organization. Follow the instructions in this article about Inbound Direct Delivery.

Receive a secure message

The setup is now complete and ready for testing. Create a message in Salesforce, select the desired organization-wide email address to send the message from, and send it to an address outside your organization. Once the message is received, reply to it.

Verify that the reply is received in Salesforce and that it can be read. If the reply does not arrive, or if it arrives as an encrypted message, Zivver Inbound Direct Delivery is not configured correctly. Ensure that all instructions in this manual have been followed.

Updated on 2025-11-18