Create Digital Signature

Secure messages with a digital signature (using S/MIME) in Salesforce Marketing Cloud

In Salesforce Marketing Cloud, you can attach a digital signature to your outbound email messages to provide a layer of security for your subscribers. The digital signature, which includes a secure certificate and a public key, confirms for your recipients that the message to which it is attached originated from you (not from an impostor "spoofing" the message). It also serves as a digital seal that assures recipients that the content of your message was not altered in transit.

Marketing Cloud supports the S/MIME standard for secure certificates used for digitally signing email at Indiana University. You can use IU's InCommon Certificate Manager to create a certificate, and then import that certificate into Marketing Cloud and attach it to a delivery profile for sending digitally signed email.

  1. Create and download your S/MIME certificate; for instructions, see Get an S/MIME certificate for digital email signatures at IU. (Make sure to remember the PIN you create for installing your certificate).
  2. Once your certificate is saved to your workstation, log into Marketing Cloud and select your business unit.
  3. In the Email Studio, click the Admin tab.
  4. In the folder tree, click the + (plus sign) next to Data Management, and then select Key Management.
  5. In the Key Management tool, click Create.
  6. Under "Encryption Type", select the Certificate radio button.

    For 'Encryption Type', select 'Certificate'.

  7. In the "Name" field, enter a name for your certificate.
    If your business unit uses multiple sender profiles, you should give your certificate a name that corresponds to the sender profile with which you intend to use it.
  8. For the "Key" field, click Browse to locate and select the S/MIME certificate saved on your workstation.

    Click 'Browse' to locate and select the S/MIME certificate saved on your workstation.

  9. In the "Passphrase" field, enter the PIN you created for your certificate.
  10. Click Save.
  11. On the Admin tab, under Send Management, select Delivery Profiles, and then click the delivery profile you want to use to send digitally signed email.
  12. Scroll to the bottom of the screen, and then, under "SMIME", click the checkbox to select Include SMIME detached signature using this certificate and use the drop-down list to select your certificate.

    Check the box, and then use the drop-down list to select your certificate

  13. Click Save.
Since the digital signature is intended to confirm who sent an email message, you should create and import a separate certificate for each sender profile your business unit uses. Your "Send From" email address must match the email address attached to your digital signature. Repeat the above steps as needed.