What are the best practices to implement the email deliverability settings in salesforce?

To improve the deliverability of email you send from Salesforce, configure your organization's email deliverability settings. Email deliverability is the likelihood of a company’s or individual’s email reaching its intended recipient. This likelihood is adversely affected by:

Bounced email
Email that is addressed to an invalid recipient and returned to the sender. If a sender sends several email messages that bounce, the email server might slow or block the delivery of all email from that sender.
Noncompliant email
Email that does not comply with a recipient's email security framework, such as the Sender Policy Framework (SPF), which verifies that the From address in an email message is not forged.

To configure the email deliverability settings for your organization:

• From Setup, enter Deliverability in the Quick Find box, then select Deliverability.
• To control the type of email your organization sends, change the Access level in the Access to Send Email section. You may not be able to edit the Access level if Salesforce has restricted your organization’s ability to change this setting.
  • No access: Prevents all outbound email to and from users.
  • System email only: Allows only automatically generated emails, such as new user and password reset emails.
  • All email: Allows all types of outbound email. Default for new, non-sandbox organizations.
• Select the Activate bounce management checkbox to help ensure that the email addresses you have for your contacts, leads, and person accounts are correct, and that the email your users send to those addresses is not impeded due to excessive email bounces.When bounce management is activated and a user sends an email to a contact, lead, or person account with an invalid email address, Salesforce displays an alert next to that email address and prevents users from sending email to the address until it is updated or confirmed. Also, the email bounces to Salesforce instead of the sender's personal email account.
• Select the Show bounce alert next to all instances of the email address checkbox to configure Salesforce to search all lead, contact, and person account records for instances of any email address that bounces an email and to display a bounce alert next to each instance. If you do not select this option, Salesforce only displays the bounce alert on the record from which the email was originally sent.
• Select the Return bounced email to sender checkbox to configure Salesforce to send a copy of the bounced email header to the sender. If you do not select this option, only Salesforce receives the bounced email header. In either case, for security purposes Salesforce does not return the body of the bounced email to the sender. This option applies to all users in your organization and cannot be enabled per user or per email.
• Select the Enable compliance with standard email security mechanisms checkbox to automatically modify the envelope From address of every email you send from Salesforce to comply with email security frameworks that your recipients might implement, such as SPF.Many recipient email systems enforce SPF to verify whether an email is legitimate. SPF checks the envelope From address of an inbound email to verify legitimacy. If this feature is enabled, Salesforce changes the envelope From address to a Salesforce email address to verify the sender's legitimacy. The header From address remains set to the sender's email address.
• Select the Enable Sender ID compliance checkbox to comply with the Sender ID framework. This will automatically populate the Sender field in the envelope of every email you send from Salesforce with no-reply@Salesforce. This enables receiving mail servers using the Sender ID email authentication protocol to verify the sender of an email by examining the Senderand From headers of an inbound email through a DNS lookup. All replies will still be delivered to the sender's email address. If you do not select this checkbox, the Sender field is set to null and email delivery fails when a recipient email system performs a Sender ID check.
• If you want Salesforce to send users a status email when their mass emails are complete, select Notify sender when mass email completes.
• To specify how Salesforce uses the Transport Layer Security (TLS) protocol for secure email communication for SMTP sessions, choose one of the following:
  • Preferred (default): If the remote server offers TLS, Salesforce upgrades the current SMTP session to use TLS. If TLS is unavailable, Salesforce continues the session without TLS.
  • Required: Salesforce continues the session only if the remote server offers TLS. If TLS is unavailable, Salesforce terminates the session without delivering the email.
  • Preferred Verify: If the remote server offers TLS, Salesforce upgrades the current SMTP session to use TLS. Before the session initiates, Salesforce verifies the certificate is signed by a valid certificate authority, and that the common name presented in the certificate matches the domain or mail exchange of the current connection. If TLS is available but the certificate is not signed or the common name does not match, Salesforce disconnects the session and does not deliver the email. If TLS is unavailable, Salesforce continues the session without TLS.
  • Required Verify: Salesforce continues the session only if the remote server offers TLS, the certificate is signed by a valid certificate authority, and the common name presented in the certificate matches the domain or mail exchange to which Salesforce is connected. If any of these criteria are not met, Salesforce terminates the session without delivering the email.3
• Click Save.