Your Link Has Expired: The Impact of SFMC’s Recent Security Incident
Salesforce Marketing Cloud Security Incident Causes Widespread Email Deliverability Crisis Salesforce Marketing Cloud (SFMC) experienced a major security incident on January 24 that expired all email links generated before January 21, causing severe disruptions across email programs. The incident forced a migration to new authenticated encryption, resulting in links more than double the original length. This triggered DKIM signature failures at Microsoft due to legacy character limit rules, leading to broken unsubscribe links, compliance issues, and massive bounce rate increases. Sender reputations plummeted, with Microsoft inbox placement rates dropping approximately 25% overall, and some SFMC senders experiencing near-zero placement rates. Recovery requires resending critical emails, monitoring DKIM pass rates, testing unsubscribe functionality, and updating systems to handle longer tracking links.
EUM / SES Relevance
Highly relevant to AWS SES as this incident demonstrates critical email authentication and deliverability challenges. SES customers should review their DKIM configuration, bounce handling, and sender reputation monitoring practices to ensure resilience against similar security incidents and authentication failures.
Key Takeaways
- arrow_right_alt SFMC's security fix invalidated all pre-January 21 email links, breaking click-through tracking and unsubscribe functionality for millions of recipients.
- arrow_right_alt New encrypted links exceeded character limits at Microsoft, causing DKIM signature breaks and authentication failures that severely damaged sender reputations.
- arrow_right_alt Email deliverability dropped approximately 25% at Microsoft inboxes, with some SFMC senders experiencing near-zero inbox placement rates immediately after the incident.
- arrow_right_alt Recovery requires resending critical emails, expanding CRM URL fields, testing compliance features, and updating integrations to accommodate longer tracking links.
- arrow_right_alt The incident highlights the importance of monitoring sender reputation metrics and bounce profiles to quickly identify and respond to deliverability issues.