About This Site

Specright utilizes multiple layers (Hardware and Networking, Platform, and Application) to run the Specright Platform. The status of the servers and applications can be found in the following places:
For Salesforce Platform Status

Informational Notices

Salesforce is rolling out a series of security enhancements throughout 2026 to protect against phishing, account takeover, and data exfiltration. Specright is coordinating implementation across customer orgs. Below is a summary of each change, the timeline, and any action that may be required from your team.

For full details, see Salesforce's official summary. For questions or to coordinate implementation, please contact your Specright Customer Success contact.

— — — — —

Email Domain Verification — Active

Salesforce now requires verification of all email-sending domains. Unverified domains are blocked or routed through a generic Salesforce-owned address.

Production enforcement: Phase 1 began April 13, 2026; Phase 2 TBD

Specright has already verified the specright.com sending domain and enabled the substitute email address setting as a safeguard. For customers whose users send emails from your own company domain, the domain must be verified via DKIM (recommended) or the Authorized Email Domains list — both require a DNS record update. Specright has already sent a separate communication on this topic.

— — — — —

Connection Blocking for Anonymizing VPNs, Proxies, and High-Risk IPs — Active since April 24, 2026

Salesforce automatically freezes accounts that connect via anonymizing VPNs, proxies, or high-risk IP addresses. If any of your users are flagged, please coordinate with your IT team to investigate whether the detection is a false positive. Specright will provide additional support as needed.

— — — — —

Login Anomaly Detection — Active since early April 2026

AI-driven detection automatically freezes accounts with abnormal login patterns (location, device, client, timing). If any of your users are flagged, please coordinate with your IT team to investigate whether the detection is a false positive. Specright will provide additional support as needed.

— — — — —

Phishing-Resistant MFA for Privileged Users — Coming July 1, 2026

System Administrators and users with privileged permissions will be required to use phishing-resistant MFA (built-in authenticators or security keys). Standard authenticator apps will no longer qualify for these users.

Sandboxes: Starting June 22, 2026 (~7 day rollout)
Production: Starting July 1, 2026 (~30 day rollout)

Privileged users without registered phishing-resistant MFA will be prompted to configure one at their next login once enforcement begins. If you use SSO, please work with your IT team to verify that your Identity Provider (IdP) transmits phishing-resistant AMR/ACR signals. The "Waive Multi-Factor Authentication for Exempt Users" permission no longer automatically waives MFA after enforcement. If you need to exempt specific users from MFA, please contact Specright — these exemptions now require direct approval from Salesforce.

— — — — —

MFA Enforcement for All Employee Users — Coming July 20, 2026

MFA will be required for all employee users in both production and sandbox orgs.

Sandboxes: Starting June 22, 2026 (~7 day rollout)
Production: Starting July 20, 2026 (~30 day rollout)

MFA is already enabled in production; this enforcement extends the requirement to sandboxes. Users without a registered MFA verifier will be prompted to configure one at their next login once enforcement begins. The "Waive Multi-Factor Authentication for Exempt Users" permission no longer automatically waives MFA after enforcement. If you need to exempt specific users from MFA, please contact Specright — these exemptions now require direct approval from Salesforce.

— — — — —

Step-up Authentication for Report Activities — Coming June 10, 2026

Users will be required to complete an MFA challenge when running or viewing reports, after a configurable cool-down period (default 120 minutes).

Sandboxes: Active since June 3, 2026
Production: Starting June 10, 2026 (~20 day rollout)

Specright can adjust the cool-down period (2–120 minutes) on request.

— — — — —

Step-up Authentication for Anomalous Report Exports — Coming July 13, 2026

When Salesforce's ML-based detection flags anomalous report activity, users will be required to complete an MFA challenge before proceeding.

Sandboxes: Starting June 22, 2026
Production: Starting July 13, 2026

— — — — —

Transaction Security Policy Enhancements (Shield/Event Monitoring only) — Coming July 13, 2026

A new permission is required to manage Transaction Security Policies. A new default policy triggers a step-up MFA challenge for UI report exports exceeding 10,000 records.

Sandboxes: Starting June 22, 2026
Production: Starting July 13, 2026

Specright will audit users currently managing TSPs and assign the new "Modify Transaction Security Policy" permission to authorized users.