The correct answer is B, because:
Salesforce Marketing Cloud uses a Sender Authentication Package (SAP) to establish proper authentication (including setting up DNS entries for SPF, DKIM, and DMARC) for email sending domains.
When NTO wants to send emails from a new domain (comms.nto.com.au), they would need a new SAP to configure authentication correctly for that domain — this ensures deliverability, maintains sender reputation, and complies with anti-spam regulations.
Salesforce official documentation specifies:
"Sender Authentication Package (SAP) includes branding the sending domain, setting up dedicated IP addresses, and configuring authentication protocols like SPF, DKIM, and DMARC.
If you want to send emails from a different domain, you must purchase an additional SAP to configure and authenticate the new sending domain."
(Source: Salesforce Marketing Cloud Sender Authentication Package Guide)
Important SAP Components:
Custom domain for sending (branded domain).
Authenticated email setup (SPF/DKIM/DMARC).
Private tracking domain.
Dedicated subdomain.
Why the other options are incorrect:
❌ A. An additional IP address:
A new IP is not required just because you have a new domain. IPs are more about volume and reputation needs, not domain setup itself.
❌ C. An additional private domain:
A private domain refers to a tracking domain used for link redirection, not sending domain authentication itself.
❌ D. Register the new domain in Setup > From Address Management:
From Address Management is for allowing or restricting sender addresses but does not authenticate the domain for sending.
Additional Salesforce extract:
"When sending from a new domain that is not covered under an existing SAP, you must purchase and implement a new Sender Authentication Package to maintain deliverability and compliance standards."
(Source: Salesforce Marketing Cloud Deliverability Best Practices)
Thus, B is the correct and required action.
Submit