Chat +1-888-563-5277 Contact sales

SPF, DKIM, DMARC Setup Guide for Google Workspace

Our informative post will help you find out how you can setup Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM) Signatures and Domain-based Message Authentication, Reporting, and Conformance (DMARC) on your Google Workspace (formerly G Suite) email to eliminate spam from your domain and increase security.

Google requires you to configure the following DNS records for your domain: SPF and DKIM.

SPF Records allow receiving servers to check whether an email with the specified source domain was actually sent from a server authorized by the owner of this domain.

The DKIM adds a digital signature to each message. This allows the receiving server to check if the message has been sent from an authorized sender, faked or changed upon delivery.

How to setup SPF record

In order to authorize Google to send emails on your domain behalf, you will need to create or update your SPF record which includes the following mechanism:

include:_spf.google.com

You can achieve this easily with our SPF Record Generator tool; here are the steps:

  1. Generate a new SPF Record with authorizing Google

SPF-record-Generator-Setup-Guide-for-G-Suite

2. Copy the newly generated SPF Record

3. Update your DNS TXT Record for SPF at your DNS provider (We will show examples with GoDaddy and Cloudflare)

Ex. GoDaddy

GoDaddy-SPF-GSuite-Authentication

Ex. Cloudflare

Cloudflare-SPF-GSuite-Authentication

Click Save.

Important Note: Make sure you don’t create multiple SPF TXT records on one domain. If you do, SPF will return a PermError.

If you are using multiple IPs, ESPs, Third-Party services for your various email strategies, you should include them in a single SPF Record.

E.g v=spf1 ip4:17.67.137.221  include:_spf.google.com include:thirdpartyservice.com ~all

Configuring DKIM for GSuite

3.1 In the Google Admin Console (at admin.google.com).

3.2 Open Apps> G Suite> Gmail.

DKIM-For-GSuite-Google-Authentication

3.3 Click ‘Authenticate Email’.

DKIM-For-GSuite-Google-Authentication

3.4 By default, your main domain is selected. Click on the primary domain name or select another domain where DKIM will be used.

3.5 Click “Generate New Record”.  GSuite DKIM Public Key will be generated for your domain – copy these values.

DKIM-For-GSuite-Google-Authentication-DMARC

3.6 Publish the provided TXT Record into your DNS 

 [selector]._domainkey.yourdomain.com – in this case, google._domainkey.yourdomain.com. 

Ex. Godaddy

DKIM-For-GSuite-Google-Authentication-DMARC-GoDaddy

Ex. Cloudflare

DKIM-For-GSuite-Google-Authentication-DMARC-Cloudflare

3.7 Go to the administrator console and click the ‘Start Authentication’, and you’re all set!

Configuring DMARC Record

To generate a DMARC record for your domain just go to the EasyDMARC DMARC record generator page and create your record: 

dmarc-record-generator

Publish the generated txt record in your DNS. You will start to receive DMARC XML reports during 48 hours. EasyDMARC will analyze your DMARC reports and give you suggestions, alerts and configuration instructions. 

We have a comprehensive guide on how to implement DMARC on EasyDMARC.

Your email system is now secure!

What to do if you click on a phishing link?

What to do if you click on a phishing link?

Phishing scams are extremely widespread these days. This scam consists of hackers tricking users...

Read More
SPF Permerror -  SPF Too Many DNS Lookups

SPF Permerror - SPF Too Many DNS Lookups

"SPF PermError", caused by too many DNS lookups, is a common error detected in...

Read More
Shopify SPF Configuration: Step by Step

Shopify SPF Configuration: Step by Step

Wondering how do you set up SPF record in Shopify? This informative post will...

Read More
×