My Profile
Sign Out
Tickets
Knowledge Base
Login
Articles in this section
Category / Section
  2. General

Configure domain authentication for Google Workspace

Published:

SPF, DMARC, and DKIM Records Guide for Google Workspace

Domain authentication is critical to ensuring deliverability. Failing to configure these may put your emails at risk of being labeled as spam.

Please note that changes may take up to 24 hours to take effect.


Introduction

This guide provides step-by-step instructions on how to set up SPF, DMARC, and DKIM records for your domain when using Google Workspace. These records help improve email security and ensure that your emails are authenticated and less likely to be marked as spam.

SPF (Sender Policy Framework)

SPF is an email authentication method that specifies which mail servers are allowed to send emails on behalf of your domain. This helps prevent spammers from sending emails with forged From addresses at your domain.

Steps to Set Up SPF for Google Workspace:

  • Log in to your domain registrar or DNS hosting provider.
  • Locate the DNS settings for your domain.
  • Add a new TXT record with the following details:
    • Name/Host: @ or your domain name (e.g., example.com)
    • Value: v=spf1 include:_spf.google.com ~all
    • TTL: 3600 (or default)
  • Save the changes and wait for the DNS to propagate (this can take up to 48 hours).

DKIM (DomainKeys Identified Mail)

DKIM is an email authentication method that allows the receiver to check that an email was indeed sent and authorized by the owner of the domain. This is done by adding a digital signature to the email headers.

Steps to Set Up DKIM for Google Workspace:

  • Log in to your Google Admin Console (admin.google.com).
  • Go to Apps > Google Workspace > Gmail > Authenticate email.
  • Select your domain and click Generate new record.
  • Copy the generated DKIM record (TXT record).
  • Log in to your domain registrar or DNS hosting provider.
  • Add a new TXT record with the following details:
    • Name/Host: google._domainkey
    • Value: Paste the DKIM record provided by Google.
    • TTL: 3600 (or default)
  • Save the changes and return to the Google Admin Console.
  • Click Start Authentication and wait for the DNS to propagate (this can take up to 48 hours).

DMARC 

DMARC is an email authentication protocol that uses SPF and DKIM to determine the authenticity of an email message. It also provides a way for email receivers to report back to the sender about messages that pass or fail DMARC evaluation.

Steps to Set Up DMARC for Google Workspace:

  • Log in to your domain registrar or DNS hosting provider.
  • Locate the DNS settings for your domain.
  • Add a new TXT record with the following details:
    • Name/Host: _dmarc
    • Value: v=DMARC1; p=none; rua=mailto:your_email@example.com
    • TTL: 3600 (or default)
  • Replace your_email@example.com with the email address where you want to receive DMARC reports.
  • Save the changes and wait for the DNS to propagate (this can take up to 48 hours).

Note: The p=none policy means that no action will be taken if an email fails DMARC checks. You can change this to p=quarantine or p=reject once you are confident that your setup is correct.

Conclusion

By setting up SPF, DKIM, and DMARC records for your domain, you can significantly improve the security and deliverability of your emails. These records help prevent email spoofing and phishing attacks, ensuring that your emails are trusted by recipients and less likely to be marked as spam.

If you encounter any issues, refer to Google Workspace's official documentation or contact your DNS provider for assistance.

Access denied
Access denied