How to set up Google workspace SPF, DKIM & DMARC
A complete guide on how to set up and configure SPF, DKIM & DMARC for Google workspace.
In this guide, we will go over how to configure and set up SPF, DKIM, and DMARC for your Google workspace and why it is important. We will try to avoid details on how SPF, DKIM & DMARC work but will provide necessary information on how and why to set them up.
Before we start it is important to note that SPF, DKIM, and DMARC are all TXT records on your DNS and hence publicly available. So you wouldn't want to enter any information like a personal email address that you'd otherwise want to keep private.
Why should you set up this?
SPF, DMARC & DKIM are records that are used to validate if emails actually came from you and that they haven't been tampered with.
This publicly announces the IPs allowed to send emails. A way of saying; "email is from me if it was sent from these IPs".
For SPF, create a DNS record pointing to:
v=spf1 include:_spf.google.com ~all
Here is an example, only that this one is for Zoho. It should look like this when you are done. Murlist.com, as in the example below, should be your domain instead.
Domain Key Identified Mail (DKIM) is used to allow the receiver mailbox to verify that the email you sent hasn't been tampered with in any form. This is important in making sure it wasn't maliciously changed in transit. Unlike SPF, DKIM is unique for each account. Chances are you already have this one set up in the initial configurations.
Steps to configure DKIM for Google workspace:
- Locate Gmail under App settings (App settings > Gmail > DKIM authentication)
- Click on "Generate new record"
Then go ahead and add the record in your DNS as a TXT record. Please do note that it might take a while for the changes to propagate.
For DMARC, create a DNS TXT record named
v=DMARC1; p=quarantine; pct=90; sp=none
After saving your changes, do give it some time to propagate and you should be all set now.