• volticinc@gmail.com
  • Comments 0
  • 23 Jun 2024

Setting up SPF, DKIM, and DMARC for Google Workspace is crucial to protecting your domain from phishing and spoofing while ensuring legitimate email deliverability. Here’s a step-by-step guide:

1. Setting up SPF (Sender Policy Framework):

  • Step 1: Log in to your domain registrar (where your domain DNS is managed) and open the DNS management section.
  • Step 2: Find your Google Workspace SPF record format:
    • The standard SPF record for Google Workspace is: v=spf1 include:_spf.google.com ~all
  • Step 3: Create or update the TXT record:
    • Add a new TXT record or update your existing one to include Google’s SPF record.
    • Example:
      • Name/Host/Alias: @ or leave blank (for root domain).
      • Type: TXT.
      • TTL: 3600 (or as recommended by your registrar).
      • Value/Text: v=spf1 include:_spf.google.com ~all

2. Setting up DKIM (DomainKeys Identified Mail):

  • Step 1: Log in to the Google Admin console.
  • Step 2: Go to “Apps” > “Google Workspace” > “Gmail” > “Authenticate Email.”
  • Step 3: Choose the domain for DKIM setup, then click “Generate new record.”
    • Select a DKIM key length (1024-bit or 2048-bit is recommended).
    • Generate the DKIM record and note the selector name provided.
  • Step 4: Update DNS records:
    • Log in to your domain registrar and add a new TXT record.
    • Example:
      • Name/Host/Alias: google._domainkey
      • Type: TXT
      • TTL: 3600 (or as recommended by your registrar).
      • Value/Text: The DKIM public key copied from the Google Admin console.
  • Step 5: Return to the Admin console and click “Start authentication.”

3. Setting up DMARC (Domain-based Message Authentication, Reporting, and Conformance):

  • Step 1: Create a DMARC policy using this standard format: v=DMARC1; p=quarantine; rua=mailto:youremail@example.com;
    • v: Protocol version.
    • p: Policy (none, quarantine, or reject).
    • rua: Aggregate report email address.
  • Step 2: Add the DMARC policy as a TXT record in the DNS:
    • Example:
      • Name/Host/Alias: _dmarc
      • Type: TXT
      • TTL: 3600 (or as recommended by your registrar).
      • Value/Text: Replace the email address with your own: v=DMARC1; p=quarantine; rua=mailto:dmarc-reports@example.com;

After setting up SPF, DKIM, and DMARC, it’s advisable to monitor email performance and DMARC reports. This will help ensure proper setup and uncover potential issues or unauthorized email activity.

Blog Shape Image Blog Shape Image

Leave a Reply

Your email address will not be published. Required fields are marked *



Click one of our contacts below to chat on WhatsApp

× How can I help you?