That’s why experts suggest configuring SPF, DKIM, and DMARC records in Google Workspace, and this guide explains the steps for that.
Setting Up SPF For Google Workspace
An SPF record contains a list of allowlisted IP addresses and mail servers that send emails on your behalf. Here are steps to add SPF for your domain in Google Workspace:
- Create an SPF record and incorporate the ‘include:_spf.google.com’ mechanism.
- Copy your newly generated SPF record.
- Add the newly generated SPF record to your DNS provider.
That’s it, and you are done.
Also, if multiple IP ranges, ESPs, or third parties are involved in your email infrastructure, include them in the same record to avoid errors.
Setting Up DKIM For Google Workspace
Visit the Google Admin Console and follow these steps:
- Select ‘Apps.’
- Select ‘G Suite.’
- Select ‘Gmail.’
- Go to ‘Authenticate email (set up email authentication (DKIM)).
- Select the domain for which you want to set up DKIM.
- Next, select ‘Generate New Record,’ and you will get the GSuite DKIM Public key. Copy the key value. Please ensure that you choose a DKIM key length of 1024-bit or higher. Shorter keys are more prone to exploitation.
- Publish the provided TXT Record into your DNS.
- Lastly, navigate to the administrator console and select ‘Start Authentication.’
Setting Up DMARC For Google Workspace
After successfully integrating SPF and DKIM into your Google Workspace, the next step in enhancing your email security involves setting up Gmail DMARC. Configuring the Gmail DMARC record is a crucial procedure in this process.
To begin with, use an online DMARC record generator to produce a DMARC record and publish it in your DNS. You can start with the ‘none’ or ‘quarantine’ policy and aim to move to the ‘reject’ policy to receive the maximum benefits of email security through SPF, DKIM, and DMARC.
Image sourced from spamresource.com
A domain protected with a ‘DMARC reject policy’ is safe from email spoofing and has a good email deliverability rate, which means legitimate emails from your domain are more likely to reach the inbox instead of getting marked as rejected or spam.
Although using ‘ruf’ and ‘rua’ tags in your DMARC record to receive forensic and aggregate reports isn’t mandatory, we highly encourage this practice. DMARC reports tell you if an illegitimate entity is exploiting your domain or if some of your legitimate emails are experiencing false positives.
Book a demo with us and get started. One of our security consultants will get in touch with you via email in one business day. Till then, feel free to read our reviews.