Set up email authentication
Tip: set up email authentication to help protect your organization from spoofing, and prevent outgoing messages from being sent to spam. For More information , go to
Set up SPF
- Identify Your Sending Sources: List all IP addresses and domains that send email on behalf of your domain.
- Create SPF Record: Formulate an SPF record. It typically looks like this:
v=spf1 include:_spf.google.com ~all - Add SPF Record to DNS: Go to your domain’s DNS settings and add a new TXT record with your SPF information.
Example for Google Workspace:
Name/Host/Alias: @ or leave it blank (depends on your DNS host)
Type: TXT
Value: v=spf1 include:_spf.google.com ~all
Set up DKIM:
- Access Admin Console: Log in to Google Admin Console (admin.google.com).
- Navigate to DKIM: Go to Apps > Google Workspace > Gmail > Authenticate email.
- Generate DKIM Key: Select your domain and click on “Generate new record”. Choose the DKIM key bit length (2048 bits recommended).
- Add DKIM Record to DNS: Copy the generated TXT record and add it to your domain’s DNS settings.
Example
Name/Host/Alias: ‘google._domainkey’
Type: TXT
Value: (The key provided by Google) - Start Authenticating: Return to the Google Admin Console and click “Start authentication”.
Set up DMARC:
- Create DMARC Policy: Formulate a DMARC record. It typically looks like this
v=DMARC1; p=none; rua=mailto:your-email@yourdomain.com; ruf=mailto:your-email@yourdomain.com; sp=none; aspf=r; adkim=r;
Adjust the policy (p=none, p=quarantine, p=reject) based on your preference. - Add DMARC Record to DNS: Go to your domain’s DNS settings and add a new TXT record with your DMARC information.
Example
Name/Host/Alias: _dmarc
Type: TXT
Value: ‘v=DMARC1; p=quarantine; rua=mailto:your-email@yourdomain.com;’
