Friday, December 13, 2024
How to Set Up Your DKIM, SPF and DMARC
This guide will help you set up email authentication for your domain to improve deliverability and protect against spoofing. The steps below are specifically for Google Workspace users, but we've included links to Office 365 guides as well.
Note: These instructions are tailored for Google Workspace users. If you use a different provider, please check their documentation for specific setup instructions.
Setting Up DKIM (DomainKeys Identified Mail)
- Log in to admin.google.com
- Navigate to Menu > Apps > Google Workspace > Gmail > Authenticate Email
- Generate a DKIM key
- Add a DNS TXT record with the generated key at your domain provider (e.g., GoDaddy, Squarespace)
Resources:
Setting Up SPF (Sender Policy Framework)
- Access your domain provider's DNS management settings
- Look for existing SPF records (starting with
v=spf1...
) - If no SPF record exists, add a new TXT record:
- Name:
@
- Value for Google Workspace:
v=spf1 include:_spf.google.com ~all
- Value for Office 365:
v=spf1 include:spf.protection.outlook.com -all
Resources:
Setting Up DMARC (Domain-based Message Authentication)
- Access your domain provider's DNS management settings
- Add a new TXT record with:
- Host Name:
_dmarc
- Value:
v=DMARC1; p=none; rua=mailto:[email protected];
Important: Replace
[email protected]
with your actual email address where you want to receive DMARC reports
Resources:
Important Notes
- Always verify the specific requirements and values with your domain and email provider before making any DNS changes
- DNS changes can take up to 48 hours to propagate fully
- Start with DMARC policy
p=none
to monitor without affecting email delivery, then gradually move to stricter policies - Keep your authentication records up to date as you add or change email sending services