By lakshmi.prasath DNS

Google Workspace Email Protection: Setting Up SPF and DKIM

To ensure your emails are authenticated properly and protected against spoofing, follow the steps below to set up SPF and DKIM for your domain using Google Workspace:

SPF:

If you’re using only Google Workspace to send emails
Add the following SPF record to your domain’s DNS settings:

      v=spf1 include:_spf.google.com ~all 

If you have an existing SPF record in your DNS, you need to modify it to include Google Workspace, as shown below:

For Example:

If your current SPF record was 

       v=spf1 include:_spf.mydomain.com ~all 

Your updated SPF record will be

      v=spf1 include:_spf.mydomain.com include:google.com ~all

DKIM:

Step 1: Generate a DKIM key pair

  1. Log in to your Google Admin console with an administrator account.
  2. Navigate to Menu and then Apps > Google Workspace > Gmail
  3. Click Authenticate email.
  4. In the Selected domain menu, Choose the domain where you want to enable DKIM.
  5. Click the Generate New Record button.
  6. Configure your DKIM settings in the Generate New Record box:
    • DKIM key bit length options:
      • 2048(Recommended)—If your domain provider supports 2048-bit keys, select this option. Longer keys are more secure than shorter keys. If you previously used a 1024-bit key, you can switch to a 2048-bit key if your domain provider supports them.
      • 1024—If your domain host doesn’t support 2048-bit keys, select this option.
    • Prefix selector options:
      • The default prefix selector is google. If you are using Google Workspace, this is the recommended option.
      • If you prefer to use a custom selector, you can enter a different prefix in this field.
  7. Click Generate. You’ll see a new TXT record appear with your DKIM information.

Note: It may take up to 48 hours for the Admin console to stop displaying the message “You must update the DNS records for this domain.” If you’ve correctly added the DKIM key to your DNS, you can disregard the message.

8. Copy the DKIM TXT record details shown in the Authenticate email window.

Step 2: Add the DKIM TXT Record to Your DNS

Access your domain’s DNS settings with your domain registrar or DNS hosting provider, then create a new TXT record using the DKIM values you copied in Step 1.

Step 3: Enable and Verify DKIM in Google Admin Console

  1. After adding the DKIM record in your DNS, log in again to the Google Admin console.
  2. Go to Menu > Apps > Google Workspace > Gmail
  3. Click Authenticate email.
  4. In the Selected domain menu, select the domain where you want to turn on DKIM. 
  5. Click Start authentication. Once the setup is verified and active, the status will change to: Authenticating email with DKIM.

Our support team at support@progist.net is ready to assist you with any questions or help you may need regarding the implementation of email standards. Feel free to reach out to us for support!