The Complete Guide to SPF/DKIM/DMARC Setup for Google Workspace Emails

Created On
July 24, 2023
The Complete Guide to SPF/DKIM/DMARC Setup for Google Workspace Emails

Once you have set up the google workspace account for your domain, a few essential steps need to be followed after that. You must ensure that the emails sent from Google Workshop on your domain's behalf, are properly authenticated and trusted. This helps prevent emails from being marked as spam or ending in the recipient's junk folder. 

To achieve this, you need to do three things:

  • Set up SPF (Sender Policy Framework): SPF helps validate that the emails sent from your domain are from authorized servers, reducing the chances of them being flagged as suspicious.
  • Enable DKIM (DomainKeys Identified Mail): DKIM adds a digital signature to your outgoing emails, confirming they are legitimate and haven't been tampered during transmission.
  • Implement DMARC (Domain-based Message Authentication, Reporting, and Conformance): DMARC builds upon SPF and DKIM, allowing you to specify what action should be taken if an email fails authentication. It also provides reports on email activity for your domain, giving you insights into potential issues.

By taking these steps and configuring the appropriate settings in Google Workspace, you can ensure that your emails are properly authenticated and trusted, improving deliverability and enhancing the reputation of your domain's email communication.

Set up SPF for Google Workspace 

An SPF record acts like a special list of approved IP addresses that can send emails on your domain's behalf. Imagine it as a whitelist that contains the names of trusted email senders for your domain. When you send an email, the recipient's server checks this list to see if the IP address sending the email is authorized. The email might be treated as spam or suspicious if it's not on the list. 

Having an SPF record set up protects your domain from being impersonated or "spoofed." It's like having a security guard for your emails, ensuring that only legitimate sources can send messages on your behalf. This reduces the chances of your outgoing emails being marked as spam by the receiving servers, ensuring your communications reach their intended recipients smoothly and safely.

Steps that needed to be followed to authorize Google Workspace hosts to send emails on behalf of your Domain:

  • Login into your Domain’s DNS board 
  • Go to the page where you can update DNS settings on that Domain. 
  • check if a TXT record starting with v=spf1 already exists; if so, the domain already has an SPF record and you need to update it; otherwise, you need to create an SPF record;
  • to update the SPF record, insert an include mechanism right before the terminating mechanism (~all or -all) in the SPF record: For example, if the existing SPF record looks like: v=spf1 a ~all update it to v=spf1 an ~all
  • to create an SPF record, simply create a TXT record with these settings:
  • Host/Name/Alias: @
  • Time to Live (TTL): 3600 or default
  • Content/Value/Answer/Destination: v=spf1 ~all

Once you are done, you can also save the SPF record. To be on the safer side, you can click on save at last to save it, and it will appear within 48 hours.

Set up DKIM for Google Workspace 

When you send an email, your outgoing server adds a special signature to it, like a seal. This signature is unique and based on the content of your email. When the email reaches the recipient's server, it uses a DKIM record, like a decryption key, to open and check that signature.

If everything matches up, it means the email hasn't been altered or tampered with during its journey. It's like a tamper-proof seal that ensures the email's contents remain intact and trustworthy. This way, the recipient can have more confidence that their email is authentic and hasn't been messed with by anyone along the way.

Steps to set up DKIM authentication in Google Workspace

Step 1- Go to Google Admin Console and login to it

Step 2- Click on Apps to go to Apps settings

Step 3- Go to Google Workshop Core Services

Step 4- Click on Gmail

Step 5- Click on Authenticate Email

  • Click on the GENERATE NEW RECORD button to generate a new DKIM record
  • Publish the DKIM record in the DNS; DNS propagation might take up to 1 hour before the record becomes accessible
  • Once the record is accessible, Click on the START AUTHENTICATION button
  • Click SAVE to complete the authentication process

Set up DMARC for Google Workspace: 

Next, we'll set up DMARC to keep an eye on the status of our email authentication. The main goal is to reach a level called "p=reject." Here's why it's important:

  • Preventing email spoofing: When we achieve p=reject, it means we've put strong measures in place to stop others from pretending to send emails from our domain. This reduces the risk of people receiving fake or scam emails that appear to come from us.
  • Improving email delivery: Reaching p=reject helps ensure that legitimate emails we send from our domain have a higher chance of landing in the recipient's inbox. It improves the reliability of our email communication, and our messages won't get lost in spam folders.

So, by setting up DMARC and reaching p=reject, we're making our domain's emails more secure and trustworthy and ensuring that the emails we send are more likely to be delivered directly to the intended recipients.

Step 1: Choose Your Domain

For adding the DMARC record for a domain, first, log into your Google Domains and choose the domain you need to work from the list. 

Step 2: Edit Your Domain’s DNS Server Information

On the left side of the page, you will find a button for “DNS.” Click on this button to edit the server information of your domain. 

Step 3: Edit and Manage Your Records

Once you access your DNS setting, you can easily edit or manage your domain records. It helps you to make any addition to the custom setting to make your DMARC function properly. 

Step 4: Update the DMARC Setting

For the Host Name: “_dmarc” ** Do not add any quotation marks. 

For the Type: “TXT” **Do not add any quotation marks. 

For the Data: “v=DMARC1; p=none; rua=mailto:dmarc-reports@DOMAINNAME" **, The quotation marks will get added automatically. 

Now, click on “Save”

So, now you are done setting up DMARC! Keep an eye on those aggregate reports, and you'll be on your way to even better email authentication and protection for your domain. 

What’s a Rich Text element?

The rich text element allows you to create and format headings, paragraphs, blockquotes, images, and video all in one place instead of having to add and format them individually. Just double-click and easily create content.

  • dfbvrsg
  • svsv

Static and dynamic content editing

A rich text element can be used with static or dynamic content. For static content, just drop it into any page and begin editing. For dynamic content, add a rich text field to any collection and then connect a rich text element to that field in the settings panel. Voila!

How to customize formatting for each rich text

Headings, paragraphs, blockquotes, figures, images, and figure captions can all be styled after a class is added to the rich text element using the "When inside of" nested selector system.

Author’s Details

Tanmay Shukla

Tanmay is a SEO Content Writer at Smartlead. His zeal and enthusiasm in writing led him to the path of being a Content Writer. He has been advancing in this field by possessing more knowledge and skills. His constant endeavor has made him a whiz in SEO, Creative Writing, and driving sales through writing.


Edited by:

Charu Mitra Dubey


Frequently asked questions

General Questions

What are active leads?

Active leads are the contacts you upload in Smartlead, similar to contacts in HubSpot; if you upload 1000 leads to a campaign, they are considered 1000 active leads. If you upload similar leads to a new campaign, they are not considered a “new active lead” as they already exist in our system.

Do you provide mailboxes, or do I need to connect my own?

We don’t offer mailboxes yet. You need to get your own dedicated list of mailboxes using popular providers like Gmail, Outlook, Zoho, and others that exist in the market. Once you get them, follow our detailed guides to connect them quickly.

Do you offer guides and articles on succeeding with cold emails?

Absolutely, one of our most popular guides can be found right here. It's been used by a large percentage of users to go from zero to cold emailing experts. Covering all topics from email infrastructure to copywriting and lead sourcing.

Is another tool needed for warmups?

No, Smartlead has over 200,000 highly reputed mailboxes connected. The advantage you get along with naturalized AI conversations is access to aged domains you will never find in any warmup tool.

What is the API commonly used for?

It is used popularly by agencies to automate their entire lead generation process as well as to connect Smartlead to external tools to push and pull data from. You can also connect to 1000s of apps using Zapier.

What type of businesses sees the most success with Smartlead?

Anyone that can close deals from demos will succeed with Smartlead. It works for Sales companies, Marketing agencies, SaaS businesses, Recruitment, and offline companies (like construction).

Do you provide me with lead sources?

We do not provide you with leads. You will need to use other data providers. These leads can be automatically added to Smartlead using our API or bulk uploaded via our CSV upload system.

Do you integrate with any CRMs?

We're building native integrations with Hubspot, Salesforce, Close, Pipedrive, and many more. The best part, due to our open API and Webhook infrastructure, you can connect to any CRM in the world without an issue.

How many team members can I add?

You can add an unlimited number of team members, as well as assign them roles and authority access.

Do you have custom plans beyond the Pro plan?

Yes, it's common for many people to move to Custom plans after a few weeks. You can view all the options for up to 10M leads on the subscription page once you sign up for free.

Powerful Automated Email Marketing that Drives Sales.

  • All Features Included
  • No Credit Card Required
  • Free Warmup Included