How to set up SPF, DKIM and DMARC - A Complete Guide to Follow in 2024

Created On:
July 24, 2023
Updated On:
June 6, 2024

Once you have set up the google workspace account for your domain, a few essential steps need to be followed after that. You must ensure that the emails sent from Google Workshop on your domain's behalf, are properly authenticated and trusted. This helps prevent emails from being marked as spam or ending in the recipient's junk folder. 

To achieve this, you need to do three things:

  • Set up SPF (Sender Policy Framework): SPF helps validate that the emails sent from your domain are from authorized servers, reducing the chances of them being flagged as suspicious.
  • Enable DKIM (DomainKeys Identified Mail): DKIM adds a digital signature to your outgoing emails, confirming they are legitimate and haven't been tampered during transmission.
  • Implement DMARC (Domain-based Message Authentication, Reporting, and Conformance): DMARC builds upon SPF and DKIM, allowing you to specify what action should be taken if an email fails authentication. It also provides reports on email activity for your domain, giving you insights into potential issues.
SPF/DKIM/DMARC setup of google

By taking these steps and configuring the appropriate settings in Google Workspace, you can ensure that your emails are properly authenticated and trusted, improving deliverability and enhancing the reputation of your domain's email communication.

What is SPF?

Sender Policy Framework (SPF) is an email authentication protocol designed to detect and block email spoofing by providing a mechanism to allow receiving mail exchangers to verify that incoming mail from a domain comes from an IP Address authorized by that domain's administrators.

How Does SPF Work?

SPF works by adding a specific record to your Domain Name System (DNS) settings. This record lists the mail servers that are authorized to send emails on behalf of your domain. When an email is sent, the recipient's mail server checks the SPF record to ensure the email came from an authorized server.

How to Set Up SPF for Google Workspace?

To set up SPF for Google Workspace:

  1. Sign in to the management console for your domain provider.
  2. Locate the page where you update your domain's DNS records.
  3. Add a TXT record with the value: v=spf1 ~all.
  4. Save your changes.

Set up SPF for Google Workspace 

An SPF record acts like a special list of approved IP addresses that can send emails on your domain's behalf. Imagine it as a whitelist that contains the names of trusted email senders for your domain. When you send an email, the recipient's server checks this list to see if the IP address sending the email is authorized. The email might be treated as spam or suspicious if it's not on the list. 

Having an SPF record set up protects your domain from being impersonated or "spoofed." It's like having a security guard for your emails, ensuring that only legitimate sources can send messages on your behalf. This reduces the chances of your outgoing emails being marked as spam by the receiving servers, ensuring your communications reach their intended recipients smoothly and safely.

Steps that needed to be followed to authorize Google Workspace hosts to send emails on behalf of your Domain:

  • Login into your Domain’s DNS board 
  • Go to the page where you can update DNS settings on that Domain. 
  • check if a TXT record starting with v=spf1 already exists; if so, the domain already has an SPF record and you need to update it; otherwise, you need to create an SPF record;
  • to update the SPF record, insert an include mechanism right before the terminating mechanism (~all or -all) in the SPF record: For example, if the existing SPF record looks like: v=spf1 a ~all update it to v=spf1 an ~all
  • to create an SPF record, simply create a TXT record with these settings:
  • Host/Name/Alias: @
  • Time to Live (TTL): 3600 or default
  • Content/Value/Answer/Destination: v=spf1 ~all

Once you are done, you can also save the SPF record. To be on the safer side, you can click on save at last to save it, and it will appear within 48 hours.

What is DKIM?

DomainKeys Identified Mail (DKIM) is another email authentication method that allows the receiver to check if the email was indeed sent and authorized by the owner of that domain.

How Does DKIM Work?

DKIM works by adding a digital signature to the headers of an email message. This signature is generated using a private key that only the sender knows. The recipient then uses a public key, published in the sender's DNS records, to verify the signature and validate the email.

How to Set up DKIM for Google Workspace 

When you send an email, your outgoing server adds a special signature to it, like a seal. This signature is unique and based on the content of your email. When the email reaches the recipient's server, it uses a DKIM record, like a decryption key, to open and check that signature.

If everything matches up, it means the email hasn't been altered or tampered with during its journey. It's like a tamper-proof seal that ensures the email's contents remain intact and trustworthy. This way, the recipient can have more confidence that their email is authentic and hasn't been messed with by anyone along the way.

Steps to set up DKIM authentication in Google Workspace

Step 1- Go to Google Admin Console and login to it

google  SPF/DKIM/DMARC  settings

Step 2- Click on Apps to go to Apps settings

settings of SPF/DKIM/DMARC in google workspace

Step 3- Go to Google Workshop Core Services

workspace settings of SPF/DKIM/DMARC

Step 4- Click on Gmail


Step 5- Click on Authenticate Email

SPF/DKIM/DMARC  authentication google
  • Click on the GENERATE NEW RECORD button to generate a new DKIM record
  • Publish the DKIM record in the DNS; DNS propagation might take up to 1 hour before the record becomes accessible
  • Once the record is accessible, Click on the START AUTHENTICATION button
  • Click SAVE to complete the authentication process

What is DMARC?

Domain-based Message Authentication, Reporting & Conformance (DMARC) is an email authentication protocol that uses SPF and DKIM to detect email spoofing. It allows the sender to specify how to handle emails that fail SPF or DKIM checks.

How Does DMARC Work?

DMARC works by adding a DMARC policy to your DNS records. This policy tells receiving mail servers what to do if an email fails SPF or DKIM checks, such as reject the email or send a report.

How to Set up DMARC for Google Workspace: 

Next, we'll set up DMARC to keep an eye on the status of our email authentication. The main goal is to reach a level called "p=reject." Here's why it's important:

  • Preventing email spoofing: When we achieve p=reject, it means we've put strong measures in place to stop others from pretending to send emails from our domain. This reduces the risk of people receiving fake or scam emails that appear to come from us.
  • Improving email delivery: Reaching p=reject helps ensure that legitimate emails we send from our domain have a higher chance of landing in the recipient's inbox. It improves the reliability of our email communication, and our messages won't get lost in spam folders.

So, by setting up DMARC and reaching p=reject, we're making our domain's emails more secure and trustworthy and ensuring that the emails we send are more likely to be delivered directly to the intended recipients.


Step 1: Choose Your Domain

SPF/DKIM/DMARC  domain settings

For adding the DMARC record for a domain, first, log into your Google Domains and choose the domain you need to work from the list. 

Step 2: Edit Your Domain’s DNS Server Information


On the left side of the page, you will find a button for “DNS.” Click on this button to edit the server information of your domain. 

Step 3: Edit and Manage Your Records

SPF/DKIM/DMARC  domain configuration

Once you access your DNS setting, you can easily edit or manage your domain records. It helps you to make any addition to the custom setting to make your DMARC function properly. 

Step 4: Update the DMARC Setting

For the Host Name: “_dmarc” ** Do not add any quotation marks. 

For the Type: “TXT” **Do not add any quotation marks. 

For the Data: “v=DMARC1; p=none; rua=mailto:dmarc-reports@DOMAINNAME" **, The quotation marks will get added automatically. 

Now, click on “Save”

So, now you are done setting up DMARC! Keep an eye on those aggregate reports, and you'll be on your way to even better email authentication and protection for your domain. 

Why Do You Need SPF, DMARC, and DKIM Authenticators for Your Email?

SPF, DMARC, and DKIM authenticators are essential for protecting your email from spoofing and phishing attacks. They help verify that an email claiming to be from your domain truly is from your domain, increasing confidence in your emails and reducing the likelihood of them being marked as spam.

What are the Benefits of Having These Authenticators?

Having SPF, DMARC, and DKIM authenticators can:

  1. Increase email deliverability: Emails that pass authentication checks are less likely to be marked as spam.
  2. Protect your domain reputation: Prevents scammers from sending emails that appear to be from your domain.
  3. Provide visibility: DMARC reports allow you to see who is sending email from your domain.

Frequently Asked Questions

1. How can I troubleshoot DKIM authentication issues in Google Workspace if the email fails to authenticate?

If your emails fail to authenticate with DKIM, check that you have correctly added the DKIM record to your DNS settings. If the problem persists, it may be necessary to regenerate your DKIM keys in Google Workspace.

2. How often should I review and update my SPF, DKIM, and DMARC settings to maintain email security?

It's a good practice to review your SPF, DKIM, and DMARC settings at least twice a year. However, if you make significant changes to your email infrastructure or notice a sudden increase in email delivery issues, you should review them immediately.

3. Can I have multiple SPF records for my domain, and how does it affect email authentication?

Having multiple SPF records for a single domain can cause authentication issues and is against the SPF specification. Instead, you should have a single SPF record that includes all authorized mail servers.

4. What are the best practices for managing SPF records to avoid exceeding the DNS lookup limit?

To avoid exceeding the SPF DNS lookup limit:

  1. Consolidate your SPF records into one.
  2. Remove any unnecessary IP addresses or domains.
  3. Use the 'include' mechanism sparingly.

5. How can I ensure that my email forwarding practices do not interfere with SPF, DKIM, and DMARC checks?

For forwarded emails, SPF checks will fail because the recipient's server is not listed in the sender's SPF record. To prevent this, you can use Sender Rewriting Scheme (SRS) which rewrites the sender address in forwarded emails. DKIM should pass as long as the email headers are not modified during forwarding. For DMARC to pass, either SPF or DKIM (or both) need to pass, so if DKIM is passing, DMARC should also pass.

What’s a Rich Text element?

The rich text element allows you to create and format headings, paragraphs, blockquotes, images, and video all in one place instead of having to add and format them individually. Just double-click and easily create content.

  • dfbvrsg
  • svsv

Static and dynamic content editing

A rich text element can be used with static or dynamic content. For static content, just drop it into any page and begin editing. For dynamic content, add a rich text field to any collection and then connect a rich text element to that field in the settings panel. Voila!

How to customize formatting for each rich text

Headings, paragraphs, blockquotes, figures, images, and figure captions can all be styled after a class is added to the rich text element using the "When inside of" nested selector system.

Author’s Details

Tanmay Shukla

Tanmay is a SEO Content Writer at Smartlead. His zeal and enthusiasm in writing led him to the path of being a Content Writer. He has been advancing in this field by possessing more knowledge and skills. His constant endeavor has made him a whiz in SEO, Creative Writing, and driving sales through writing.


Edited by:

Charu Mitra Dubey


People will also read

Frequently asked questions

General Questions

What is Smartlead's cold email outreach software?

Email automation FAQs- Smartlead

Smartlead's cold email outreach tool helps businesses scale their outreach efforts seamlessly. With unlimited mailboxes, fully automated email warmup functionality, a multi-channel infrastructure, and a user-friendly unibox, it empowers users to manage their entire revenue cycle in one place. Whether you're looking to streamline cold email campaigns with automated email warmups, personalization fields, automated mailbox rotation, easy integrations, and spintax, improve productivity, or enhance scalability with subsequences based on lead’s intentions, automated replies, and full white-label experience, our cold email tool implifies it in a single solution.

What is Smartlead, and how can it enhance my cold email campaigns?

Email automation FAQs- Smartlead

Smartlead is a robust cold emailing software designed to transform cold emails into reliable revenue streams. Trusted by over 31,000 businesses, Smartlead excels in email deliverability, lead generation, cold email automation, and sales outreach. A unified master inbox streamlines communication management, while built-in email verification reduces bounce rates.
Additionally, Smartlead offers essential tools such as CNAME, SPF Checker, DMARC Checker, Email Verifier, Blacklist Check Tool, and Email Bounce Rate Calculator for optimizing email performance. 

How does the "unlimited mailboxes" feature benefit me?

Email automation FAQs- Smartlead

Our "unlimited mailboxes" feature allows you to expand your email communications without restrictions imposed by a mailbox limit. This means you won't be constrained by artificial caps on the number of mailboxes you can connect and use. This feature makes Smartlead the best cold email software and empowers you to reach a wider audience, engage with more potential customers, and manage diverse email campaigns effectively.

How does Smartlead as a cold emailing tool can automate the cold email process?

Email automation FAQs- Smartlead

Smartlead’s robust cold email API and automation infrastructure streamline outbound communication by transforming the campaign creation and management processes. It seamlessly integrates data across software systems using APIs and webhooks, adjusts settings, and leverages AI for personalised content.

The cold emailing tool categorises lead intent, offers comprehensive email management with automated notifications, and integrates smoothly with CRMs like Zapier, Make, N8N, HubSpot, Salesforce, and Pipedrive. Smartlead supports scalable outreach by rapidly adding mailboxes and drip-feeding leads into active campaigns Sign Up Now!

What do you mean by "unibox to handle your entire revenue cycle"?

Email automation FAQs- Smartlead

The "unibox" is one of the unique features of Smartlead cold email outreach tool, and it's a game-changer when it comes to managing your revenue cycle. The master inbox or the unibox consolidates all your outreach channels, responses, sales follow-ups, and conversions into one centralized, user-friendly mailbox.

With the "unibox," you gain the ability to:
1. Focus on closing deals: You can now say goodbye to the hassle of logging into multiple mailboxes to search for replies. The "unibox" streamlines your sales communication, allowing you to focus on what matters most—closing deals.

2. Centralized lead management: All your leads are managed from one central location, simplifying lead tracking and response management. This ensures you take advantage of every opportunity and efficiently engage with your prospects.

3. Maintain context: The "unibox" provides a 360-degree view of all your customer messages, allowing you to maintain context and deliver more personalized and effective responses.

How does Smartlead ensure my emails don't land in the spam folder?

Email automation FAQs- Smartlead

Smartlead, the best cold email marketing tool, ensures your emails reach the intended recipients' primary inbox rather than the spam folder. 

Here's how it works:
1. Our "unlimited warmups" feature is designed to build and maintain a healthy sending reputation for your cold email outreach. Instead of sending a large volume of emails all at once, which can trigger spam filters, we gradually ramp up your sending volume. This gradual approach, combined with positive email interactions, helps boost your email deliverability rates.

2. We deploy high-deliverability IP servers specific to each campaign. 

3. The ‘Warmup’ feature replicates humanized email sending patterns, spintax, and smart replies.
4. By establishing a positive sender reputation and gradually increasing the number of sent emails, Smartlead minimizes the risk of your emails being flagged as spam. This way, you can be confident that your messages will consistently land in the primary inbox, increasing the likelihood of engagement and successful communication with your recipients.

Can Smartlead help improve my email deliverability rates?

Email automation FAQs- Smartlead

Yes, our cold emailing software is designed to significantly improve your email deliverability rates. It enhances email deliverability through AI-powered email warmups across providers, unique IP rotating for each campaign, and dynamic ESP matching.
Real-time AI learning refines strategies based on performance, optimizing deliverability without manual adjustments. Smartlead's advanced features and strategies are designed to improve email deliverability rates, making it a robust choice for enhancing cold email campaign success.

What features does Smartlead offer for cold email personalisation?

Email automation FAQs- Smartlead

Smartlead enhances cold email personalisation through advanced AI-driven capabilities and strategic integrations. Partnered with Clay, The cold remaining software facilitates efficient lead list building, enrichment from over 50 data providers, and real-time scraping for precise targeting. Hyper-personalised cold emails crafted in Clay seamlessly integrate with Smartlead campaigns.

Moreover, Smartlead employs humanised, natural email interactions and smart replies to boost engagement and response rates. Additionally, the SmartAI Bot creates persona-specific, high-converting sales copy. Also you can create persona-specific, high-converting sales copy using SmartAI Bot. You can train the AI bot to achieve 100% categorisation accuracy, optimising engagement and conversion rates.

Can I integrate Smartlead with other tools I'm using?

Email automation FAQs- Smartlead

Certainly, Smartlead cold email tool is designed for seamless integration with a wide range of tools and platforms. Smartlead offers integration with HubSpot, Salesforce, Pipedrive, Clay, Listkit, and more. You can leverage webhooks and APIs to integrate the tools you use. Try Now!

Email automation FAQs- Smartlead

Is Smartlead suitable for both small businesses and large enterprises?

Smartlead accommodates both small businesses and large enterprises with flexible pricing and comprehensive features. The Basic Plan at $39/month suits small businesses and solopreneurs, offering 2000 active leads and 6000 monthly emails, alongside essential tools like unlimited email warm-up and detailed analytics.

Marketers and growing businesses benefit from the Pro Plan ($94/month), with 30000 active leads and 150000 monthly emails, plus a custom CRM and active support. Lead generation agencies and large enterprises can opt for the Custom Plan ($174/month), providing up to 12 million active lead credits and 60 million emails, with advanced CRM integration and customisation options.

Email automation FAQs- Smartlead

What type of businesses sees the most success with Smartlead?

No, there are no limitations on the number of channels you can utilize with Smartlead. Our cold email tool offers a multi-channel infrastructure designed to be limitless, allowing you to reach potential customers through multiple avenues without constraints.

This flexibility empowers you to diversify your cold email outreach efforts, connect with your audience through various communication channels, and increase your chances of conversion. Whether email, social media, SMS, or other communication methods, Smartlead's multi-channel capabilities ensure you can choose the channels that best align with your outreach strategy and business goals. This way, you can engage with your prospects effectively and maximize the impact of your email outreach.

Email automation FAQs- Smartlead

How can Smartlead integrate with my existing CRM and other tools?

Smartlead is the cold emailing tool that facilitates seamless integration with existing CRM systems and other tools through robust webhook and API infrastructure. This setup ensures real-time data synchronisation and automated processes without manual intervention. Integration platforms like Zapier, Make, and N8N enable effortless data exchange between Smartlead and various applications, supporting tasks such as lead information syncing and campaign status updates. Additionally, it offers native integrations with major CRM platforms like HubSpot, Salesforce, and Pipedrive, enhancing overall lead management capabilities and workflow efficiency. Try Now!

Email automation FAQs- Smartlead

Do you provide me with lead sources?

No. Smartlead distinguishes itself from other cold email outreach software by focusing on limitless scalability and seamless integration. While many similar tools restrict your outreach capabilities, Smartlead offers a different approach.

Here's what makes us uniquely the best cold email software:

1. Unlimited Mailboxes: In contrast to platforms that limit mailbox usage, Smartlead provides unlimited mailboxes. This means you can expand your outreach without any arbitrary constraints.

2. Unique IP Servers: Smartlead offers unique IP servers for every campaign it sends out. 

3. Sender Reputation Protection: Smartlead protects your sender reputation by auto-moving emails from spam folders to the primary inbox. This tool uses unique identifiers to cloak all warmup emails from being recognized by automation parsers. 

4. Automated Warmup: Smartlead’s warmup functionality enhances your sender reputation and improves email deliverability by maintaining humanised email sending patterns and ramping up the sending volume. 

Email automation FAQs- Smartlead

How secure is my data with Smartlead?

Ensuring the security of your data is Smartlead's utmost priority. We implement robust encryption methods and stringent security measures to guarantee the continuous protection of your information. Your data's safety is paramount to us, and we are always dedicated to upholding the highest standards of security.

How can I get started with Smartlead?

Email automation FAQs- Smartlead

Getting started with Smartlead is straightforward! Just head over to our sign-up page and follow our easy step-by-step guide. If you ever have any questions or need assistance, our round-the-clock support team is ready to help, standing by to provide you with any assistance you may require. Sign Up Now!

How can I reach the Smartlead team?

Email automation FAQs- Smartlead

We're here to assist you! You can easily get in touch with our dedicated support team on chat. We strive to provide a response within 24 hours to address any inquiries or concerns you may have. You can also reach out to us at

Powerful Automated Email Marketing that Drives Sales.

  • All Features Included
  • No Credit Card Required
  • Free Warmup Included