How to set up SPF, DKIM and DMARC for Google

Post by
Lara Bingel
How to set up SPF, DKIM and DMARC for Google

Get more responses from your prospects. Make more sales.
Get Started for Free Today

How to set up SPF, DKIM and DMARC for Google

This is a guide on how to set up DNS records SPF, DKIM and DMARC when using google as an email service provider.

When you send emails, mailbox providers (such as Gmail, Outlook, AOL and Yahoo) need to identify whether the message is a legitimate email sent from the owner of the domain name or email address, or a forged email sent by a spammer or phisher.

There are three established methods used to verify a sender's identity. These are SPF, DKIM, and DMARC. We recommend setting up these email authentication methods for several reasons.

The most common reasons are:
  • Improve your deliverability by authenticating your emails properly. Email providers are much less likely to send emails to spam if they are properly authenticated
  • Build a reputation as an email sender on your own domain name. DKIM authentication in particular helps build your reputation as an email sender.
  • Enforce stricter security on your domain name. Authentication standards such as DMARC help protect your domain name from fraudulent use by spammers and phishers who want to hurt your reputation or scam your customers.

SPF - Sender Policy Framework

SPF (Sender Policy Framework) records are TXT records on your domain that authorize certain servers to send mail using your domain name.

  • Sign into your domain management account on your domain host's site
  • This can be GoDaddy, Cloudflare, Namecheap, etc. Or whichever provider you purchased your domain from
  • Navigate to the page for updating your domain’s DNS records
  • It should be called DNS Management, Name Server Management, or Advanced Settings
  • Create a new TXT record with these values:
  • Name/Host/Alias - Enter @ or leave blank
  • Other DNS records for your domain might indicate the correct entry.
  • Time to Live (TTL) - Enter 3600 or leave the default.
  • Value/Answer/Destination - Enter v=spf1 ~all.
  • This can take up to 48 hours to take effect.

Adding a SPF TXT record in Namecheap

DKIM - Domain Key Identified Mail

DKIM (Domain Keys Identified Mail) is essentially a signature any sender can apply to their email messages. This signature makes clear that the purported sender of the message is actually the sender of the message. Any domain can be used as the signature. For example at mailivery we sign our messages with the domain to confirm that the message was actually sent by mailivery.

  • sLog into your Google Admin dashboard under:
  • In the navigation menu on the left hand side: Menu > Apps > GSuite > Gmail > Authenticate email
  • Generate a DKIM Key
  • Create a DNS TXT Record with the DKIM Key generated in the previous step.
  • Again go to your domain provider (GoDaddy, Cloudflare, Namecheap, etc.)
  • After creating the DNS TXT Record in your domain with the DKIM key, you can start authenticating

Generate your DKIM record and add it to your domain registrar

DMARC - Domain-based Message Authentication, Reporting, and Conformance

DMARC (Domain-based Message Authentication, Reporting & Conformance) is a standard that builds on top of SPF and DKIM. It allows the domain owner to create a policy that tells email service providers (such as Google or Microsoft) what to do if email fails SPF and DKIM checks. 

  • Go to your domain manager. Find DNS Management or Settings.
  • Add this TXT Record to your DNS:
  • Host Name: _dmarc
  • VALUE (with email): v=DMARC1; p=quarantine; rua=mailto:{email}; pct=90; sp=none
  • The email version will send reports to the email you entered
  • You can also create a record without the email for reports:
  • VALUE (no email): v=DMARC1; p=quarantine;  pct=90; sp=none
  • If you're struggling with creating your DMARC Record, you can use this DMARC record generator:

Adding a DMARC record in Namecheap

Don't Land In Spam.
Make more sales.
Get Started Today For Free.