Home > Digital Marketing > How to Set up SPF, DKIM, and DMARC for Google Workspace (Formerly Gsuite)

How to Set up SPF, DKIM, and DMARC for Google Workspace (Formerly Gsuite)

google workspace setup and configuration d3e0821d

Google Workspace, formerly known as Gsuite is undoubtedly a popular ESP that businesses worldwide use to send emails. However, in order to include Google as a legitimate sending source for your emails and enable DKIM signing for outgoing emails, you need to set up SPF and DKIM respectively. Moreover, you need to configure a mechanism that would help receiving MTAs understand how to respond to emails failing authentication and protect against spoofing attacks. This is where DMARC steps in. Let’s get started with setting up the protocols for your domain and how to setup google DMARC.  

Google Workspace (Gsuite) SPF Setup

The question might arise, why do you need SPF authentication for Google Workspace? The answer is simple. Receiving MTAs perform DNS lookups to validate sending sources during email delivery. If you include google as an authorized sending source in your SPF record, legitimate emails wouldn’t fail authentication checks and your deliverability rate will consequently improve. 


In order to set up SPF for Google Workspace, follow the steps given below: 

  • Login to your DNS provider’s management console 

  • Navigate to the DNS records section to add/modify your SPF TXT record 

  • If you don’t have an SPF record (a record that would start with v=spf1) then add a new one with the following syntax: 

v=spf1 include:_spf.google.com -all  

Else, you can modify your existing SPF record to include google in the following way: 

Previous SPF record: v=spf1 mx -all 

Optimized SPF record: v=spf1 mx include:_spf.google.com -all


Note: while publishing the record, use TXT as your resource type, TTL value as 3600 (or keep as default), and @ as your Host/Name/Alias. Then enter your SPF record value in the Value field. 

  • Click on Save and wait for 24-48 hours to allow your DNS to process these changes and enable SPF configuration for Google Workspace. This will help receiving servers mark emails sent using it as authentic. 


If you use a variety of cloud services in your organization to send emails, you can exceed the SPF 10 lookup limit easily and break SPF. Stay under the limit with dynamic SPF flattening. 

Google Workspace (Gsuite) DKIM Setup

DKIM makes use of technology that encrypts your emails with a private key (an arbitrary hash value or cryptographic signature) that is matched with a public key residing in the DNS of your domain during authentication. It is a useful protocol that helps in verification during exceptional cases like email forwarding or sending emails using mailing lists, in which case SPF fails. 

  • Login to Google Admin Console 

  • Click on Apps > App Settings > Google Workplace Core Services 

  • Click on Gmail and select Authenticate email from the list

  • On the authenticate email page, select your domain from the drop-down list and click on the Generate New Record button 

JB6nwnymzDiiSaW h2rGvxG4pQnExwj4N3L6QAT4GQfthm2pevFwCX21 W3EORB4TTjBGJfMrzrm2QnuV1MeCh

  • Google will generate your DKIM CNAME records which you then need to publish in your domain’s DNS

  • After your records have been processed by your DNS (it may take some time) head back to Google Admin Console, click on Start Authentication. Save changes to the process to enable DKIM authentication. 

Why Do You Still Need DMARC for Google Workspace (Gsuite)? 

SwDWVCQZbM ifQZFUbZLydzH8ND GH057Az7uSRHN0QrSDlM2hUQnT9Du0G 5mK3XKzXJDoLwiSpCl9Pf05ZFQrlJ6CgKZjKDvFChZd0N41n H8zcIygPBktGH1DY9prsTanRU

SPF and DKIM are useful mechanisms to verify the identity of your senders. But without a DMARC record, your domain is still unprotected from spoofing and phishing attacks. DMARC helps align email headers to not only ensure that your emails are legitimate but also specifies to email receiving servers how to treat emails that fail verification. Based on the DMARC policy you have configured for your domain, you can either let illegitimate emails be delivered, quarantined, or rejected by your recipients. 


Additionally, DMARC dispenses a reporting mechanism. DMARC reporting allows you to view your authentication results and track down malicious IP addresses that may be trying to forge your domain. You also gain enhanced visibility on all your email channels and how your emails are performing. 


To add to this, PowerDMARC provides domain owners with human-readable formats of DMARC aggregate (RUA) reports, parsing the details into rows and columns, and filtering data to display results with our DMARC report analyzer

  • Per sending source

  • Per organization

  • Per host 

  • Per result 

  • Per country 

  • Geolocations

  • Detailed stats 


Make your domain safe and your emails reliable once again, with DMARC. 

Business Module Hub