How to set up a DNS record, SPF, DKIM and DMARC for Google

SPF - Sender Policy Framework

1. Sign into your domain account on your domain host's site (not your Google Admin Console).
   1. This can be GoDaddy, Squarespace, Namecheap, etc.
2. Go to the page for updating your domain’s DNS records.
   1. DNS Management, Name Server Management, or Advanced Settings
3. Find your TXT records and check if your domain has an existing SPF record.
   1. The SPF record starts with “v=spf1…”.
4. If your domain already has an SPF record, remove it.
5. Create a TXT record with these values:
   1. Name/Host/Alias - Enter @ or leave blank
   2. Other DNS records for your domain might indicate the correct entry.
   3. Time to Live (TTL) - Enter 3600 or leave the default.
   4. Value/Answer/Destination - Enter v=spf1 include:_spf.google.com ~all.
6. This can take up to 48 hours to take effect.

DKIM - Domain Key Identified Mail

1. Log into Google Admin: admin.google.com
   1. In the navigation menu on the left hand side: Menu > Apps > GSuite > Gmail
2. Generate a DKIM Key
3. Create a DNS TXT Record with the DKIM Key generated in the previous step.
   1. For this you will need to go to your domain provider
   1. GoDaddy, Squarespace, Namecheap, etc.
4. After creating the DNS TXT Record in your domain with the DKIM Key, you can Start Authenticating.

DMARC - Domain-based Message Authentication, Reporting, and Conformance

1. Go to your domain administrator’s site. Find DNS Management or Settings.
2. Add this TXT Record to your DNS:
   1. Host Name: _dmarc
   2. VALUE (with email): v=DMARC1; p=quarantine; rua=mailto:{email}; pct=90; sp=none
   1. The email version will send reports to whatever email you put in there. This is totally optional. Here is the value without the email:
   3. VALUE (no email): v=DMARC1; p=quarantine;  pct=90; sp=none

Verify that all DNS settings were set up correctly here.

If you're struggling with formatting the DMARC Record, we like this DMARC record generator.