How to set up a DNS record, SPF, DKIM and DMARC for Google
SPF - Sender Policy Framework
- Sign into your domain account on your domain host's site (not your Google Admin Console).
- This can be GoDaddy, Squarespace, Namecheap, etc.
- Go to the page for updating your domain’s DNS records.
- DNS Management, Name Server Management, or Advanced Settings
- Find your TXT records and check if your domain has an existing SPF record.
- The SPF record starts with “v=spf1…”.
- If your domain already has an SPF record, remove it.
- Create a TXT record with these values:
- Name/Host/Alias - Enter @ or leave blank
- Other DNS records for your domain might indicate the correct entry.
- Time to Live (TTL) - Enter 3600 or leave the default.
- Value/Answer/Destination - Enter v=spf1 include:_spf.google.com ~all.
- This can take up to 48 hours to take effect.
DKIM - Domain Key Identified Mail
- Log into Google Admin: admin.google.com
- In the navigation menu on the left hand side: Menu > Apps > GSuite > Gmail
- Generate a DKIM Key
- Create a DNS TXT Record with the DKIM Key generated in the previous step.
- For this you will need to go to your domain provider
- GoDaddy, Squarespace, Namecheap, etc.
- After creating the DNS TXT Record in your domain with the DKIM Key, you can Start Authenticating.
DMARC - Domain-based Message Authentication, Reporting, and Conformance
- Go to your domain administrator’s site. Find DNS Management or Settings.
- Add this TXT Record to your DNS:
- Host Name: _dmarc
- VALUE (with email): v=DMARC1; p=quarantine; rua=mailto:{email}; pct=90; sp=none
- The email version will send reports to whatever email you put in there. This is totally optional. Here is the value without the email:
- VALUE (no email): v=DMARC1; p=quarantine; pct=90; sp=none
Verify that all DNS settings were set up correctly here.
If you're struggling with formatting the DMARC Record, we like this DMARC record generator.