How to Set Up SPF, DKIM, and DMARC Using Google Workspace

Your emails are important. It's how you conduct business, set up meetings and work on projects with other companies. Because of this cyber criminals may impersonate your domain to try and breach another organization. 91% of cyber attacks start with a phishing email which is why you need to make sure that no one is using your domain to send malicious emails. One way of doing this is through setting up SPF, DKIM, and DMARC in your Google workspace.

How to set up an SPF record

SPF stands for "sender policy framework" and is a protocol for validating emails coming from the domain it claims to. Setting up and SPF record is relatively simple in Google Workspace just follow the next steps:

1. Sign into your admin console for your domain.
2. Find the advanced DNS record settings
3. Create a TXT record and assign the value v=spf1 include:_spf.google.com ~all
4. Save your changes

How to set up a DKIM record

Setting up a DKIM (Domainkeys identified mail) is the next step in securing your email domain. A DKIM record is a signature that attaches to all of your emails proving it came from the right place. If someone is trying to use your domain without that signature it will be denied or marked as spam. Setting up a DKIM record consists of several steps. First create a DKIM domain key:

1. Open up Google Workspace Admin console. Select Apps > Google Workspace > Gmail > Authenticate email
2. Select your domain from the drop-down list and click the generate new record button
3. Copy the text

Next you'll have to create a record to tie the key to your domain:

1. Login to your domain provider's admin console
2. Find advanced DNS settings page
3. Creat a TXT record with the name google._domainkey. Next assign it the values created in the first step. Example:  v=DKIM1; k=rsa; p=ALb9a35QAA35in7qDAB
4. Save and update the settings

How to set up a DMARC record

The last step is to create a DMARC record which stands for "Domain-based message authentication, reporting and conformance" record. DMARC is built off of both SPF and DKIM record so the first two sections are important to do beforehand. The next steps include:

1. Login to your domain providers admin console
2. Locate advanced DNS settings page
3. Create a TXT record with settings you want to apply to your DMARC record
4. Save all changes

The steps to securing your domain in Google workspace are relatively easy to set up you just need to know how. The best part is that if you want to make sure you get it right CIT is ready and willing to help secure your email domain. If you require help feel free to contact us today!

CorpInfoTech (Corporate Information Technologies) provides small to mid-market organizations with expert I.T. services including compliance assessment, cybersecurity penetration tests, and comprehensive business continuity planning services. CorpInfoTech can help organizations, quantify, create, refine, and mitigate the risks presented by business threatening disasters in whatever form they may be disguised.