Google Workspace Setup
Setup SPF
The SPF directive for Google Workspace is You either need to add it to your existing SPF record, or create a new SPF record.
include:_spf.google.com. A policy containing Google Workspace SPF directive would look like:v=spf1 include:_spf.google.com ~all
Checking for an existing SPF record
To verify if you have an existing SPF record, you can use the Domain Check tool:Verify DNS records
Updating an existing SPF record
If you already have an existing SPF record, just include the
include:_spf.google.com to your existing record. Instructions for updating DNS records can be found on the DNS Providers doc.Creating an SPF record
If you do not have an existing SPF record, you need to create a new one with your DNS provider. Individual instructions can be found on the DNS Providerspage. You should try to include all your email senders at once into your initial SPF policy.
- Record Type
- TXT
- Host/Name
- yourdomain.com
- Value
v=spf1 include:_spf.google.com ~all
- TTL
- 3600 seconds (1 hour)
Setup DKIM
Setting up DKIM involves two steps: (1) Getting the public key from Google Workspace Admin. (2) Installing the new DNS record.
DKIM Public Key
First we need to request a public key from Google Workspace Admin
- Go to the Google Workspace Gmail Admin page.
- Click on Authenticate Email
- Follow the instructions on screen to generate a DKIM key
Creating the DKIM Record
Next we need to install the new DNS record with your DNS provider. Individual instructions for DNS providers can be found on the DNS DNS Providers page.
- Record Type
- TXT
- Host/Name
- google._domainkey.yourdomain.com
- Value
- Generated DKIM from previous step:
v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1xr5/Zs0b2DRNf9RdUqJblQU18xWN/mdGRmFKK4yP20i1PTGTGeJK5rkdDN6/ThIgdg7SWgGYbyTlG4jHTrEWWoKJzM8aMnn0CVU+vFT0AyYCG+VJghN2hVnNHmv6mxVre6VO3/ORv1/cc/cwv+uQTXqqRBMcw9vR6ZNU0GM8z0rsM50TwcMUfFCFrrnZSK8I6mqaQCDdlOygAz0hOclxQROLpbK0/azzK+RTY9Crkus4SgRBoRDU2pRusIf95BkpAxCvslUoqF2lXZW/BT6UqlR9stbSe8ZhFVMVX6rd/qcgLTBVAlqM+2NndcYSz2NFxPENb2Ql1KzNJKnTYG7TwIDAQAB
- TTL
- 3600 seconds (1 hour)
Verification
Once setup, you can verify your SPF/DKIM records are setup with the domain check tool.
Verify DNS records
Verify DNS records