Google Workspace - SPF & DKIM Configuration

 

Google Workspace SPF and DKIM Configuration: Step by Step guide

Google Workspace (G Suite) powers daily work with tools like Gmail, Docs, Sheets, and Calendar. To protect your domain and improve email deliverability, it’s important to set up SPF and DKIM.  With Gmail increasingly encouraging DMARC adoption for bulk senders, proper authentication helps your emails reach inboxes reliably while protecting your brand from spoofing.  This guide shows you how to configure DKIM, SPF, and DMARC in Google Workspace.

Google Workspace – SPF Record Configuration

This “_spf.google.com” is the SPF entry for Google workspace. If you already have an SPF record, add this include to the existing record, for example:

v=spf1 include:_spf.google.com include:_spf.intacct.com include:spf.protection.outlook.com ~all

Important: A domain must have only one SPF record.

If you don’t already have an SPF record, you can use our free SPF Record Generator tool to create one without syntax errors. Simply enter your domain, select “Gmail,” generate the record, and publish it in your DNS as a TXT record.

You need to copy and publish the record in your DNS zone as a TXT.

Google Workspace – DKIM Record Configuration

Start the DKIM setup by signing in to the Google Admin Console with an administrator account.

Navigate to: Apps → Google Workspace → Gmail → Authenticate Email.

On the “Authenticate Email” page, select your domain and click Generate New Record. In the popup window:

• Choose the DKIM key length - 2048-bit is recommended.
• Enter a unique selector name.
• Click Generate to create the DKIM record.
  
  
  Once the record is generated, copy the TXT DKIM record and publish it in your DNS zone.
  After the record has fully propagated, return to the DKIM settings page and click Start Authentication.

If the setup is correct, DKIM will become active and the button will change from Start Authentication to Stop Authentication, as shown in the screenshot below.