How to set up DKIM, DMARC, SPF for Google Workspace

Many businesses encounter the problem of sending emails to customers who cannot reach the primary mailbox because they have not set up DKIM, DMARC, and SPF correctly or skipped this part. We should follow Google’s instructions for businesses using Google Workspace to increase mail reliability. Lucid Gen will guide you on how to set up DKIM for Google Workspace in the most precise way; let’s get started.

Why do we need DKIM, DMARC, and SPF?

Lucid Gen would like to convey this easily because using specialized terminology will confuse those new to this field.

  • DKIM: Helps Google authenticate whether your email is spoofed or not or whether the domain owner authorizes it.
  • DMARC: This mail authentication protocol helps protect domain names from unauthorized use or mail tampering.
  • SPF: Let Google prevent spam and detect whether the sender’s address is real or fake.

We need DKIM, DMARC, and SPF to help outgoing mail get to the primary mailbox smoothly. Lucid Gen talked to Google Workspace support staff, and they shared that setting up DKIM correctly will help reduce the rate of mail sent to spam.

Setting up DKIM, DMARC, and SPF correctly will help reduce spam rates
Setting up DKIM, DMARC, and SPF correctly will help reduce spam rates

How to check a domain’s DKIM, DMARC and SPF

Go to the MX Check page to check if you have set up DKIM, DMARC, and SPF correctly. Paste your domain name in the Domain name box and click the Run test button.

For example, if lucidgen.com has a yellow warning in the DKIM and DMARC section, we know that lucidgen.com has not set up DKIM and DMARC for Google Workspace correctly. Please try testing with your domain name to see the results.

How to check DKIM, DMARC, SPF of domain name
How to check DKIM, DMARC, SPF of domain name

The warnings were gone after Lucid Gen revised the DKIM and DMARC settings. Now, lucidgen.com’s MX is entirely valid. I will guide you on how to set up DKIM and DMARC right below.

Lucid Gen was set up correctly, and the results were valid
Lucid Gen was set up correctly, and the results were valid

Note: If a domain name has many errors when checking MX, but they can still send mail to the primary mailbox, they probably do not use Google Workspace; for example, if they use Outlook, they will set it up as required. Outlook requirements.

Setup DKIM, DMARC, SPF for Google Workspace

Set up DKIM Google Workspace

To set up DKIM for Google Workspace, you must use the account with the highest authority in your (or the company’s) Google Workspace.

Step 1: Go to admin.google.com > search for DKIM in the search bar > click DKIM authentication.

Access DKIM authentication from the Google Workspace admin
Access DKIM authentication from the Google Workspace admin

Step 2: Click the Generate new record button > select the DKIM key length > click the Generate button.

  • DKIM Key bit 1024: Compatible with many older email systems. Suitable for any DNS that only allows 255 character values ​​to be filled in. Most used, Lucid Gen temporarily suggests you choose this option.
  • DKIM Key bit 2048: More secure, compatible with popular mail systems such as Gmail and Outlook. Suitable for any DNS that allows a value of more than 255 characters to be filled in. It will be the trend of the future.
Click the Generate new record button to create a new record
Click the Generate new record button to create a new record

Step 3: Copy google._domainkey and DKIM value to add to your DNS.

Copy the DKIM key to set up the DNS
Copy the DKIM key to set up the DNS

Step 4: Go to domain name management > set up DNS > add DKIM record as follows.

NameLoạiThời gianDữ liệu
google._domainkeyTXT1hKhóa DKIM của bạn
Set up DKIM for Google Workspace in DNS
Set up DKIM for Google Workspace in DNS

After you set up DKIM in DNS, you must wait 48 hours for the record to take effect (according to Google). Depending on your domain name provider, Lucid Gen found that it takes about 30 minutes for it to take effect.

Wait from 30 minutes to 48 hours for the DKIM setup to take effect
Wait from 30 minutes to 48 hours for the DKIM setup to take effect

Step 5: After you have waited 30 minutes to 48 hours, return to the DKIM authentication page > click the Start Authentication button to verify your domain has Google Workspace’s DKIM.

Click the Start Authentication button to authenticate DKIM on the domain name.
Click the Start Authentication button to authenticate DKIM on the domain name.

When you see the status has changed to “Authenticating email”, you have successfully authenticated.

The status of Authenticating email is that you have successfully authenticated.
The status of Authenticating email is that you have successfully authenticated.

But if you fail to authenticate and receive a message like below, wait until 48 hours and then click the Start Authentication button again.

Email authentication was not verified. Please allow 48 hours for DNS to update and make sure you entered the correct TXT record into your domain provider’s DNS settings page.

Error message when authenticating DKIM

Set up DMARC for Google Workspace

DMARC setup has three popular types introduced by Google as follows, you only choose 1 of these three types to add to DNS.

NameLoạiThời gianDữ liệuGiải thích
_dmarcTXT1hv=DMARC1; p=none; rua=mailto:email-nhan-thong-bao@tenmien.comWhen the message is not successfully authenticated > Do nothing, send it to the recipient. Everything is logged and sent to you.
_dmarcTXT1hv=DMARC1; p=reject; rua=mailto:email-nhan-thong-bao@tenmien.comWhen the message is not authenticated > Do not send it but return it to the sender. There is notice for you.
_dmarcTXT1hv=DMARC1; p=quarantine; rua=mailto:email-nhan-thong-bao@tenmien.comWhen the sent message is not successfully authenticated > Mark the message as spam and send it to the recipient’s spam box. There is notice for you.

According to Lucid Gen, the second option is the most reasonable to control unauthenticated messages.

Set up DMARC for Google Workspace
Set up DMARC for Google Workspace

Set up SPF for Google Workspace

Setting up Google Workspace’s SPF is quite simple and has no options. You need to add both records to DNS, and you’re done.

NameLoạiThời gianData
@TXT1hv=spf1 include:_spf.google.com ~all
@SPF1hv=spf1 include:_spf.google.com ~all
Set up SPF for Google Workspace
Set up SPF for Google Workspace

Conclusion

After setting up DKIM, DMARC, and SPF, go back to Google’s Check MX page to check if the status has changed to fully valid. Please leave your results or questions below in the comments section. Good luck!

Related articles

Hieu Tran Ngoc Minh

Hieu Tran Ngoc Minh

I am currently working as a Data Analyst; before that, I worked in Digital Marketing. Blogging is a joy, helping me share my knowledge and experiences from life and work. You can donate to me here.

Leave a Comment

Feel free to leave your comment, and we will review and respond as soon as possible. Please use a real email to ensure your comment is approved and to receive notifications when we reply. You can also add an avatar to your email.