Set up SPF, DKIM and DMARC on Google Workspace

If your business uses Google Workspace (business Gmail), here is how to enable the three anti-spoofing protections.

1. SPF — allow Google's servers

Add a TXT record on your domain:

v=spf1 include:_spf.google.com ~all

For stricter protection, switch to -all once all your sending services are listed.

2. DKIM — sign your emails

In the Google Admin console (admin.google.com) → Apps → Google Workspace → Gmail → Authenticate email. Click "Generate new record", add the provided TXT on google._domainkey to your DNS, then click "Start authentication".

3. DMARC — block spoofers

Add a TXT on _dmarc.yourdomain.com, starting gently:

v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com

Monitor, then move to p=quarantine and finally p=reject.

Check your setup for free

Enter your domain: we test your SPF, DKIM, DMARC and website, and give you the exact action plan.

Run the free check
See also: the SPF, DKIM, DMARC guide, Microsoft 365, Google Workspace, securing your website.