How to Add DKIM, DMARC, and SPF for Your Domain in Google Workspace

Securing your email domain is crucial to prevent phishing and spoofing attacks. Setting up DKIM, DMARC, and SPF can significantly enhance your email security. Here’s a step-by-step guide on how to add these records if you are using Google Workspace. This guide is provided by ITP 360, your trusted provider of Managed IT Services in Miami.

What Are DKIM, DMARC, and SPF?

• DKIM (DomainKeys Identified Mail): Adds a digital signature to emails, allowing recipients to verify that the email was indeed sent from your domain and hasn’t been altered.
• DMARC (Domain-based Message Authentication, Reporting & Conformance): Helps manage how your domain handles suspicious emails and provides reports on email authentication.
• SPF (Sender Policy Framework): Specifies which mail servers are authorized to send emails on behalf of your domain.

Step 1: Setting Up SPF

1. Login to Your Domain Provider:
   • Access the DNS management settings for your domain.
2. Add an SPF Record:
   • Create a new TXT record with the name “@” or your domain name.
   • Set the value to: v=spf1 include:_spf.google.com ~all
   • Save the record.

Step 2: Setting Up DKIM

1. Login to Google Admin Console:
   • Go to admin.google.com and sign in with your admin account.
2. Navigate to DKIM Settings:
   • Go to Apps > Google Workspace > Gmail > Authenticate email.
3. Generate a DKIM Key:
   • Select your domain and click on Generate new record.
   • Choose a DKIM key bit length (2048 is recommended).
4. Add DKIM Record to DNS:
   • Copy the generated TXT record and go to your domain provider’s DNS settings.
   • Add a new TXT record with the name provided by Google (e.g., google._domainkey) and paste the DKIM key.
   • Save the record.
5. Activate DKIM:
   • Return to the Google Admin console and click Start authentication.

Step 3: Setting Up DMARC

1. Create a DMARC Record:
   • In your domain provider’s DNS settings, add a new TXT record.
2. Enter DMARC Details:
   • Name: _dmarc
   • Value: v=DMARC1; p=none; rua=mailto:your-email@yourdomain.com; ruf=mailto:your-email@yourdomain.com; pct=100
   • Adjust the policy (p=) as needed:
     • none: Monitor emails
     • quarantine: Move suspicious emails to spam
     • reject: Reject suspicious emails
3. Save the Record:
   • Save the DMARC record in your DNS settings.

Importance of Setting pct=100 in your DMARC record

The pct (percentage) tag in DMARC specifies the percentage of emails to which the DMARC policy will be applied. Setting pct=100 ensures that your DMARC policy is enforced on all emails sent from your domain. This is crucial for several reasons:

1. Comprehensive Protection:
   • Ensures that all emails are subject to the DMARC policy, providing complete protection against email spoofing and phishing.
2. Consistency:
   • Applying the policy to 100% of emails ensures consistent enforcement, avoiding scenarios where some fraudulent emails might bypass the policy.
3. Accurate Reporting:
   • Full application of the policy provides more comprehensive data in your DMARC reports, helping you better understand and manage email authentication issues.

Why Use ITP 360 for Managed IT Services in Miami?

At ITP 360, we provide expert managed IT services to help secure and optimize your IT infrastructure. Our services include setting up and managing email authentication protocols like DKIM, DMARC, and SPF, ensuring your communications remain secure and trustworthy.

For more detailed guidance and support, contact ITP 360 today.