Loading ...

Google Apps SPF / DKIM setup

A Sender Policy Framework (SPF) record indicates mail servers that are authorized to send mail for a domain. Email recipient servers perform a check with DNS to see if the mail came from an authorized server. If not, then the email is most likely SPAM. SPF DNS records lets the recipient server perform this verification.

A DomainKeys Identified Mail (DKIM) record adds a digital signature to emails your organization sends. Email recipient servers perform a check with DNS for the to see if the DomainKey matches the sender. If so, then the email is considered unmodified and from a legitimate sender. DKIM DNS record lets the recipient server perform this verification.

Configure Google Apps SPF

If you use Google Apps for email, you’ll need access to your DNS provider to add an SPF record. In most cases, you simply login and create a new TXT record with the value of:

v=spf1 include:_spf.google.com ~all

Google provides detailed instructions on how this is done. Be sure to save your changes.

Configure DKIM for Google Apps

You’ll need access to your Google Apps control panel and your DNS records to set DKIM. This is a three step process:

1. Create the DKIM key

a. Login to your Google Apps Control Panel (e.g., http://www.google.com/a/cpanel/yourdomain.com)

b. Navigate to the Gmail App Control Panel

c. Scroll down to “Authenticate email” and click on “Set up email authentication (DKIM)”.

d. Your domain name should be displayed. Click on “Generate new record”. Leave the default selector prefix as “google”. Click “Generate”.

e. Leave this browser window open, and then create a new tab or browser window.

2. Create the DKIM DNS record

a. Login to your DNS provider.

b. Create a new TXT record. The name of the TXT record should be:

google._domainkey

This creates a domain that, fully resolved, looks like: google._domainkey.yourdomain.com.

c. The value for the DNS record will be a very long string of characters, something like:

v=DKIM1; k=rsa; t=y; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCG5in7gQIDAQAB

The actual length of the string will be much longer than that above. I find it simplest to copy-and-paste the information from the Control Panel page displaying the information. Save the DNS record.

3. Start Authenticating

a. Wait 24-hours for your changes to propagate, and for Google’s servers to detect the changes.

b. Login to your Google Apps Control Panel (e.g., http://www.google.com/a/cpanel/yourdomain.com)

c. Go to the “Advanced tools” tab, then scroll down to “Authenticate email” and click on “Set up email authentication (DKIM)”.

d. Click “Start authentication”.

As always, check Google’s detailed instructions if your setup is more complex.

Verify that SPF & DKIM are configured

Send an email from your Gmail account to checkauth@verifier.port25.com after you’ve completed the Google Apps SPF and DKIM setup. You’ll receive an email response in a few minutes. If everything is properly configured, you’ll receive a “PASS” for both the Google Apps SPF and DKIM settings. This means your email is now securely being delivered and can be verified as such.

Posted in : Email, Gmail, Network Security, Phishing

Leave a Reply

Your email address will not be published. Required fields are marked *

Archives

Categories

Plant a Seed @ 541-761-9549
233 Rogue River Hwy #873 Grants Pass, OR 97527
Mon-Fri: 9:00am-5:00pm
support@farmhousenetworking.com
© 2016-2023- Farmhouse Networking. All rights reserved
Terms and Conditions Privacy Policy

Evaluation Signup

[contact-form-7 id="452" title="Free Network Evaluation"]
And God will generously provide all you need. Then you will always have everything you need and plenty left over to share with others. As the Scriptures say,
“They share freely and give generously to the poor. Their good deeds will be remembered forever.”
For God is the one who provides seed for the farmer and then bread to eat. In the same way, he will provide and increase your resources and then produce a great harvest of generosity in you. - 2 Corinthians 9:8-10