Emails are like postcards sent across the internet. Whether they’re going to the right address or not depends on these three critical elements: SPF, DKIM, DMARC. In this guide, I’ll show you an easy-peasy roadmap to understanding these three crucial elements and why they’re necessary for you when it comes to email deliverability. So, let’s begin!
SPF, DKIM, and DMARC
SPF: It’s like a stamp on your email. It confirms that the email your sending is actually coming from you and not an imposter. Kind of like having a password on your email, which the email servers can see only.
DKIM: This is like a protective envelope around your email. It takes a digital signature to confirm that the email hasn’t been tampered with. Like a safety seal on a medicine bottle, telling the receiver that the email is exactly as you sent it.
DMARC: I’d call it a trustworthy mailman. It tells the email servers what to do if an email doesn’t pass SPF or DKIM checks, whether to deliver it anyway, quarantine it, or reject it. So basically, this makes sure only the correct and safe letters land in the inbox.
How to Setup SPF for Google Workspace
Step 1: Login to your domain registrar’s website and look for DNS to set up SPF record for Gmail.
Step 2: If there’s a TXT record starting with v=spf1, that means you just need to update this code: “v=spf1 a include:_spf.google.com ~all”
Step 3: If there’s nothing like that in the DNS records, create an SPF record for Gmail. All you have to do is create TXT record with these configurations: Host Name: @, Time to Live (TTL): 3600 or default, Value: v=spf1 include:_spf.google.com ~all.
How to Setup DKIM for Google Workspace
- Access ‘Admin Console’ and click on Apps > Overview > Google Workspace.

2. Click on that ‘Gmail’ icon.

3. Select ‘Authenticate Email.

4. Click on ‘Generate New Record’ and ‘Start Authentication.’ You may see that I have a ‘stop authentication’ button. That’s what you might get once your DKIM activates.

5. Go to your domain’s registrar, add TXT record in DNS with @ as hostname, and paste that Gmail DKIM code in the value. That’s it.
How to Setup DMARC for Google Workspace
1. To add Gmail DMARC, visit DMARCLY and fill in all the basic details to sign up. Make sure you add only your company email. Gmail won’t work here.

2. Once you’re signed up, go to DNS Records > Publish DMARC code and copy that code. Don’t forget to change YOURDOMAIN to your actual domain name to avoid any troubles while adding Gmail DMARC code.

3. Now go back to your DNS, add TXT record with these settings: Host: _dmarc, Value: DMARC code you generated on DMARCLY, TTL: 1 hour. That’s it, you have successfully set up Gmail DMARC.
How to Verify SPF, DKIM, and DMARC
Once you have SPF, DKIM and DMARC set up for your Google Workspace, it’s important to ensure everything is working properly. Here are the manual steps needed to check each setup:
1.Verify SPF Record: You can verify your SPF record using MXToolBox SPF. Just put your domain name there and click on ‘SPF Record Lookup.’ If everything is alright, it should look like this:


2. Check DKIM Record: For DKIM, send a test email from your domain to mail-tester. Just visit mail-tester and copy that email so that you can send mail to that address. Once you have sent it, check your score. Let it run for a while. If it reads your email, you’ll get a detailed report. As you can see here, the report says my signature is valid. And that’s all I need to know for verification.



3. Verify DMARC Record: DMARC Inspector can fetch your records just like MX Toolbox. Put your domain there and click on ‘Inspect the Domain.’


Final Advice!
Remember that any changes to your DNS may take some time to activate around the world depending on TTL values. If things don’t immediately change, leave them alone for 20 minutes or so and re-check. By regularly checking your SPF, DKIM and DMARC, you can ensure optimum email deliverability and email spoofing security for your domain.