Reading Time: 5 min
Countless phishing and scam emails are currently making their way into the user’s inboxes, putting data at risk. While using Gmail or Gmail for Business, setting up an SPF record has become crucial to enhance email security. In 2024, Google rolled out its updated sender requirement guidelines, making email authentication compulsory for all senders!
Here’s a quick recap of where it currently stands:
A Gmail SPF record prevents unauthorized individuals from sending emails from your Google Workspace domain. This record works as a checkpoint for emails sent from your domain before they can reach your customer’s inbox. Properly implementing your Google Workspace SPF record reduces the chances of emails from your domain being marked as spam.
Therefore, if you want to create an SPF record for Google Workspace, you’re at the right place. This article will explain how to set up an SPF record for Google Workspace and why proper implementation is necessary.
An SPF (Sender Policy Framework) record specifies which mail servers are authorized to send emails on behalf of your domain. When an email is received, the receiving server checks the SPF record of the domain in the “From” address to verify whether the email is coming from an authorized server.
The SPF record is published in your domain’s DNS as a TXT record. It contains a list of IP addresses or hostnames of the servers permitted to send emails on behalf of your domain. This record can include multiple servers and third-party services.
If an email is sent from an unauthorized source, the receiving server will check the domain’s SPF record using the DNS TXT record.
If you are not abiding by Google’s new email authentication rules for senders, it can land you in trouble! Here’s what can happen if you are not implementing Google Workspace SPF Record:
An SPF record is a single line of plain text including various tags. The tags contain the corresponding values, mainly the IP addresses and domain names for authorized sending sources.
An SPF record is added to your domain provider as a TXT record. It can only be up to 255 characters. The size of a TXT record file should be less than or equal to 512 bytes.
When an email is sent, the recipient’s mail server checks the SPF record of the sender’s domain. This is done to verify whether the IP address of the mail server that sent the email is listed in the SPF record.
Based on the check, the receiving mail server assigns one of the following results:
Here’s what you need to do to set up an SPF record for Google Workspace.
The first step in adding your Google Workspace SPF record is to sign in to your DNS management console. You should be able to access your domain’s DNS settings. You can update your DNS records here to add SPF for Google Workspace. This process depends on your service provider as well and may vary from one DNS provider to another.
If you don’t find this option in your DNS management console, contact your DNS provider to locate your DNS setting.
After signing in to DNS management console, navigate to the TXT records section to add a new TXT record with the following values.
Adding an SPF record to the root domain doesn’t mean it applies to your subdomains. This is because SPF policy is not inherited automatically by subdomains. Hence, if you are using subdomains, you need to set up SPF records for Gmail separately on each subdomain. This can, however, only be done if your domain provider allows SPF setup directly for subdomains.
As mentioned earlier, the steps of setting up SPF on subdomains are similar. Some domain providers don’t support the direct application of SPF on subdomains. In that case, you can create a Gmail SPF record on the root domain and later adjust the Host setting to point to the subdomain instead of “@”.
After creating your SPF record, save the changes. The record should be activated within 48 hours of being saved, depending on the time taken on your DNS provider’s end to propagate the changes.
Verifying Gmail SPF records after setting them up involves ensuring that your domain is properly authenticated with SPF.
The verification can be done by following these steps.
● You can use our SPF lookup tool to check your Gmail SPF record setup instantly.
● Go through the TXT entry of your implemented SPF record to see if the status is valid.
● Recheck if the record contains all the authorized IP addresses and third-party vendors you use to send your emails.
● Make sure you haven’t published multiple SPF records for a single domain. If you use additional third-party vendors other than Google Workspace for email marketing, you can use the “include” mechanism in the same SPF record to authorize them as shown in the example below:
v=spf1 include: _spf.google.com include:spf.thirdpartydomain1.com include:spf.thirdpartydomain2.com ~all
● Make sure you keep the proper formatting.
● If any discrepancies are found in your SPF record, update the SPF record for Gmail to remove these errors and verify your setup again.
Lastly, by implementing SPF record for Gmail, you can successfully comply with Google’s requirements to ensure smooth deliverability and reduce spam complaints. By combining this with a DMARC setup, sending organizations can protect your domain from email-based cyber-attacks like spoofing, phishing, and BEC.
Setting up a Google Workspace SPF record is only the first step towards protecting your domain. For enhanced domain security and visibility, start your journey with a 15-day free trial of PowerDMARC today!
*** This is a Security Bloggers Network syndicated blog from PowerDMARC authored by Yunes Tarada. Read the original post at: https://powerdmarc.com/set-up-gmail-spf-record/