Configure SPF for Google Apps

Sender Policy Framework (SPF) is an email-validation system used to prevent spam or spoofed emails from coming into your inbox. SPF is a TXT record just like the A, CNAME, MX, and other DNS records. This DNS record allows the domain owners (senders) to authorize their IP addresses or MX records or even external mailers to send the emails from that particular domain.

If you use Google Apps for email, you’ll need access to your DNS provider to add an SPF record. In most cases, you simply login and create a new TXT record with the value of:

v=spf1 include:_spf.google.com ~all

Google provides detailed instructions, as well. Be sure to save your changes.

Configure DKIM for Google Apps

DKIM (Domain Keys Identified Mail) is an email authentication technique that allows the receiver to check that an email was indeed sent and authorized by the owner of that domain. This is done by giving the email a digital signature. This DKIM signature is a header that is added to the message and is secured with encryption.

You’ll need access to your Google Apps control panel and your DNS records to set DKIM. This is a three-step process:

1. Create the DKIM key

a. Login to your Google Apps Control Panel (e.g.,http://www.google.com/a/cpanel/yourdomain.com)

b. Go to the “Advanced tools” tab, then scroll down to “Authenticate email” and click on “Set up email authentication (DKIM)”. This will open a new screen.

c. Your domain name should be displayed. Click on “Generate new record”. Leave the default selector prefix as “google”. Click “Generate”.

d. Leave this browser window open, and then create a new tab or browser window.

2. Create the DKIM DNS record

a. Login to your DNS provider. Get to a place where you can add a TXT record.

b. Create a new TXT record. The name of the TXT record should be:

google._domainkey

This creates a domain that, fully resolved, looks like: google._domainkey.yourdomain.com.

c. The value for the DNS record will be a very long string of characters, something like:

v=DKIM1; k=rsa; t=y; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCG5in7gQIDAQAB

The actual length of the string will be much longer than that above. I find it simplest to copy and paste the information from the Control Panel page displaying the information. Save the DNS record.

3. Start Authenticating

a. Wait 24 hours for your changes to propagate, and for Google’s servers to detect the changes.

b. Login to your Google Apps Control Panel (e.g.,http://www.google.com/a/cpanel/yourdomain.com)

c. Go to the “Advanced tools” tab, then scroll down to “Authenticate email” and click on “Set up email authentication (DKIM)”. This will open a new screen.

d. Click “Start authentication”.

As always, check Google‘s detailed instructions if your setup is more complex.

Verify that SPF and DKIM are configured

Send an email from your Gmail account to check–auth@verifier.port25.com after you’ve completed the SPF and DKIM setup. You’ll receive an email response in a few minutes. If everything is properly configured, you’ll receive a “PASS” for both the SPF and DKIM settings. This means your email is now more likely to be delivered than email lacking these records.

My inbox, and everyone’s spam folders, are grateful for your efforts!