Setting Up SPF and DKIM Records on G Suite

DKIM and SPF records are a must. Especially, if you want to protect your email accounts from being flagged as spam. DKIM (DomainKeys Identification Mail) is an authentication method that is used to prevent email spoofing. SPF (Sender Policy Framework) is also used for email authentication. However, SPF is specifically designed to prevent the forging of sender addresses during delivery. Both of these frameworks are very important. I highly suggest setting them up as soon as you create your G Suite account.

Let’s jump right in to setting up SPF and DKIM records on your G Suite account. This post assumes you’ve already set up G Suite and the MX records.

Generating SPF Records

My DNS is hosted through Cloudflare. If you have a different DNS provider, you may have a slightly different setup. The first thing we need do is set up a TXT record.

Under the DNS Management tab in Cloudflare, set the type to the following:

Type: TXT
Name: @
TTL: Auto
Content: v=spf1 ~all

SPF records prevent email spoofing. If you’ve ever been hacked, you know what this is like. It’s very easy for spammers to spoof your domain and send out emails to your customers. Let’s say your domain was and spammer John Doe decides to start sending emails from [email protected] to your customers. SPF records help prevent your domain from being added to blacklists. SPF records also help authenticate emails; avoiding situations like the above with spammer John.

Generating DKIM Records

Now, let’s add the DKIM records. To do this, you’ll need to go into your G Suite account and navigate to: Apps -> G Suite -> Settings for Gmail -> Authenticate Email

Apps -> G Suite -> Settings for Gmail -> Authenticate Email

You’ll then want to select the domain that you are adding DKIM records too. In my case, it’s Currently, the status says “Not Authenticating Email” because no record has been created.

To generate DKIM records:

  • Click Generate New Record
  • DKIM Key Bit Length: 1024 or 2048
  • Prefix Selector (Optional): Google

As this is an example, the key record that you generate will be very different.

Under the DNS management tab in Cloudflare, insert the following:

Type: TXT
Name: google._domainkey (This is the same for every website).
TTL: Auto
Content: TXT Record Value provided to you by G Suite. (This value is different for every website).

When inserting the TXT Record Value in Cloudflare, double check that there are no extra spaces at the end of the record. If there is an extra space, it will fail. After you’ve done this, click save.

Then go back to your G Suite account and click start authentication. This will tell Google that the email verification was not verified. It may take up to 48 hours for G Suite to recognize that the SPF and DKIM records have been added.

I typically notice that the records are authenticated within a day. Once your emails are authenticated, you should get a status that says the emails are being authenticated through G Suite.

Closing Thoughts

If you have any questions regarding DKIM or SPF records, feel free to ask me in the comments below.

Please remember that this set up only works for G Suite. If you use services like cPanel or Office 365, then those services each have their own way of setting up DKIM and SPF records.

scott hartley

About the author

Scott is a web performance geek, lover of all things coffee, and avid video game player. His WordPress work delves into web performance, web security, and SEO.

Leave a Comment