Introduction – Ensuring your email addresses are resolved correctly is good Financial Advice.
Of the 244 billion emails sent daily, 90% are unwanted, unsolicited spam advertising all sorts of goods, products and services. It is little surprise that email services and clients are eager to filter out junk email before delivering it to their users, ensuring that only genuine messages get through to the inbox. As a reputable business owner, you know your messages are precious, and you are not peddling generic pharmaceuticals, non-surgical augmentation techniques or not-safe-for-work webcam sites. However, the problem is that spam filters may not be able to check your messages, and they could be marking your messages as undeliverable because you have not completed your Google Workspace email setup.
Proving your identity
Because spammers want to appear legitimate, they often “fake” the from email address on their messages with yours. Spam filters usually try to verify that the sender’s address matches the email encoding and automatically dump messages that do not pass the test.
However, it is up to you to ensure that your email addresses are resolved correctly using SPF, DMARC, and DKIM records. If you did not use the services of a Google Apps partner and set up the system yourself, this is a crucial stage and must be completed correctly; unless you link up with a specialist Google partner, staying on top of future changes will be time-consuming. The good news is that the process is relatively straightforward. The even better news is that as a certified Google Apps Partner, you don’t need to read through to the end of the article if you would instead have a competent person complete this.
Below are instructions for setting up SPF, DKIM, and DMARC for Google Workspace. You should only follow them if you are confident and experienced in deploying Google Workspace. These instructions are to be used at your own risk. The official detailed instructions can be found at the Google Workspace support site. While these email setup instructions are pertinent to Google Workspace, all email servers, such as MS Office 365, have similar settings and are just as critical to setup.
Step 1 – Let’s set a SPF record for your Domain (Sender Policy Framework)
With nothing to do with sun cream, SPF – Sender Policy Framework – is a simple system used to check whether email comes from the email address claimed in the email message headers (the information used by computers to ensure your email gets to its intended recipient).
- Log into your Domain Admin console, e.g., mybusiness.ca (1and1, Go Daddy, etc).
- Now, Locate the advanced DNS record settings.
- You must create a new TXT record and assign it the value v=spf1 include:_spf.google.com ~all.
- Save, and you’re done; simple, huh?
Set 2 – Let’s set a DKIM record for your domain (DomainKeys Identified Mail)
As spammers become more sophisticated, so do the methods used to remove them. To prevent being incorrectly identified as a spammer, create a DKIM—DomainKeys Identified Mail—record.
Step 2a – first, you need to generate a DKIM domain key:
- Sign into your Google Apps Admin console, then select Apps -> Google Apps -> Gmail -> Authenticate email
- Select your domain from the drop-down list and click the Generate new record button.
- Copy the generated text.
Step 2b – Now you need to create an accompanying record to tie the DKIM key to your email domain:
- Log into your domain provider’s admin console.
- Locate the advanced DNS settings page.
- Please create a new TXT record with the name google._domainkey and assign it the values generated in the first step. It should look similar to v=DKIM1; k=rsa; p=ALb9a35QAA35in7qDAB (although your ‘p”s’ction will be much longer).
- Click Save to apply the changes.
Step 2c -Now that the DNS records are updated, we need to instruct Google Apps to use your new DKIM key to protect your email:
- Log into the Google Workspace Admin console again.
- Select Apps -> Google Apps -> Gmail -> Authenticate email
- Choose the correct domain from the drop-down.
- Click Start authentication.
Note that it may take 48 hours before the setting takes effect globally.
Step 3 – Setting up a DMARC record (Domain Message Authentication Reporting & Conformance)
The final step to proving you are not an evil spammer is the creation of a DMARC – Domain-based Message Authentication, Reporting and Conformance – record. Because DMARC is built on both SPF and DKIM technologies, you will need to ensure you have completed both stages above before continuing:
- Log into your domain provider’s admin console.
- Locate the advanced DNS settings page.
- Create a new TXT record with the name dmarc.yourdomain.com and then assign it the value: v=DMARC1; p=reject; rua=mailto:postmaster@yourdomain.com
- Click Save to apply the changes.
At the most basic level, this record checks all outgoing emails to verify the email was sent from your domain. If not, the message is automatically rejected, so your customers never receive spam pretending to be from you. There will also be a daily report email to postmaster@yourdomain.co.uk (you can change this to any address you want) with details of all messages that have been rejected so you can check nothing is being filtered incorrectly.
Let’s Check and make sure the changes worked.
Finally, you must check that your domain’s SPF, DKIM, and DMARC records are all configured correctly. Visit the Google Admin Toolbox, type your domain name, and click Run Checks! You will see a report confirming that you have an SPF record and that DKIM and DMARC are now set up.
You should now find that even more of your emails make it into your customers’ and prospects’ inboxes, helping to boost campaign success. You will also see fewer emails going “missing” because enthusiastic spam filters have incorrectly filtered them.
And don’t forget – if that all seems too complicated, KRS can do it for you.
