This article covers the SPF and DKIM authentication processes for Google Workspace and how they are managed in Valimail Enforce. While only one of the two authentication methods is required for an email to pass DMARC, our recommendation is to configure both whenever possible.
TABLE OF CONTENTS
- Configuring DKIM authentication for your Google Workspace emails
- Add a Google Workspace DKIM key in Enforce
- Configuring SPF authentication for your Google Workspace emails
Configuring DKIM authentication for your Google Workspace emails
Note: You need to signed into the Google Workspace console as a super administrator. More details here.
1. Sign in to your Google Admin console (at admin.google.com) with super administrator privileges.
2. Go to Apps -> Google Workspace -> Gmail.
3. Click Authenticate email.
4. In the Selected domain menu, select the domain where you want to set up DKIM.
5. Click the Generate New Record button.
6. In the Generate New Record box, select your DKIM key settings. We recommend you choose the 2048 key value.
|DKIM key bit length|
2048—If your domain provider supports 2048-bit keys, select this option. Longer keys are more secure than shorter keys. If you previously used a 1024-bit key, you can switch to a 2048-bit key if your domain provider supports them. Read more about domain keys and TXT record limits.1024—If your domain host doesn't support 2048-bit keys, select this option.
The default selector prefix is google. We recommend you use the default.
If your domain already uses a DKIM key with the prefix google, enter a different prefix in this field. Read more about DKIM selectors.
7. At the bottom of the Generate new record box, click Generate. On the setting page, the text string beneath TXT record value changes to a new value and this message is displayed: DKIM authentication settings updated.
8. Copy the DKIM values shown in the Authenticate email window and publish the Google generated DKIM key in the Valimail Enforce platform.
9. After adding the DKIM TXT key record in Valimail Enforce, click on Start Authentication in your Google Workspace admin panel.
You can find the instructions on how to turn on DKIM in Google Workspace here.
Add a Google Workspace DKIM key in Enforce
1. Go to your domain's Configuration page in Valimail Enforce and publish the newly created DKIM key.
a. Scroll down and add the two DKIM keys in your configuration, by clicking on Add a DKIM key.
b. Enter the selector name, the DKIM TXT value (the actual value is the entire string after the p= tag), associate the key with Google Workspace and then click Add.
Configuring SPF authentication for your Google Workspace emails
Once you establish that Google Workspace is an authorized sender for your domain, you will need to add the service in your Enabled Senders list in Enforce.
1. Please go to your domain's Configuration page in Enforce.
2. Click on the + sign from the Enabled Senders section:
3. Choose Google Workspace from the list of configurable senders and then click Enable:
We encourage you to use the comment section for any useful information about your sending service, such as the name of the service owner, change request ticket numbers, etc.
You may notice that Google Workspace emails are not authenticated via SPF, even after you have added Google Workspace to your domain's configuration. This is likely caused by Google Workspace not sending SPF aligned-mail and can be corrected by the service owner turn on SPF alignment for your domain in Google Workspace.
You can find more info about setting up SPF and turning on SPF alignment here.
As always, if you have any questions, please don't hesitate to submit a ticket.