SPF, DMARC and DKIM: GoDaddy & Google Workspace

If you are using Google Workspace for your email accounts and GoDaddy as your domain host, you will need to set up some DNS records prior to starting using your email accounts for sending.

Here is an overview of what we are going to cover in this article:

Adding a domain from GoDaddy to Google Workspace

We created a step-by-step video that will guide you through the process:

1. Log into your Google Workspace Admin console https://admin.google.com/

2. Click on the "Account" tab and scroll down to the "Domains" tab. Here you will click on the "Manage domains" or use this link https://admin.google.com/u/2/ac/domains/manage

Click on "Add a domain" link:

3. Enter a domain name that you purchased from GoDaddy, select the Secondary domain type and click on "ADD DOMAIN & START VERIFICATION". This will be finished automatically.

4. Next step is activating Gmail and this will automatically create MX records for your domain.

Go to your domains in Google Workspace and select the domain that you want to activate Gmail for, click on the "Activate Gmail" link.

It will open a dialog choose "Set up MX record" and click on "NEXT". Give it a few minutes while it finishes automatic activation.

SPF Records Setup

After you've connected your domain with Google Workspace and verified it (Google will automatically do this by creating MX and SPF records in your Domain DNS), you need to add the rest of the DNS records.

Check your SPF records, you should only have 1 record in DNS. If you only send emails from Google Workspace:

TXT record

Host:@

Value: v=spf1 include:_spf.google.com ~all​

DKIM Records Setup

1. Login to Google Workspace and locate your Gmail settings: Apps/Google Workspace/Gmail or use this link for the authentication page: https://admin.google.com/u/2/ac/apps/gmail/authenticateemail

You can also locate it by typing in the search bar "DKIM".

Click on "Authenticate email". This will direct you to generate your DKIM record. Make sure you have the correct domain selected. Click on "GENERATE NEW RECORD" and keep the default settings. Now you can copy the data from Google Workspace to your GoDaddy record. Once you do it, you can start authentication (described in the next step).

Do not close this tab because you will need DNS Host name (TXT record name) and TXT record value for creating DKIM in your GoDaddy settings.

2. Sign in to your GoDaddy account and locate the domain where you want to set up the records, use this link https://dcc.godaddy.com/domains.

Next to the domain name, there are three dots. Click on them and select "Manage DNS":

On DNS page, you should already see the MX and SPF records saved there by Google.

Create another DNS record (DKIM) in GoDaddy by clicking on "Add" button under "DNS Records":

Now, copy and paste the DNS Host name (TXT record name) and TXT record value from Google Workspace and paste them into your new DNS record.

TTL field you can leave as default value. It should look something like this:

Save it and wait for the confirmation, DKIM has been set up.

3. Go back to Google Workspace authentication page and click on "Start Authentication" Give it some time to finish.

If you get the error message as on the image, make sure you saved your record in the GoDaddy DNS and try to authenticate again in a few minutes.

DMARC Records Setup

DMARC record is a TXT record that you'll need to input into GoDaddy DNS.

Important: Configure DKIM and SPF before configuring DMARC. DKIM and SPF should be authenticating messages for at least 48 hours before turning on DMARC.

1. Sign in to your GoDaddy account and locate the domain where you want to set up the records, use this link https://dcc.godaddy.com/domains. Locate the domain, click on three dots next to it and select "Manage DNS".

2. Under DNS Records, click on Add:

Copy the following:

Type:

TXT

Name:

_dmarc

Value:

v=DMARC1;p=none;sp=none;pct=100;rua=mailto:[email protected];ruf=mailto:[email protected];ri=86400;aspf=s;adkim=s;fo=1

TTL for this record is set to the lowest possible (1h is perfectly fine).

For rua and ruf tags in the Value field, replace [email protected] with your email address.

Save the record in your GoDaddy DNS, wait for the confirmation and you are done!

It should look like this:

<IMAGE_HERE>

You can also use third-party websites to help you generate your DMARC.

More about the value parts:

v=DMARC1 tells the Internet that this is the DMARC record.

p= specifies what you want to do with your emails. p=none is what we recommend and it tells the recipient mail servers to do nothing with emails. Once you are comfortable with the report-only policy, you can scale it to the p=quarantine which tells the recipient mail servers to quarantine or move the messages to the spam folder if they fail spam checks. After that, you can change it to p=reject which tells the email servers to reject any email that fails the checks.

rua=mailto:[email protected] is very important, and you will replace the address with your email to receive the reports generated about your domains (on fraudulent emails that are being received across the internet, sent by your domain).

ruf=mailto:[email protected] is like the “rua” tag but allows you to specify any email address to receive your DMARC Forensic reports. The Forensic reports are sent to you when someone attempts to send an email impersonating your domain and it fails your DMARC and DKIM authentication.

ri=86400 allows you to specify the aggregate report interval in seconds. The minimum and the default value is 86400 seconds which equates to 24 hours. This means every 24 hours you will receive a DMARC Aggregate report.

aspf=s is an optional tag. You can use this tag to specify if you want to set your SPF policy to strict or relaxed. Your SPF policy basically makes sure all emails sent using your domain are authorized to send.​​adkim=s strict or relaxed DKIM policy.

fo=1 is an optional tag. It allows you to tell email service providers that you want email samples if the emails failed. The 1 value generates reports if any of your authentication mechanisms fail. SPF OR DKIM.

Optional: Set up Forwarding

Also, you want to forward the new domains to your main domain. This can be done in the settings of your domain provider. If you are using GoDaddy, you can follow this guide.

Was this article helpful?

SMTP
SPF, DMARC and DKIM: GoDaddy & Microsoft/Office 365 accounts