If you are using Google Workspace for your email accounts and Google domains as your domain host, you will need to set up some DNS records prior to starting using your email accounts for sending.
Adding a domain from Google domain to Google Workspace
You can connect your Google domain to your Google Workspace in a few simple steps, by giving permissions to Google Workspace to automatically generate DNS records for your domain. The records that will be generated automatically are MX, SPF, TXT and DKIM.
Go to your Manage Domains page by clicking on Account, Domains, and Manage domains.
3. Click on Add a domain button
4. Enter the domain name, select Secondary domain type and click on Verify domain
5. On the next page you will be asked to sign in to verify the domain. Sign in to the account that you used to buy the domain from Google.
5.1. If the account that you used to buy the domain is different from the workspace admin account, you will need to sign in with its credentials to verify the ownership of the domain.
5.2. You will be asked to give the permission to the workspace admin to manage the domain. Click Add.
5.3. Click on Go to Google Workspace
6. After you verify your ownership and go back to Google Workspace, your domain will be verified. Next step is to activate Gmail.
7. Click on Activate Gmail
8. Select Set up MX Record and click NEXT
9. You will be asked to sign in to your Google Domain. After you sign in and authorize, Google will automatically update your domain settings to start routing your emails to Gmail. Sign in with the account that you used to buy the Google domain.
10. Records that will be automatically added to your domain DNS are MX, SPF, TXT and DKIM. Click on Yes, connect.
You can now go to your Google domains, check the DNS records of the domain that you connected to Google workspace. Click on Google workspace to see all the records created.*
DMARC Set up
On the DNS page for your domain, click on the arrow of the Custom Records
Enter the following, and confirm by clicking Save.
TTL for this record is set to the lowest possible (1h is perfectly fine).
For rua and ruf tags in the Value field, replace [email protected] with your email address.
You can also use third-party websites to help you generate your DMARC.
More about the value parts:
v=DMARC1 tells the Internet that this is the DMARC record.
p= specifies what you want to do with your emails. p=none is what we recommend and it tells the recipient mail servers to do nothing with emails. Once you are comfortable with the report-only policy, you can scale it to the p=quarantine which tells the recipient mail servers to quarantine or move the messages to the spam folder if they fail spam checks. After that, you can change it to p=reject which tells the email servers to reject any email that fails the checks.
rua=mailto:[email protected] is very important, and you will replace the address with your email to receive the reports generated about your domains (on fraudulent emails that are being received across the internet, sent by your domain).
ruf=mailto:[email protected] is like the “rua” tag but allows you to specify any email address to receive your DMARC Forensic reports. The Forensic reports are sent to you when someone attempts to send an email impersonating your domain and it fails your DMARC and DKIM authentication.
ri=86400 allows you to specify the aggregate report interval in seconds. The minimum and the default value is 86400 seconds which equates to 24 hours. This means every 24 hours you will receive a DMARC Aggregate report.
aspf=s is an optional tag. You can use this tag to specify if you want to set your SPF policy to strict or relaxed. Your SPF policy basically makes sure all emails sent using your domain are authorized to send.
adkim=s strict or relaxed DKIM policy.
fo=1 is an optional tag. It allows you to tell email service providers that you want email samples if the emails failed. The 1 value generates reports if any of your authentication mechanisms fail. SPF OR DKIM.
Custom tracking domain
To finish the set up you can create the custom record right away.
Later you can just activate it for your email accounts in Instantly.