Setting DNS records improperly can cause unauthorized parties to masquerade as your email domain. In this post, I show all of the DNS records that must be added.
@: v=spf1 include:_spf.google.com -all*: v=spf1 -all@: v=DMARC1; p=quarantine; sp=reject; rua=mailto:[email protected]@: v=spf1 include:_spf.google.com -allThis record ensures that all email being sent from your root domain comes from Google Workspace.
*: v=spf1 -allIf a subdomain does not exist, this rule ensures that all email being sent from the subdomain is flagged and/or rejected.
@: v=DMARC1; p=quarantine; sp=reject; rua=mailto:[email protected]This rule marks all unauthenticated email from your root domain as spam (quarantine)
and instructs recipients of unauthenticated email to reject all email from your subdomains (reject).
DKIM ensures that Google is cryptographically signing the contents of your emails. This ensures that your email contents aren't being tampered with.
Thanks for reading! Have any questions, comments, or suggestions? Feel free to use the comment section below or email me at [email protected] and I'll do my best to respond.
Alternatively, you can view the source of the post here and send a pull request.