How to add SPF and DKIM

Problem

Emails sent by client are being tagged as spam.

Environment

Gmail

Solution

Enable Sender Policy Framework (SPF)

Login to your DNS dashboard in your domain host.
Add the following record to your domain:
- Type: TXT
- Name/Host: @ or domain name or leave it blank
- TTL: default or 3600 seconds
- Value:
```
 v=spf1 include:_spf.google.com ~all
```

Generate DomainKeys Identified Mail (DKIM) record

Sign in to the Google Cloud console.
Navigate to Apps > Select Google Workspace > click Gmail > Go to Authenticate email.
In the Selected domain menu, select the domain where you want to set up DKIM.
Click Generate new record.
For DKIM key bit length select 1024.
For Prefix selector, we recommend you use the default.
Click Generate.
Copy the DKIM values shown in the Authenticate email window.

Add DKIM to your domain host

Go to your DNS settings in your domain host.
Add a TXT record in your DNS Records and use the value generated in the Google Admin console.
- Note: Wait for 48 hours before following the next step.

Turn on DKIM signing

Sign in to the Google Admin console.
Navigate to Apps > Google Workspace > Gmail > Authenticate Email.
In the Selected domain menu, select the domain where you want to turn on DKIM.
Click on Start Authentication. Process finishes when the status at the top of the page changes to: Authenticating email with DKIM.

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2023-10-02 UTC.