How to enable Sender Policy Framework and DKIM


It is brought to your attention that some emails sent by a client are being tagged as spam.


  • Gmail


Enable Sender Policy Framework (SPF)
  1. Login to the DNS dashboard in your domain host.
  2. Add the following record to your domain:
    • Type: TXT
    • Name/Host: @ or domain name or leave it blank
    • TTL: default or 3600 seconds
    • Value:
       v=spf1 ~all

Generate DomainKeys Identified Mail (DKIM) record

  1. Log in to the Admin console.
  2. Navigate to Apps Google Workspace > Gmail > Authenticate email.
  3. In the Selected domain menu, select the domain where you want to set up DKIM.
  4. Click Generate new record.
  5. For DKIM key bit length select 2048.
    • Important: Longer keys are more secure, for additional details see this article.
    • Note: If your domain provider allows it, consider switching to a 2048-bit key if you were previously using a 1024-bit key. Otherwise, select 1024.
  6. For Prefix selector, we recommend you to select the default.
  7. Click Generate.
  8. Copy the DKIM values shown in the Authenticate email window.
Add DKIM to your domain host
  1. Go to the DNS settings in your domain host.
  2. Add a TXT record in your DNS Records and use the value generated in the Admin console.
    • Note: Wait for 48 hours before following the next step.

Turn on DKIM signing

  1. Log in to the  Admin console.
  2. Navigate to Apps > Google Workspace > Gmail > Authenticate Email.
  3. In the Selected domain menu, select the domain where you want to turn on DKIM.
  4. Click Start Authentication. Process finishes when the status at the top of the page changes to: Authenticating email with DKIM.