Improve Email Deliverability for Google Apps with SPF and DKIM

Sinoun Chea

Are you using Google Apps and have a problem with not receiving all your emails? Or maybe all your emails aren’t being sent out either. Sometimes, you find out the hard way. But have no fear, there is a way to fix this!

Keep in mind that email deliverability isn’t solely a Google issue. It is a problem across all mail providers, but I’ll just be discussing Google Apps since this is what I use and have experience with.

Personal Experience

I won’t get into too many details of my personal experience, but I do have unsettling proof that I wasn’t receiving all my emails. On the other end, it’s difficult to get proof if clients didn’t receive my emails. How do you pinpoint a problem if there isn’t a notification of email rejection?

I’ve been using Gmail since 2005 and Google Apps since 2009 and never really had problems before (or maybe I wasn’t aware). While I was experiencing the problems I was very frustrated with Google, but my phone conversation with their technical support brought my confidence back to the company and it taught some valuable things that I don’t think most people know about.

If you had similar problems like me and tried to “Google” a solution for Gmail reliability and deliverability, you probably came across this useless troubleshoot. After a little more digging, you’ll learn that the problem you’re having can be rectified by configuring SPF and DKIM. Until recently, I had never heard of these terms before. If you haven’t either, then you probably don’t have the confidence configuring it all on your own. Well, you’re in luck! Continue reading to learn how to improve your Gmail (Google Apps) deliverability.

Add an SPF DNS record for your domain

An SPF or Sender Policy Framework record indicates which mail servers are authorized to send mail for a domain. Email recipient servers check to see if an incoming email is coming from an authorized mail server. If not, then the email is more likely to be seen as spam. If you set up an SPF record, the recipient server will see the verification and verify that an email you sent is from an authorized server (in this case, Google Apps). As you can see, setting up an SPF record is an absolute must if you don’t want your emails to be blocked by spam filter.

To add an SPF record in your DNS, it is quite simple. Log into your domain’s account and find the area to add a TXT record. Add the following as a TXT record with the @ symbol for the host:

v=spf1 a include:_spf.google.com ~all

Save the new changes in your domain’s admin. That’s it!

Authenticate email with DKIM

The next step is to configure DKIM for Google Apps. A DKIM or DomainKeys Identified Mail record adds a digital signature to emails your organization sends. This lets the email recipient know that you are a legitimate sender and authenticates outgoing emails.

To add a DKIM record, you’ll need to log into your Google Apps account as well as your domain’s manager account. First, we will need to get your unique DKIM record from your Google Apps account. Go to your Google Apps admin settings area and then click on Gmail. You will now see a few options for your mail account. Click on Authenticate email towards the bottom. A little pop-up on the right of your screen will come up and you will see something similar to this:

Click on Generate new record. A pop-up will come up asking you for a “Prefix selector”. It should say “google” by default — just leave it as it is. Click the “Generate” button and Google will generate a unique and very long TXT record value.

Copy the “DNS Host name (TXT record name)” to your clipboard, which should be google._domainkey. Now head over to your domain’s admin and create a new TXT record. Paste the text google._domainkey into the Host area of this new Text record.

Now go back to your Google Apps admin and copy the long TXT record value. Make sure you get every single character! Paste it into your domain’s TXT value field that you just created. Make sure you save the zone file!

If you are using Godaddy, it should look something like this:

Once you save the new TXT record in your domain’s admin, go back to Google Apps. Towards the bottom of the area where Google provided you with your DKIM TXT record, you can check to to see if the authentication record went through. Note that it could take up to 48 hours for your new records to propagate. If you use Godaddy like me, you’ll notice that it’ll only take about 10 minutes. They are pretty fast when it comes to DNS updates.

Once the authentication starts, you’ll see a green check mark like the image on the right.

And that is it my friends! You now have SPF and DKIM set up for Google Apps. You can now be rest assured that your Google Apps email will be more deliverable and reliable. Personally, this will become one of the first things I do when I purchase a domain.

Bonus Tip

What if you’re like me and you send emails from other services like MailChimp or Freshbooks? You can include them in your SPF, too!

Mailchimp:
v=spf1 a include:servers.mcsv.net ~all

Freshbooks:
v=spf1 a include:_spf.freshbooks.com ~all

I hope that learning this new piece of information will improve your productivity as it has for me!

Do you have any questions or comments? Let us know in the comments below!

Contents

Tagged with:

Sinoun Chea

I help small businesses Do Better Online™. When businesses thrive, people also thrive. #morethanjustbusiness

5 Responses

5 thoughts on “Improve Email Deliverability for Google Apps with SPF and DKIM”

  1. Greetings.
    Nice tutorial, but I have a doubt.

    All or most of the emails that came from our domain are being flagged as SPAM. In our case, we are not necessarily using Google Apps, but sending emails to some Gmail email accounts.
    I’m reviewing the SPF configuration.,
    Before I make some changes, it was like that:

    name_of_our_domain TXT: “v=spf1 a mx ip4:37.X.X.X ~all”

    After I changed to:
    “v=spf1 a mx a:37.X.X.X include:_spf.google.com ip4:37.X.X.X ~all”

    Where 37.X.X.X is our real IP address.
    Do you believe this configuration is right? Do I have to change annything else?
    Please let me know.

    1. Hi Denis!
      I hate to say that I’m really not sure if your configuration is correct. It has been a long time since I set up SPF and I’ve only done it for Google Apps. I think the best source of getting the correct configuration would be from your email provider.
      Sinoun

  2. Hi Sinoun!!
    Great Article! I have only 1 question: what happens if I have BOTH (google apps + mailchimp)? What my SPF/TXT record will be like?
    I have 2 alternatives
    1) To create 2 TXT records, like this
    v=spf1 a include:_spf.google.com ~all
    v=spf1 a include:servers.mcsv.net ~all
    2) To create only one TXT record, like ths:
    v=spf1 a include:_spf.google.com include:servers.mcsv.net ~all

    What do you think?
    Thxs in advance!

    1. Pato,

      SPF guidelines stipulate that if you have more than one server/service that has to be authenticated then you must include all in one SPF record. If you create 2 separate records it will cause both authentication and delivery problems.
      So your option 2) will be the correct one to use.

      Werner

  3. Please correct your post. Your BONUS TIP is wrong. If you use different mail servers – they go into ONE record.

Leave a Comment

Your email address will not be published. Required fields are marked *

Share This
Scroll to Top

This website uses cookies to improve your experience.
See our Privacy Policy to learn more.