Stop your emails going into Spam with Google Workspace

It's estimated that up to 90% of the billions of emails sent daily are spam. The war on spam is real, and you don't want your business emails caught in the crossfire.
15 March 2023 | Digital Business

Unless your business is actually all about pushing questionable pharmaceuticals, weight loss pills with amazing results or manhood enlargement solutions, you won’t want your emails associated with the billions of them fired off each day.

You know you are a trusted business, but Google might not. As the war on spam intensifies, the filtering rules are getting stricter and the chances your emails will end up in Spam increase.

Luckily there are some ways you can prove your identity and trust in the emails you send.

Faking the email addresses is the first tactic employed by spammers to get you to open their emails. This is a pretty crude disguise, though, and one the spam filters handle without breaking a sweat.

Fake identity? Into the spam prison for you, my friend. Never to experience the sweet freedom of an Inbox again.

Why do websites get hacked? Sometimes just to deliver spam

So how do you prove your credentials to the spam police? By setting up 3 DNS 3 records, called SPF, DKIM and DMARC.

Of course, they have weird names, and you might have switched off when they were mentioned at the time you set up your Google email.

But they are important.

Setting them up is straightforward if you are comfortable in the Google Workspace admin interface. If you are not, or want us to take care of it for you, we will.

If you are an existing customer, log a request through our ServiceDesk. See our Getting Help page for more information.

If you are not a customer but wish you were, let’s have a chat about how we can help take the online headaches away.

Anyway, here are the instructions for setting up SPF, DKIM, and DMARC within Google Workspace. These instructions are to be used at your own risk. Full instructions can be found on the Google Workspace support pages.

Setting up an SPF record

Sender Policy Framework is a way of checking email is coming from the domain it is claiming to be and the most important setting to ensure your email is trusted. When we hear complaints of emails being flagged for spam, then the resolution is usually adding an SPF record to the domain with the correct sending systems (such as your website) in it.

  • Log into your admin console for your domain’s Name Server
  • Find the DNS records
  • Create a new TXT record and assign it the value: v=spf1 include:_spf.google.com ~all. If one exists already, then insert include:_spf.google.com into it. Remember to save before exiting

Setting up a DKIM record

With the SPF record in place, you are doing more than many businesses, but we are not done yet. Let’s add another layer to your anti-spam toolbox – a DKIM record.

DKIM, or DomainKeys Identified Mail to give it it’s proper (geeky) name uses keys generated by your email provider (Google in our case) that are downloaded and checked when your email is received to prove the email originated from your domain.

This is a 3 step process.

Step 1: Generate a DKIM key

  • Sign in to the Admin console of your Google Workspace
  • Select Apps -> Google Workspace -> Gmail -> Authenticate email 
  • Choose your domain and click Generate new record
  • Copy the generated text

Step 2: Publish the key details in your DNS records

  • Log into your domain provider’s admin console again
  • Find the DNS records
  • Create a new TXT record with the name google._domainkey and then paste in the text string you copied from Step 1. It should look something like the example below but the last string will be longer 
    Example: v=DKIM1; k=rsa; p=BHh7a17KFT63UYW5HkEEAA
  • Click Save to apply the changes.

Step 3: Enable DKIM authentication for email in Google Workspace

  • Sign back into your Google Workspace Admin console
  • Select Apps -> Google Workspace -> Gmail -> Authenticate email 
  • Choose your domain from the drop-down
  • Click Start authentication

Note: It could take 24-48 hours for this to be applied worldwide

Setting up a DMARC record

DMARC – Domain-based Message Authentication, Reporting and Conformance is the last mechanism to be set up to help demonstrate your emails should be trusted. Because DMARC relies on both SPF and DKIM , you will need these both in place before proceeding:

DMARC is a policy so there is no standard setup – it helps email systems decide what to do with emails that fail authentication checks claiming to be from your domain.

Learn about DMARC in Google Workspace

  • Log into your domain provider’s admin console one last time
  • Find the DNS records
  • Create a new TXT record and add DMARC policy record
  • Click Save to apply the changes.

Testing

If you got this far, great! You can use this great email deliverability checker tool to identify and issues:

https://www.mail-tester.com

Also these tools can check any SPF, DKIM and DMARC records directly.

If you got stuck or are frightened of having a go and making things worse? That’s OK – we are here to help.