Setup Email Authentication

5 Steps to Setup Email Authentication: SPF, DKIM & DMARC

Storyteller Media covers SEO, online business, and marketing. When you use our links, we may earn an affiliate commission. Learn more

If your business emails are going to spam, you should setup email authentication.

It’s free and takes just a few minutes. Here are the steps to do it.

Correctly authenticating email (and the domains they send from) is an important step for your business. Otherwise, the benefits from your conversion optimizations, new site design, and increased organic traffic can be lost. This guide will ensure your messages to new clients will get delivered.

The Problem: Emails sent from my domain-based email address weren’t being delivered.

Right or wrong, I use my work email for some volunteer work. This involves emailing notices and schedules to large groups of people. And while everyone wants to receive them, most emails don’t require a response. So to a server, it appears that I’m spamming large groups of people with unwanted emails, most with attachments and links.

As a result, my overall deliverability has gotten worse. Just a couple of weeks ago, I emailed a new client the results of two technical site audits. But they never received the email. It seems that the attachments and links to the Google Sheets file caused it to be sent to spam. This is embarrassing and it wastes time.

The Solution: Authenticate My Email. This establishes the correct trust signals so mail servers will deliver the message.

Here’s how to do it.

5 Steps to Setup Email Authentication

This guide shows the steps with Google Workspace (email service) and GoDaddy (domain registrar). While the interface will look a little different if you use another company, the steps are the same.

Step 1: Add Your Domain

To begin, you’ll need to add your domain name to your Google Workspace account.

  1. Go to the Google Workspace Admin Console. https://admin.google.com/
  2. Go to Account > Domains > Manage Domains.
  3. Click Add a Domain
  4. Follow the instructions to Verify and Gmail Activate your domain. This includes adding entries to your DNS via your domain registrar. Mine is GoDaddy, but they are almost all the same.
add domain to google workspace
Add your domain to Google Workspace – the first step to authentication

This is the furthest I went. And my domain-based email addresses have worked fine for the past 15+ years.

That is, until recently, when I started to have problems with messages going to spam/junk folders.

I fixed the problem by authenticating my email. Here’s how to do it.

Curious if your domain has already been authenticated? Go to the Check MX section of your Google Admin Toolbox.

If it hasn’t been authenticated, continue to step 2.

Step 2: Setup Your SPF Record

An SPF record defines (limits) the mail servers that are allowed to send mail for your domain.

SPF stands for Sender Policy Framework.

This TXT record is entered in your DNS for your domain name.

If you only use Google Workspace to send email for your domain, use this line:

v=spf1 include:_spf.google.com ~all
spf record for domain authentication

If you want to allow other mail servers, you’ll have to enter a custom SPF record. Here’s how to set that up.

Step 3: Setup DKIM For Your Domain

While most email providers will have a default DKIM, it is recommended to set up your own for your domain.

DKIM stands for DomainKeys Identified Mail.

Your DKIM key will be used on all outgoing messages.

  1. Go to the Google Workspace Admin Console. https://admin.google.com/
  2. Go to Apps > Google Workspace > Gmail.
  3. On the Gmail settings page, go to Authenticate email.
  4. Select the domain where you’ll be using DKIM key. Then click Generate New Record.
  5. Copy your new DKIM key and paste it as a new TXT record in your domain DNS settings. Now go back to the Gmail settings page in Google Workspace Admin Console and click Start Authentication.
generate dkim record
You’ll generate a DKIM record here. Make sure to select the domain you are going to authenticate.
dkim authentication
Here’s how your DKIM key will look inside your domain registrar’s DNS settings .

You’ll wait for 48 hours for the DNS to fully propagate. Then, you can move to the next step and set up DMARC for your domain.

Step 4: Setup DMARC

This final step isn’t required but is recommended.

Using DMARC allows you to manage messages that are checked by SPF and DKIM authentication.

If there is a problem with a message (like not passing these authentications), you get notified, and you can decide how to handle it. You can choose to deliver, reject, or send to spam.

In its most basic form, here’s what your DMARC entry will look like.

DNS TXT Entry
Name: _dmarc
Content: v=DMARC1; p=none;

Here’s the guide to setting up DMARC.

DMARC stands for Domain-based Message Authentication, Reporting & Conformance.

Here is a visual guide to these steps.

5. Consider Setting Up BIMI

BIMI stands for Brand Indicators for Message Identification. BIMI is pronounced bih-mee.

BIMI is a relatively new email security feature. And it works alongside your DMARC record. This is best for larger brands and organizations. Many well-known brands use BIMI, including CNN, Target, and Ikea.

To implement BIMI, you’ll need a Verified Mark Certificate (VMC) – a digital certificate proving your ownership of your trademark. And this costs USD$1299+. And you’ll need a separate VMC for each logo variation you want to use in your email.

How to Implement BIMI: Once you have your VMC issued, you can implement your BIMI by adding a TXT record in your DNS.

More about BIMI.

Do You Need BIMI? Probably not, especially if you are a small business. But it’s worth considering if you have the budget and want that extra reputation boost for email deliverability.

Monitor Your Spam Rate and Domain Reputation

Now that your email is authenticated, you can monitor it with Google Postmaster Tools.

Target Spam Rate: Below 0.1% to avoid having your messages filtered as spam. And you’ll start having trouble if your spam rate goes above 0.3%.

For more help, try these five free tools to check IP reputation and domain health.

Setup Email Authentication

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

Ready to Increase Site Earnings?

To get started, please book a Discovery Call. You’ll learn about our services and we’ll learn about your goals and challenges. And we’ll see if your needs and our skills are a good fit. Your call will be with Bryan.

Your Discovery Call is the first step to generating more revenue with your site.

If you already know what you need, you can order those services here. These services include SEO audits, new site builds, and other marketing and SEO services.