DNS Records Setup for Gmail: The Ultimate Beginner’s Guide

 Woah there, Partner! ✋

You may already have some of these records set up.
Check your DNS settings first to see if you already have SPF, DKIM, or DMARC records set up.
No need for extra work. That would be silly…

Cool 👍 NOW let’s look at how to set up three important records

Let’s begin with Why DNS Records Matter

Before you start sending any emails, even test ones, you should check your DNS records. These records tell other email service providers (like Gmail or Outlook) that your emails are real and not fake. This means your emails are more likely to end up in someone’s inbox instead of their spam folder.

SPF: Your Email’s ID Card

SPF stands for Sender Policy Framework. It’s like an ID card for your emails. It tells other email services which servers are allowed to send emails from your domain (the part after the @ in your email address).

Here’s how to set SPF up:

1. Log into your domain provider’s website (like Google Domains or GoDaddy).
2. Find the DNS management page.
3. Look for TXT records. If you see one that starts with v=spf1, you might already have an SPF record.
4. If you don’t have one, create a new TXT record:
   • Name/Host/Alias: Use @ or leave it blank
   • Type: TXT
   • TTL: Use 3600 or the default
   • Value: v=spf1 include:_spf.google.com ~all
5. Save it and wait 2-3 days for it to start working.

DKIM: Your Email’s Signature

DKIM, which stands for DomainKeys Identified Mail, is like a digital signature for your emails. It proves that the email really came from you and wasn’t changed along the way.

How to set up DKIM:

1. Go to admin.google.com and log in.
2. Navigate to Apps → Google Workspace → Gmail → Authenticate Email.
3. Check if DKIM is already set up.
4. If not, create a new DKIM key in Google Admin.
5. Go back to your domain provider and create a new TXT record:
   • Name/Host/Alias: google._domainkey
   • Type: TXT
   • TTL: Use the default
   • Value: Use the DKIM key from Google Admin
6. Go back to Google Admin and click “Start Authenticating.”

DMARC: Your Email’s Security Guard

DMARC (Domain-based Message Authentication, Reporting, and Conformance) is like a security guard for your emails. It tells other email services what to do with emails that fail the SPF and DKIM checks.

Here’s a breakdown of a DMARC setting in plain Ol’ English:

• v=DMARC1: This just means it’s using version 1 of DMARC (there’s only one version right now).
• p=quarantine: If an email fails the DMARC check, Gmail will treat it as suspicious and will most likely toss it into timeout (“quarantine”).
• pct=90: This means 90% of the email traffic will follow the “quarantine” policy. The other 10%? They’ll still fail DMARC, but they won’t be quarantined—they’ll just be delivered as usual. 
• sp=none: For emails from subdomains (like hello@sub.yourdomain.com), this says “don’t worry about DMARC for them.”

How to set up DMARC:

1. Log into your domain provider’s site.
2. Go to the DNS management page and create a new TXT record:
   • Host Name: _dmarc
   • Type: TXT
   • Value: v=DMARC1; p=quarantine; pct=90; sp=none
3. Save the record and start checking DMARC reports.
4. After a few weeks, you might want to update your DMARC policy:
   • Quarantine: Moves suspicious emails to the spam folder.
   • Reject: Blocks emails that fail DMARC checks completely.