GoDaddy & Google Workspace: MX, SPF, DMARC and DKIM

If you are using Google Workspace for your email accounts and GoDaddy as your domain host, you will need to set up some DNS records prior to starting to use your email accounts for sending.

Here is an overview of what we are going to cover in this article:

Adding a domain from GoDaddy to Google Workspace

SPF set up

DKIM set up

DMARC set up

0. Step zero, buy a domain on GoDaddy of your choosing

1. Log into your Google Workspace Admin console https://admin.google.com/

2. Click on the "Account" tab and scroll down to the "Domains" tab. Here you will click on the "Manage domains" or use this link https://admin.google.com/u/2/ac/domains/manage

Click on "Add a domain" link:

3. Enter a domain name that you purchased from GoDaddy, select the Secondary domain type and click on "ADD DOMAIN & START VERIFICATION". This will be finished automatically.

Copy the code

Based on the instructions above, go to GoDaddy, select the domain you bought

and enter the TXT verification code and save.

Then go back to Google admin panel and verify the domain

4. Next step is activating Gmail and this will automatically create MX records for your domain.

Go to your domains in Google Workspace and select the domain that you want to activate Gmail for, click on the "Activate Gmail" link.

It will open the following dialog:

Choose "Set up MX record" and click on "NEXT". Give it a few minutes while it finishes automatic activation.


Set up SPF


After you've connected your domain with Google Workspace and verified it (Google will automatically do this by creating MX and SPF records in your Domain DNS), you need to add the rest of the DNS records.

Check your SPF records, you should only have 1 record in DNS. If you only send emails from Google Workspace:

TXT record

Host:@

Value: v=spf1 include:_spf.google.com ~all



Set up DKIM

1. Login to Google Workspace and locate your Gmail settings: Apps/Google Workspace/Gmail or use this link for the authentication page: https://admin.google.com/u/2/ac/apps/gmail/authenticateemail

You can also locate it by typing in the search bar "DKIM".


Click on "Authenticate email". This will direct you to generate your DKIM record. Make sure you have the correct domain selected. Click on "GENERATE NEW RECORD" and keep the default settings. Now you can copy the data from Google Workspace to your GoDaddy record. Once you do it, you can start authentication (described in the next step).

Do not close this tab because you will need DNS Host name (TXT record name) and TXT record value for creating DKIM in your GoDaddy settings.


2. Sign in to your GoDaddy account and locate the domain where you want to set up the records, use this link https://dcc.godaddy.com/domains.

On DNS page, you should already see the MX and SPF records saved there by Google.

Create another DNS record (DKIM) in GoDaddy by clicking on "Add" button under "DNS Records":

Now, copy and paste the DNS Host name (TXT record name) and TXT record value from Google Workspace and paste them into your new DNS record.

TTL field you can leave as default value. It should look something like this and then save:

Save it and wait for the confirmation, DKIM has been set up.


3. Go back to Google Workspace authentication page and click on "Start Authentication" Give it some time to finish.

If you get the error message as on the image, make sure you saved your record in the GoDaddy DNS and try to authenticate again in a few minutes.

Set up DMARC

DMARC record is a TXT record that you'll need to input into GoDaddy DNS.


Use https://easydmarc.com/tools/dmarc-record-generator? to easily generate your DMARC record.

1. Sign in to your GoDaddy account and locate the domain where you want to set up the records, use this link https://dcc.godaddy.com/domains. Locate the domain, click on the three dots next to it, and select "Manage DNS".

2. Under DNS Records, click on Add:

Copy the following:

Type:

TXT

Name:

_dmarc

Value

v=DMARC1; p=reject; rua=mailto:email@yourdomain.com, mailto:email@yourdomain.com; pct=100; adkim=s; aspf=s

TTL for this record is set to the lowest possible or default (1h is perfectly fine).

Rua and Ruf tags are optional for any domain / email provider, so if you don't want to receive DMARC reports, you can leave these out.

If you are using rua tag in the Value field, replace email@yourdomain.com with your email address.

More about the value parts:


v=DMARC1 tells the Internet that this is the DMARC record.

p= specifies what you want to do with your emails. p=none is what we recommend and it tells the recipient mail servers to do nothing with emails. Once you are comfortable with the report-only policy, you can scale it to the p=quarantine which tells the recipient mail servers to quarantine or move the messages to the spam folder if they fail spam checks. After that, you can change it to p=reject which tells the email servers to reject any email that fails the checks.

rua=mailto:email@yourdomain.com is very important, and you will replace the address with your email to receive the reports generated about your domains (on fraudulent emails that are being received across the internet, sent by your domain).

ri=86400 allows you to specify the aggregate report interval in seconds. The minimum and the default value is 86400 seconds which equates to 24 hours. This means every 24 hours you will receive a DMARC Aggregate report.

aspf=s is an optional tag. You can use this tag to specify if you want to set your SPF policy to strict or relaxed. Your SPF policy basically makes sure all emails sent using your domain are authorized to send.

adkim=s strict or relaxed DKIM policy.

fo=1 is an optional tag. It allows you to tell email service providers that you want email samples if the emails failed. The 1 value generates reports if any of your authentication mechanisms fail. SPF OR DKIM.

Optional: Set up Forwarding

Also, you want to forward the new domains to your main domain. This can be done in the settings of your domain provider. If you are using GoDaddy, you can follow this guide.

Did this answer your question?
😞
😐
😁