Our Emergency Incident Response Team is Ready 24/7: CALL NOW (833) 578-1916 >

March 12, 2023

How to Fix DMARC and DKIM Vulnerabilities in Google Workspaces

Implementing DMARC and DKIM on a Google Workspaces domain email is an essential step to protect your domain against spoofing and phishing, and to help prevent messages from being marked as spam. Here's a step-by-step guide on how to implement DMARC and DKIM on a Google Workspaces domain email:

Step 1: Turn on DKIM for your domain

The first step to implement DKIM on your domain is to turn it on in the Admin console. To do this, follow these steps:

  1. Sign in to your Google Workspaces Admin console.
  2. Go to Apps > Google Workspace > Gmail > Authenticate email.
  3. In the DKIM section, click Set up.
  4. Follow the on-screen instructions to get your DKIM key.

Step 2: Add your DKIM key at your domain provider

Once you have your DKIM key, you need to add it to your domain provider. To do this, follow these steps:

  1. Sign in to your domain provider account.
  2. Go to the DNS settings for your domain.
  3. Create a new TXT record.
  4. In the Name field, enter the selector and domain from your DKIM key, separated by a period. For example, if your DKIM key is "google._domainkey.example.com", the Name field should be "google._domainkey".
  5. In the Value field, copy and paste the entire DKIM key, including the beginning and ending tags.
  6. Save the record.

Step 3: Verify DKIM is set up correctly

After you've added your DKIM key to your domain provider, you need to verify that it's set up correctly. To do this, follow these steps:

  1. Send an email from your domain to a Gmail address.
  2. In the Gmail account, open the email and click on the three dots in the upper-right corner.
  3. Select Show original.
  4. Check the DKIM status in the original message. It should say "pass" if everything is set up correctly.
  5. You can also enter the message headers into the Google Admin Toolbox Messageheader tool and check the DKIM status.

Step 4: Set up DMARC

The next step is to set up DMARC. DMARC is a policy that tells receiving servers what to do with emails that fail SPF and DKIM checks. To set up DMARC, follow these steps:

  1. Sign in to your Google Workspaces Admin console.
  2. Go to Apps > Google Workspace > Gmail > Authenticate email.
  3. In the DMARC section, click Set up.
  4. Follow the on-screen instructions to set up your DMARC policy.

Step 5: Troubleshoot DKIM issues

If you're having issues with DKIM authentication, there are a few things you can do to troubleshoot. Here are some recommended steps:

  1. Make sure your DKIM key is correct at your domain provider. You can compare the DKIM record value at your provider with the value in your Admin console to verify that your DKIM key is correct.
  2. Check message forwarding. Even when DKIM is correctly set up for your domain, forwarded messages can fail DKIM. Make sure the message wasn’t changed during transit.
  3. Contact the administrator for the rejecting email server. If DKIM is set up correctly, receiving servers may still reject messages sent from your domain, or send messages to recipients’ spam folder. Contact the administrator for the rejecting email server and set up DMARC so you get reports about DKIM authentication results.
  4. Verify your domain provider's TXT record character limits. If you get an error when you enter DKIM value, your domain provider might limit the number of characters allowed in the DNS TXT record.

Step 6: Review your email sending practices

If DKIM is set up correctly but messages are sent to spam, the cause might be something other than DKIM.

Step 7: Still Have Questions or Problems?

Contact Cyber Sleuth Security for DKIM & DMARC Implementation and get a FREE risk assessment.

Leave a Reply

Your email address will not be published. Required fields are marked *

Recent Post

Cyber Sleuth Security Icon

Copyright © Cyber Sleuth Security. All Rights Reserved

Privacy Notice
Terms of Use
Cookie Policy
Customer Portal Policy
Accessibility Statement
Information Security
Cookies Settings
menuchevron-down