Email 101: How to Set Up DNS Records & Email Auth for Gmail using Rocketbrew
April 2, 2024
If you don’t want your emails to go to spam, read on!
Terminology
1. DNS: Domain Name System — DNS is a hierarchical decentralized naming system for computers, services, or any resource connected to the Internet or a private network. It translates more readily memorized domain names to the numerical IP addresses needed for locating and identifying computer services and devices with the underlying network protocols.
2. SPF: Sender Policy Framework — SPF is an email authentication method designed to detect forging sender addresses during the delivery of the email. It allows the receiving mail server to check that an email claiming to come from a specific domain indeed comes from an IP address authorized by that domain’s administrators.
3. DKIM: DomainKeys Identified Mail — DKIM is an email authentication method that allows the receiver to check that an email claimed to have come from a specific domain was indeed authorized by the owner of that domain. It works by adding a digital signature to the email header.
4. DMARC: Domain-based Message Authentication, Reporting, and Conformance — DMARC is an email authentication protocol that builds on SPF and DKIM. It allows domain owners to specify how their emails should be handled if they fail SPF or DKIM checks. DMARC also provides reporting mechanisms for domain owners to receive feedback on email authentication failures.
5. MX: Mail Exchange — MX records are DNS records that specify the mail servers responsible for receiving email on behalf of a domain. When someone sends an email to an address at your domain, the sender’s email server looks up the MX records for your domain to determine where to deliver the email.
Why should you set up DNS records and email authentication?
Setting up DNS records and email authentication, such as SPF, DKIM, and DMARC, is crucial for several reasons:
1. Email Deliverability: Properly configured DNS records and email authentication mechanisms ensure that your legitimate emails reach recipients’ inboxes without being marked as spam or rejected by email servers. Without these configurations, your emails might be flagged as suspicious or spammy, leading to poor deliverability.
2. Security: Email authentication mechanisms like SPF, DKIM, and DMARC help prevent email spoofing, phishing, and other forms of email-based attacks. SPF specifies which servers are allowed to send emails on behalf of your domain, DKIM adds digital signatures to your emails to verify their authenticity, and DMARC provides policies for handling emails that fail SPF and DKIM checks, reducing the likelihood of successful phishing attacks.
3. Brand Reputation: By implementing email authentication and ensuring proper DNS configuration, you protect your brand’s reputation. Consistently delivering authenticated emails reinforces trust with recipients and reduces the risk of your domain being associated with spam or fraudulent activities.
4. Compliance: In some industries, compliance regulations such as GDPR (General Data Protection Regulation) and HIPAA (Health Insurance Portability and Accountability Act) require organizations to implement adequate security measures to protect sensitive information, including email communications. Proper email authentication helps meet these compliance requirements.
5. Improved Analytics and Reporting: Implementing email authentication mechanisms like DKIM and DMARC provides valuable insights into your email deliverability and engagement metrics. You can monitor email authentication reports to identify and address any issues that may affect your email delivery performance.
6. Reduced Risk of Email Spoofing: DNS records and email authentication mechanisms make it more difficult for attackers to spoof your domain and impersonate your organization in phishing or spear-phishing attacks. By verifying the authenticity of your emails, recipients are less likely to fall victim to such fraudulent activities.
Overall, setting up DNS records and email authentication is essential for maintaining reliable email communication, protecting your brand reputation, enhancing security, and ensuring compliance with industry regulations.
How do I set this up on Rocketbrew?
Setting up DNS records and email authentication for Google Workspace involves a few steps to ensure that your domain’s email services are properly configured to work with Google’s infrastructure. Below are the general steps to set up DNS records and email authentication for Google Workspace:
Step 1: Sign up for Google Workspace.
If you haven’t already done so, sign up for a Google Workspace account. You’ll need to provide your domain during the signup process.
Step 2: Connect your Gmail account to Rocketbrew using our easy Google sign on.
Rocketbrew --> Manage Settings --> Email Settings --> Connect a Gmail inbox
Click the Connect a Gmail Inbox button and follow the guided instructions.
Step 3: Verify Domain Ownership.
Google Workspace requires you to verify that you own the domain you’re setting up. This usually involves adding a TXT or CNAME record to your domain’s DNS settings.
Make sure to log into your Google Admin account and go through the setup process for your domain. Then, Google will tell you to add a specific verification record to prove to Google that you own and control your domain.
Step 4: Access your DNS settings.
Log in to your domain registrar or DNS hosting provider’s website to access your domain’s DNS settings. This is typically done through a control panel or dashboard provided by your domain registrar or hosting provider.
Your DNS is hosted by your hosting provider, and you likely signed up for google workspace via your hosting provider
- How to do this on Cloudflare
- How to do this on Squarespace
Step 5: Add MX Records if you have any.
MX records specify the mail servers responsible for receiving email on behalf of your domain. Google Workspace provides specific MX records that you need to add to your DNS settings. You’ll typically remove any existing MX records and replace them with the ones provided by Google Workspace.
Step 6: Add SPF Records.
SPF records help prevent email spoofing by specifying which IP addresses or servers are authorized to send emails on behalf of your domain. Google Workspace provides SPF records that you need to add to your DNS settings.
From Rocketbrew, copy your specified SPF Record and paste it as a new SPF record.
Copy your SPF record from Rocketbrew (should look something like v=spf1 include:_spf.google.com ~all)
Add the new SPF record (that you copied from Rocketbrew) to your DNS settings
Step 7: Add DKIM Records.
DKIM records provide a method for validating the authenticity of email messages. Google Workspace generates DKIM keys for your domain, and you’ll need to add these keys as DNS records. This record also is going to be completely unique to you.
When you set up an account with Google Workspace for your website, Google will generate a DKIM record for you to add to your DNS. You will find this in your Google Admin when you first set up your email with Google Workspace. Get your DKIM record from Google and add it to your DNS settings.
It should look something like v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDBOj8hLCE2hCc44Y0i4DSsi8OCBe5dRtC699VpyDmtP9tV+2bJMBNJcX8uoqyGdtMjhNcTXzu4kWSgaLq8LRKwMzb8RxevZcje/3dKDzoPdNDffijRW+uiZupBiV6RvMHIy3/Xk0vEqqULXVZgE29mL77F0Ue1uwIDAQAB
Step 8: Add DMARC Records (Optional but Recommended).
DMARC (Domain-based Message Authentication, Reporting, and Conformance) records help protect your domain from email spoofing and phishing attacks. You can create a DMARC policy that specifies how receiving email servers should handle messages that fail SPF and DKIM checks.
- Google Workspace instructions for DMARC
Step 9: Wait for DNS Propagation.
DNS changes can take some time to propagate across the internet. It may take anywhere from a few minutes to several hours for your DNS changes to take effect globally.
Step 10: Verify Setup.
Once you’ve made the necessary DNS changes, return to the Google Workspace admin console and verify your domain setup. Google Workspace will check if your DNS records are correctly configured.
Step 11. Test Email Deliverability.
Send test emails to ensure that your domain’s email services are working as expected. You can also use tools like Google’s Toolbox for DNS lookup to verify that your DNS records are configured correctly.
Step 12. Monitor and Maintain.
Regularly monitor your domain’s email deliverability and authentication status. Google Workspace provides various tools and reports to help you monitor email activity and troubleshoot any issues.
Rocketbrew will do this automatically for you!
You're all set!
By following these steps, you can properly set up DNS records and email authentication for Google Workspace, ensuring reliable email delivery and security for your domain.
