Gmail administrators should set up email authentication to protect their organization's email. Authentication helps prevent messages from your organization from being marked as spam. It also prevents spammers from impersonating your domain or organization in spoofing and phishing emails.
If spammers send forged messages using your organization's name or domain, people who get these messages might report them as spam. This means legitimate messages from your organization might also be marked as spam. Over time, your organization's internet reputation can be negatively affected.
Tip: Google Workspace uses 3 email standards to help prevent spoofing and phishing of your organization’s Gmail. These standards also help ensure your outgoing messages aren’t marked as spam. We recommend Google Workspace administrators always set up these email standards for Gmail:
- Sender Policy Framework (SPF): Specifies the servers and domains that are authorized to send email on behalf of your organization.
- DomainKeys Identified Mail (DKIM): Adds a digital signature to every outgoing message, which lets receiving servers verify the message actually came from your organization.
- Domain-based Message Authentication, Reporting, and Conformance (DMARC): Lets you tell receiving servers what to do with outgoing messages from your organization that don’t pass SPF or DKIM.
Email authentication requirements for sending to Gmail accounts
Google performs checks on messages sent to Gmail accounts to verify messages are authenticated. To help ensure these messages are delivered as expected, set up email authentication for your domain. We recommend you always set up SPF and DKIM to protect your organization’s email, and to meet the authentication requirements described in Email sender guidelines. If you use an email service provider: Verify that your provider's authentication methods meet the requirements in Email sender guidelines. If you regularly forward email: Follow our Best practices for forwarding email to Gmail to help ensure messages are delivered as expected.
About email authentication
Set up standard email authentication methods for Gmail, and help ensure message delivery and prevent valid messages from being marked as spam. These videos describe how email authentication benefits your organization, and how to set up authentication.
Video: Why email authentication?
How email authentication benefits your organization & your users.
To view available captions or change the caption language, click Subtitles at the bottom of the video window, then select a language.
Video: Set up email authentication
Learn how to set up email authentication for your organization.
To view available captions or change the caption language, click Subtitles at the bottom of the video window, then select a language.
Video: What are SPF and DKIM
SPF and DKIM help prevent spammers from impersonating your organization.
Video: What is DMARC
Set up email authentication for Gmail
|
|
First, ensure mail delivery & prevent spoofing with SPFYou can use SPF to specify the servers and domains that are allowed to send email for your organization. When receiving mail servers get a message from your organization, they compare the sending server to your list of allowed servers. This means receiving servers can verify that the message actually came from you. Go to: Set up SPF to ensure mail delivery and prevent spoofing |
|
|
|
Then, increase security for outgoing email with DKIMYou can use DKIM to add an encrypted digital signature to every message sent from your organization. Receiving mail servers use a public key to read the signature and verify that the message actually came from you. DKIM also prevents message content from being changed when the message is sent between servers. |
|
|
|
Finally, enhance security for forged spam with DMARCIf messages from your organization don't pass SPF or DKIM, DMARC tells receiving servers what to do with these messages. DMARC also sends you reports showing which messages pass or fail SPF and DKIM. You can use these reports to help identify possible email attacks and other vulnerabilities. |
|
|
|
Optionally, add your brand logo to DMARC-authenticated messagesAfter you set up DMARC, you can turn on Brand Indicators for Message Identification (BIMI). When messages pass DMARC, email clients that support BIMI, including Gmail, display your verified brand logo in the inbox avatar slot. Learn more about the benefits of BIMI, and how it works. |
|
|