Setting up MX, DKIM, and TXT records on Google is crucial for businesses that want to ensure their emails are secure and delivered in a timely manner. It’s an essential step for any company that uses Google as its email provider.
If you follow the step-by-step guide in this article, you can easily and quickly configure your MX, DKIM, and TXT records on Google. By following these steps, you can ensure that your emails are sent securely and quickly and that you have the best protection against malicious actors. You’ll also be able to take advantage of the many features that Google’s email platform, Google Workspace offers. So let’s get started and see how to set up MX, DKIM, and TXT records on Google. But before we configure the records we need to understand what these records are.
MX records direct emails to a mail server. The MX record indicates how email messages should be routed in accordance with the Simple Mail Transfer Protocol (SMTP, the standard protocol for all emails). MX records must always point to another domain.
example.com | record type | priority | value | TTL |
---|---|---|---|---|
@ | MX | 10 | mailhost1.example.com | 45000 |
@ | MX | 20 | mailhost2.example.com | 45000 |
The ‘priority’ numbers before the domains for these MX records indicate preference; the lower ‘priority’ value is preferred. The server will always try mailhost1 first because 10 is lower than 20. In the case of a message send failure, the server will default to mailhost2.
We should always configure more than one MX record. This will ensure that the mail server always sends the mail to the respective mail server. These extra MX records are called backup MX records. A backup MX record is just an MX record for a mail server with a higher ‘priority’ value (which means a lower priority) so that under normal circumstances mail will go to the more prioritized servers. In the first example above, mailhost2 would be the ‘backup’ server because email traffic will be handled by mailhost1 as long as it is up and running.
The DNS ‘text’ (TXT) record lets a domain administrator enter text into the Domain Name System (DNS). The TXT record was originally intended as a place for human-readable notes. However, it is also possible to put machine-readable data into TXT records. One domain can have many TXT records. Today, two of the most important uses for DNS TXT records are email spam prevention and domain ownership verification. The format was simply the attribute and the value contained within quotation marks (“) and separated by an equal sign (=), such as “attribute=value”
example.com | record type | Value | TTL |
---|---|---|---|
@ | TXT | “v=spf1 include:_spf.google.com ~all” | 32600 |
Spammers often try to fake or forge the domains from which they send their email messages. TXT records are a key component of several different email authentication methods that help an email server determine if a message is from a trusted source. Common email authentication methods include Domain Keys Identified Mail (DKIM), Sender Policy Framework (SPF), and Domain-based Message Authentication, Reporting & Conformance (DMARC). By configuring these records, domain operators can make it more difficult for spammers to spoof their domains and can track attempts to do so.
Here is a brief description of each TXT record described above:
For mail servers such as Google Workspace to send emails using a specific domain, we have to configure our domain servers to use the appropriate mail records. These records are the MX and TXT records. Google Cloud already provides a DNS management service called Cloud DNS. Cloud DNS is an exceptional service that enables users to manage their DNS records and direct the domains to their mail servers.
For us to understand what Cloud DNS is and what it does, we should know what DNS records are. A good example is the IP address, 142.251.46.206. This is a record that computers can understand and map traffic to a specific server on the internet, but for human beings, this record is difficult to understand and remember. For human beings to send their traffic to the internet, they need a name they can easily remember, such as google.com. This is where DNS records come into play, DNS is a hierarchically distributed database that lets you store IP addresses and other data, and look them up by name.
Cloud DNS is a high-performance, resilient, global Domain Name System (DNS) service that publishes your domain names to the global DNS in a cost-effective way. Cloud DNS lets you publish your zones and records in DNS without the burden of managing your own DNS servers and software.
Cloud DNS offers both public zones and privately managed DNS zones. A public zone is visible to the public internet, while a private zone is visible only from one or more Virtual Private Cloud (VPC) networks within Google Cloud that you specify. For detailed information about zones, see DNS zones overview.
Cloud DNS supports Identity and Access Management (IAM) permissions at the project level and at the individual DNS zone level. For information about how to set individual resource IAM permissions, see Create a zone with specific IAM permissions.
Once this is done, we can continue setting up the MX records.
5. To direct your email to your Google Workspace account, you have to add new MX records to your domain. These are the records that you need to add:
MX server address | Priority |
---|---|
ASPMX.L.GOOGLE.COM | 1 |
ALT1.ASPMX.L.GOOGLE.COM | 5 |
ALT2.ASPMX.L.GOOGLE.COM | 5 |
ALT3.ASPMX.L.GOOGLE.COM | 10 |
ALT4.ASPMX.L.GOOGLE.COM | 10 |
We should add each record indicated above by following the steps below:
The new records can take up to 72 hours to propagate across the internet, depending on your DNS hosting provider. It might be less than 72 hours, but during this time, mail sent to your email domain might bounce. Until then, you’ll keep getting messages from your previous email service provider. NOTE: Adding a lower TTL value reduces the time for your records to propagate we would advise you to set 300 Seconds as the TTL Value.
Field name | Value to enter |
---|
Type | TXT |
Host | @
Note: If you’re adding an SPF record for a subdomain, enter the subdomain instead of @. Read Apply an SPF record to the subdomain with the Host setting for more information. |
Value | v=spf1 include:_spf.google.com ~all |
TTL | 300 |
Field name | Value to enter |
---|
Type | TXT |
Host | google._domainkey |
Value | “v=DKIM1;k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDeIhtCv3vUinyhKiKtZ8efjHGGo8gE1T+o7gLrvo6yRtdz9ICe6Fz5sgz0WYFW5nCV4DmaTcS25TfgWKsLggGSBdDxzShyvgdKJkG3b4+73rT/5opnRceqQf1qndnMZfkb/0/YciMKNQmigj9IGwKypj6CoIr1s46jRGy4Ws7LQIDAQAB” |
TTL | 300 |
Please note that it might take up to 24 hours for the value to be authenticated by Google.
Google has made it easy to add DMARC records to your Google Cloud DNS. After preparing the text of your DMARC record, add or update the DNS TXT record at your domain provider. To update a DNS TXT record, enter the line of text that defines your DMARC policy record in the management console for your domain provider. If you have more than one domain, take the steps below for each domain. Each domain can have a different policy, and different report options (defined in the record).
If you don’t create DMARC policies for subdomains, they inherit the parent domain’s DMARC policy. To define a DMARC policy for subdomains, use the sp policy tag in the DMARC record for the parent domain.
Please note: Configure DomainKeys Identified Mail (DKIM) and Sender Policy Framework (SPF) before configuring DMARC. DKIM and SPF should be authenticating messages for at least 48 hours before turning on DMARC.
Every time you change your DMARC policy and update your record, you must update the DNS TXT record at your domain provider.
Field name | Value to enter |
---|---|
Type | TXT |
Host | _dmarc.domain.com |
Value | v=DMARC1; p=none; |
TTL | 300 |
Now you can send emails with confidence that they will be delivered properly. You’ll want to regularly monitor your MX, DKIM, and DMARC records to ensure they remain accurate and up-to-date. As your business evolves, you may want to use a different email provider. When that time comes, you’ll be able to easily transfer your records to a new provider.
You cannot copy content of this page