Google Apps for Work (formerly Google Apps for Business) is a well-known suite of cloud computing productivity and collaboration software tools and software offered on a subscription basis by Internet giant Google. It includes Google’s popular web applications including Gmail, Google Drive, Google Hangouts, Google Calendar, and Google Docs.
You might be thinking that your mail account is completely safe and secure with Google Apps and it is obvious to assume your safety and security if you are using some kind of services from the company like Google.
But still, you should be very sure about the safety & security of business mail accounts even you purchased Google Apps for Work, however, the service is designed to provide a balanced user experience and security but not focused primarily on email security.
To make sure the security of your Google Apps Email all you need to make a few DNS settings, which will be adding DKIM, DMARC & SPF record to your domain’s DNS.
What is DKIM?
DomainKeys Identified Mail (DKIM) is an email authentication method designed to detect email spoofing by providing a mechanism to allow receiving mail exchangers to check that incoming mail from a domain is authorized by that domain’s administrators.
It is intended to prevent forged sender addresses in emails, a technique often used in phishing and email spam. DKIM allows the receiver to check that an email claimed to come from a specific domain was indeed authorized by the owner of that domain which is done using cryptographic authentication. You can read details about DKIM on Wikipedia
What is SPF?
Sender Policy Framework (SPF) is a simple email validation system designed to detect email spoofing by providing a mechanism to allow receiving mail exchangers to check that incoming mail from a domain comes from a host authorized by that domain’s administrators.
Email spam and phishing often use forged “from” addresses, so publishing and checking SPF records can be considered anti-spam techniques. Know more details about SPF
What is DMARC?
Domain-based Message Authentication, Reporting and Conformance (DMARC) is an email validation system designed to detect and prevent email spoofing.
It provides a mechanism which allows a receiving organization to check that incoming mail from a domain is authorized by that domain’s administrators and that the email (including attachments) has not been modified during transport. Know the details on Wikipedia
So How To Check & Secure Google Apps Email?
First, you need to login to your account from where you have purchased the domain. The UI and options vary with a different registrar, so just find out DNS setting and look for these three TXT record if it’s already there or not.
TXT value -> "v=spf1 include:_spf.google.com ~all" TXT record name >- "google._domainkey" or "yourdomain._domainkey" TXT Record Name -> _dmarc
If you find these records in your DNS setting it means your Google Apps for Work Email is secure & safe from phishing and spoofing. But if the records are not there then you should make these DNS changes to secure your Email. Premium Google Apps for Work subscriber can contact Google, they are providing 24×7 chat and phone call support for the premium customer. (still, if you wanted to do it by yourself you can follow the following steps)
Those who have limited or basic version of Google Apps for Work account and doesn’t have support access can follow the following process to add these DNS records.
Before jumping to DNS changes you need to keep all data ready.
Generate DKIM:-
- Sign in to the Google Admin console. (Use super admin email account)
- Click Apps > Google Apps > Gmail > Authenticate email.
- Select the domain for which you want to generate a domain key.
- Click Generate new record.
–> On next screen you will see an option to change default domain prefix which is used to distinguish the domain key and you can change it if you want.
- Click Generate.
- Now you need to copy and keep the created junk text value handy.
Once you will create domain key successfully you can move forward to make the DNS changes.
You need to add these following TXT records via DNS setting.
A. DKIM
Hostname -> google._domainkey
TXT Content or Value -> paste the value you generated above it will be something like
"v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDfl0chtL4siFYCrSPxw43fqc4z Oo3N+Il...."
B. SPF
Hostname -> @
TXT Content or Value -> v=spf1 include:_spf.google.com ~all
C. DMARC
Hostname -> _dmarc
TXT Content or Value -> v=DMARC1; p=quarantine
Add the TXT records using DNS settings:-
- Sign in to the domain admin console and find the option from where you can update the DNS records. With some registrar, you may need to enable advanced settings.
- Click on add new record/add record/Add TXT record whatever option available with your registrar.
- Now create TXT records one by one containing details mentioned in above step A, B & C.
These DNS changes usually reflect in 5-10 minutes depending upon domain registers but Google sets the maximum time frame of 48 hours so don’t worry if it took few hours.
Once DNS changes will be saved and started reflecting, you will see the green tick saying “Authenticating email” at DKIM setting.
