🛡️ Google Workspace Email Security & Sender Guide

Prevent Spoofing, Phishing, and Spam

This guide will help Google Workspace administrators secure their domain against spoofing, phishing, and spam using SPF, DKIM, DMARC, and BIMI, and provide protection against Google Drive abuse.

✅ Step 1: Set Up SPF (Sender Policy Framework)

Purpose: Prevents unauthorized senders from sending emails using your domain.

📌 Instructions:

1. Sign in to your domain registrar and go to DNS settings.

2. Add a new TXT record:

   • Type: TXT

   • Name: @ or leave blank

   • Value: v=spf1 include:_spf.google.com ~all

   • TTL: 3600 or default

3. Save changes

4. ✅ Verify with Google Admin Toolbox – Check MX

🔐 Step 2: Set Up DKIM (DomainKeys Identified Mail)

Purpose: Verifies that messages are actually sent by your domain and haven't been tampered with.

📌 Instructions:

1. Sign in to Google Admin Console

2. Navigate to:
   Apps > Google Workspace > Gmail > Authenticate Email

3. Generate DKIM key:

   • Add a TXT DNS record with:

     • Name: google._domainkey

     • Value: (Paste key from Admin Console)

4. Enable DKIM signing in Google Admin Console

5. ✅ Verify with Google DKIM Checker

🧰 Step 3: Set Up DMARC (Domain-based Message Authentication)

Purpose: Tells receiving email servers what to do with messages that fail SPF or DKIM.

📌 Instructions:

1. Add a new TXT record to your DNS:

   • Name: _dmarc

   • Value: v=DMARC1; p=none; rua=mailto:reports@yourdomain.com;

2. After initial testing:

   • Change p=none to p=quarantine or p=reject

3. ✅ Verify with DMARC Inspector

🖼️ Step 4: Set Up BIMI (Brand Indicators for Message Identification)

Purpose: Allows your brand logo to appear in inboxes that support BIMI.

📌 Instructions:

1. DMARC must be set to p=quarantine or p=reject

2. Prepare a valid SVG logo and host it at a secure HTTPS location

3. Add TXT record to DNS:

   • Name: default._bimi

   • Value: v=BIMI1; l=https://yourdomain.com/logo.svg;

4. ✅ Verify BIMI with BIMI Inspector

🚫 Step 5: Prevent Google Drive Spam & Phishing

Attackers may abuse file-sharing to bypass email protections. Reduce risk:

 

• Block unwanted sharers in Google Drive

• Restrict external file sharing via Google Admin Console

• Enable phishing/malware protection under:
  Security > Rules > Drive content protection

🔍 Final Checks & Resources

• Use Google Admin Toolbox to test SPF, DKIM, DMARC.

• For more: Google Workspace Security Guide

 

 

---

 

 

Secure email = trusted communication. Take these steps today.