How to authenticate email with domain key in Google Apps

If you use Google Apps to handle your email using your own domain name, there may have been times that friends or colleagues you’ve sent email to have failed to receive them.

This is because their anti-spam system may have flagged that email as spam and since people rarely visit their spam folder that email you’ve sent has been deleted without them knowing.

Worse, spammers can forge the ‘From‘ address on mail messages so that spam may look like it came from a legitimate source. And if your PC has been compromised by malware or your email address has been harvested online, there’s a higher chance that you’re domain has been spoofed and used by spammers to trick your friends and contacts that the spam they sent really came from your domain.

Google Apps now supports a feature to prevent such email header spoofing which is the DomainKeys Identified Mail protocol or DKIM. This basically adds a digital “signature” to the header of mail messages you send from your domain.

This digital “signature” can then be verified by recipients to make sure that the mail message really came from your domain.

To add DKIM signature on your outgoing mail using Google Apps, follow these steps:

Log-in to your Google Apps Dashboard

Go to Advanced Tools section

Step 1 Google Apps DKIM setup

Click on Setup email authentication (DKIM)

Step 2 select email authentication

Select the domain for which you want to generate a domain key

Step 3 Select domain to generate DKIM

Click Generate new record

Step 4 Generate TXT record

The information needed for the creation of the TXT record in the DNS records of your domain.

It is safer to coordinate with your domain name registrar or web host to accomplish this without any trouble.

Wait up to 48 hours for the DNS changes to fully propagate then you can go back to the Set up email authentication (DKIM) section of your Google Apps Dashboard and click on the ‘Start authentication’ button to activate DKIM authentication to your outgoing mail.

To confirm that the DKIM signing is active, you can send an email to someone and ask them to review the message and check that the ‘signed by‘ line is present and it shows your domain name.

Test message with DKIM authentication

With DKIM signing, your outgoing mail now have a lesser chance of being dumped into the spam folder of your recipient’s email account nor will spammers be able to successfully spoof your domain.

7 Comments

  1. Hello Jhay, thanks for your excellent post. Unfortunately, DKIM doesn’t solve my problem. Spammers are using some of my domains (all their email is via Google Apps) to falsify the from address. I have recorded a SPF record in the DNS settings but that doesn’t help much either: anyone using Gmail to send SPAM can spoof my addresses because the SPF record allows Google to send mail. Put another way, my contacts getting SPAM from “me” isn’t the problem. It’s 60 million other angry people getting spammed who think it’s coming from my domain(s). Any ideas?

    Reply

    1. Now that’s a serious problem. I hope you’ll understand if the best I can do to help is say that now is the time to get in touch with your domain registrar as they would in a much better position to assist you.

      You can also try to contact Google Apps support so they can give some information on how to deal with this issue from within Google Apps.

      I do hope this would be fixed soon.

      Reply

  2. Hello Jhay, thanks for your post. Now my google apps mail have DKIM signature! Great! But i don’t under stand why if i send a test mail to: auth-results@verifier.port25.com (try please!)and the result is:

    Summary of Results

    SPF check: pass
    DomainKeys check: neutral
    DKIM check: pass
    Sender-ID check: pass
    SpamAssassin check: ham

    My problem? I don’t understand why DomainKeys check is neutral and not pass! What do you think? How to solve this?

    Many thanks.
    andrew

    Reply

    1. Hi andrew,

      It could be that the domain you’re using has been marked by sources that monitor the reputation of domains as having a record of sending out spam in the past.

      I’m really not familiar on how to resolve this but you can ask the folks over at the Google Apps support forums.

      Reply

Leave a Reply