How to setup DMARC values for Google Workspace Emails

To setup DMARC for your Google Workspace emails, it's actually simple!

Quick Setup Steps

Step 1: Create a TXT record.

Step 2: Set the Host (name) to _dmarc.domain.com

Note: Make sure you replace "domain" with your actual domain name, or leave it off in some cases where your domain registrar might already append it.

Step 3: Set the value to v=DMARC1; p=none;

What is DMARC?

DMARC is an email authentication protocol that works with SPF and DKIM to verify that emails are genuinely from the claimed sender. It allows domain owners to specify how receiving servers should handle emails that fail authentication checks - whether to deliver them normally (none), quarantine them (quarantine), or reject them entirely (reject).

DMARC Policy Settings

• None (p=none): Leaves the decision on handling failed authentications to the email service providers, without specific instructions. This is the recommended starting point for monitoring without affecting email delivery.
• Quarantine (p=quarantine): Emails not passing authentication should be directed to the spam folder.
• Reject (p=reject): Emails failing authentication should be blocked from delivery entirely.

Implementation Best Practices

Starting with p=none is the recommended approach for initial DMARC implementation. This allows you to:

• Monitor your email authentication without disrupting legitimate email delivery
• Identify any authentication issues with your legitimate email sources
• Gradually progress to more restrictive policies (p=quarantine then p=reject) as you gain confidence

Current Email Provider Requirements

As of 2025, major email providers like Gmail and Yahoo have implemented requirements for bulk email senders, making DMARC implementation essential for maintaining good email deliverability. While p=none meets current minimum requirements, many organizations are moving toward stricter policies like p=quarantine or p=reject for enhanced security.

Optional: Adding Reporting

To receive reports about your DMARC authentication results, you can add a reporting address to your DMARC record:

v=DMARC1; p=none; rua=mailto:[email protected]

Replace "yourdomain.com" with your actual domain. These reports help you monitor authentication performance and identify potential issues.

Next Steps

After implementing p=none and monitoring your reports for a few weeks, consider gradually moving to:

1. p=quarantine to send suspicious emails to spam folders
2. p=reject for maximum protection (only after ensuring all legitimate emails authenticate properly)