• intro
• About Email Auth
• Setup Email Auth For Gmail
• Increase Security For Outgoing Email DKIM
• Enhance Security For Forged Spam With DMARC
• Optionally Add Logo To Dmarc Auth Msg

Prevent spam, spoofing & phishing 
with Gmail authentication
Set up SPF, DKIM & DMARC for your organization
Gmail administrators should set up email authentication to protect their 
organization's email. Authentication helps prevent messages from your 
organization from being marked as spam. It also prevents spammers from 
impersonating your domain or organization in spoofing and phishing emails.

If spammers send forged messages using your organization's name or domain,
people who get these messages might report them as spam. This means
legitimate messages from your organization might also be marked as spam.
Over time, your organization's internet reputation can be negatively
affected.

Email authentication requirements for sending to Gmail accounts
Google performs checks on messages sent to Gmail accounts to verify messages
are authenticated. To help ensure these messages are delivered as expected,
set up email authentication for your domain. We recommend you always set up
SPF and DKIM to protect your organization’s email, and to meet the
authentication requirements described in Email sender guidelines. If you use
an email service provider: Verify that your provider's authentication
methods meet the requirements in Email sender guidelines. If you regularly
forward email: Follow our Best practices for forwarding email to Gmail to
help ensure messages are delivered as expected.



About email authentication
Set up standard email authentication methods for Gmail, and help ensure
message delivery and prevent valid messages from being marked as spam. These
videos describe how email authentication benefits your organization, and how
to set up authentication.

Video: Why email authentication?
Video: Set up email authentication



Set up email authentication for Gmail
First, ensure mail delivery & prevent spoofing with SPF

SPF lets you specify the servers and domains that are allowed to send email
for your organization. When receiving mail servers get a message from your
organization, they compare the sending server to your list of allowed
servers. This lets receiving servers verify the message actually came from
you.

Go to: Set up SPF to ensure mail delivery and prevent spoofing



Then, increase security for outgoing email with DKIM
DKIMs adds an encrypted digital signature to every message sent from your
organization. Receiving mail servers use a public key to read the signature,
and verify the message actually came from you. DKIM also prevents message
content from being changed when the message is sent between servers.
Go to: Set up DKIM to prevent spoofing



Finally, enhance security for forged spam with DMARC
DMARC tells receiving servers what to do with messages from your
organization when they don't pass either SPF or DKIM. DMARC also sends
reports that tell you which messages pass or fail SPF and DKIM. These
reports help you identify possible email attacks and other vulnerabilities.
Go to: Set up DMARC to help prevent spoofing and phishing 



Optionally, add your brand logo to 
DMARC-authenticated messages
After you set up DMARC, you can optionally turn on Brand Indicators for
Message Identification (BIMI). When messages pass DMARC, email clients that
support BIMI, including Gmail, display your verified brand logo in the inbox
avatar slot. Learn more about the benefits of BIMI, and how it works.
Go to: Add a brand logo to outgoing email with BIMI