Log in
Show password
Forgot password ?
Become a member for free
Sign up
Sign up
New member
Sign up for FREE
New customer
Discover our services
Dynamic quotes 


SummaryMost relevantAll NewsAnalyst Reco.Other languagesPress ReleasesOfficial PublicationsSector newsMarketScreener Strategies

Mimecast : Complete Guide to Google Workspace DMARC Record Setup

07/26/2021 | 08:18am EDT
How to protect your business and your brand from spoofing by setting up DMARC in Google Workspace.

Key Points:

  • Implementing the DMARC email authentication protocol in Google Workspace can safeguard your brand.
  • DMARC policies can be set to reject, quarantine or simply deliver email messages that fail authentication; policies can be set separately for all your organization's domain names.
  • Reports provide feedback on the use - and potential abuse - of your domains.

We're all familiar with phishing schemes that entice users to enter their passwords, credit card numbers or other sensitive information, which is then stolen for nefarious purposes. The vehicle for these schemes is usually an email message that spoofs the sender's domain.

If that spoofed domain comes from your brand, it puts your supply chain-and your reputation-at risk. And if multiple recipients report the message as spam, legitimate messages sent from your organization may land in recipients' spam folders.

This kind of brand impersonation is a growing problem. Mimecast's State of Brand Protection 2021 research shows that, on average, there were 44% more brand impersonation emails per month inbound to Mimecast customers in 2020 than in 2019. In addition, in Mimecast's State of Email Security 2021 (SOES) research, more than three out of every four companies surveyed (76%) experienced at least one web or email spoofing attack in 2020 that used their domains or a lookalike, and 25% saw 10 or more.

If your organization uses Google Workspace (formerly G Suite) for Gmail and other services, you can use the DMARC protocol in partnership with DNS servers and receiving email servers to prevent the spoofing of your brand's domains.

What Is a DMARC Record?

A Domain-based Message Authentication, Reporting and Conformance (DMARC) record spells out for a receiving email server what to do if a Gmail message from your brand's domain fails authentication.

DMARC works with two email authentication methods: Sender Policy Framework (SPF) and Domain Keys Identified Mail (DKIM). SPF allows you to specify which IP addresses in your domain are authorized to send email. DKIM adds a digital signature to outgoing messages. The receiving server uses SPF to authenticate the message as coming from a trusted source and DKIM to verify the message has not been altered en route.

Google Workspace DMARC Policies

A DMARC record needs to specify a policy for the action the receiving server should take if the incoming email fails SPF or DKIM authentication. There are three Gmail DMARC policy options:

  • None: Deliver the message normally.
  • Quarantine: Send the message to the recipient's spam folder or to quarantine, if a quarantine option is configured.
  • Reject: Do not deliver the message. Often the receiving server will inform the sender of the message failure.

Google Workspace recommends using the 'none' setting at first, and then carefully reviewing the reports. Then, as you identify illegitimate versus legitimate users of your domain-marketing partners, for example, that send email on your behalf-Google suggests changing the policy to quarantine, then finally to reject. Regardless of the action taken, you can set the DMARC record to request the receiving email server send a report indicating which of your domain's email servers are sending email and the percentage of messages passing or failing authentication.

Optionally, a second policy called alignment can be set for SPF and DKIM. The possible values are 'strict' or 'relaxed' and have slightly different effects for SPF and DKIM.

For SPF, the options are:

  • strict: The message 'from' address must exactly match the sender's domain name.
  • relaxed: Partial matches, including subdomain names, are acceptable.

For DKIM, the options are:

  • strict: The domain name must exactly match the d=domainname field in the DKIM header.
  • relaxed: Partial matches, including subdomains, are acceptable.

Steps to Set Up a Google Workspace DMARC Record[i]

DMARC is set up as a DNS TXT record on your domain host. The record contains flags specifying parameters for the receiving server. Each parameter is a tag-value pair. For example, to set the policy to reject, the tag-value pair would be 'p=reject.'

Following these steps will get your DMARC record set up and published:

  1. Configure both SPF and DKIM, then allow 48 hours before publishing the DMARC record.
  2. Create the DMARC record as a line of text with tag-value pairs separated by semicolons. The accompanying table lists sample tags and possible values. Be aware that these tags and values might vary from host to host. The v and p tags are required and must be first. The remaining tags are optional.




Version. This must be DMARC1.


Policy for messages that fail authentication. Possible values are reject, quarantine or none.


Policy for subdomains. Possible values are reject, quarantine or none. The default is to apply the same policy as the domain.


The percentage of invalid messages that should be acted on. Value must be 1-100, with 100 as the default.


The alignment policy for SPF. Can be s (strict) or r (relaxed). Relaxed is the default.


The alignment policy for DKIM. Can be s (strict) or r (relaxed). Relaxed is the default.


The email address (preceded by mailto:) to which DMARC reports should be sent.

  1. From the management console of your domain host, locate the place where you can update the DNS record. Enter the name of your DMARC TXT record as 'dmarc' followed by a period and your domain name. Some hosts will automatically append the domain name. Upload the record and save the changes.

Repeat this process for each of your domains.

Third-Party Solutions for DMARC Setup

If the Google Workspace DMARC process seems a little daunting, the good news is that security service providers like Mimecast offer cloud-based DMARC tools. Such tools simplify the DMARC installation-for example, by providing setup wizards for creating DMARC records for all your domains. Other tools validate DMARC records and create user-friendly reports and charts for analyzing messages that failed authentication, as well as forensic reports for finding the source of malicious email messages.

The Bottom Line

As online brand impersonation continues to grow, it's becoming a more serious concern for brands of all sizes. Setting up Google Workspace DMARC can help brands defend against email spoofing schemes that impersonate their domains.

[i]See Google DMARC instructions

Want more great articles like this?Subscribe to our blog.

Get all the latest news, tips and articles delivered right to your inbox

Thanks forSubscribing

You will receive an email shortly

Take me back to the article please


Mimecast Limited published this content on 26 July 2021 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 26 July 2021 12:17:03 UTC.

© Publicnow 2021
09/16INSIDER SELL : Mimecast
09/16EPISODE #1, SEASON 2 OF PHISHY BUSIN : The art of being a cyber smoke jumper
09/15MIMECAST : Ransomware Drives Demand for Managed Security Services
09/13MIMECAST : Ransomware Rewrites Cyber Insurance Policies
09/10VC DAILY : Question: How Are Startup Founders Reacting as Economy Slows?
09/09MALWARE ANALYSIS : How to Protect Against Malware
09/08INSIDER SELL : Mimecast
09/08CHAOS CREATES EVEN MORE CHAOS : The Potential Post-Pandemic Cybersecurity Enviro..
09/07MIMECAST : What Are Cloud Security Controls and Their Benefits?
More news
Analyst Recommendations on MIMECAST LIMITED
More recommendations
Financials (USD)
Sales 2022 582 M - -
Net income 2022 36,8 M - -
Net cash 2022 333 M - -
P/E ratio 2022 135x
Yield 2022 -
Capitalization 4 566 M 4 566 M -
EV / Sales 2022 7,27x
EV / Sales 2023 6,15x
Nbr of Employees 1 765
Free-Float 93,3%
Duration : Period :
Mimecast Limited Technical Analysis Chart | MarketScreener
Full-screen chart
Technical analysis trends MIMECAST LIMITED
Short TermMid-TermLong Term
Income Statement Evolution
Mean consensus OUTPERFORM
Number of Analysts 15
Last Close Price 69,46 $
Average target price 70,33 $
Spread / Average Target 1,26%
EPS Revisions
Managers and Directors
Peter Cyril Bauer Chairman & Chief Executive Officer
Rafeal Edgar Brown Chief Financial Officer
Nathaniel Borenstein Chief Scientist
John J. Walsh Senior VP-Engineering & Technical Operations
Shahriar Rafimayeri Chief Information Officer
Sector and Competitors
1st jan.Capi. (M$)
VISA2.56%476 003
MASTERCARD-3.42%340 191
PAYPAL HOLDINGS, INC.20.59%331 864