1. Tailor Brands
  2. Business Mailbox
  3. Business Mailbox Basics

My Emails Are Blocked and I Am Getting a DMARC Error

Updated

If your emails using Google Workspace (Gmail) are bouncing, landing in spam, or not being delivered, it’s likely due to missing email authentication on your domain. To resolve this, you’ll need to set up three authentication records for your domain: SPF, DKIM, and DMARC, which ensure that your emails are recognized as legitimate and safe by email providers.

 

1. How to set up SPF (Sender Policy Framework)

SPF specifies which mail servers are allowed to send emails on behalf of your domain. Without it, receiving servers may reject your emails or flag them as spam.

SPF record for Google Workspace
v=spf1 include:_spf.google.com ~all

How to add it

  1. Log in to your domain’s Advanced settings.
  2. Add a TXT record with the following details:
    • Name / Host: @
    • Type: TXT
    • Value: v=spf1 include:_spf.google.com ~all

For more details:
Google's SPF Setup Guide
How to Add TXT Records at Tailor Brands

 

2. How to set up DKIM (DomainKeys Identified Mail)

DKIM adds a unique digital signature to your emails, allowing receiving servers to verify that the message was indeed sent from your domain and hasn’t been tampered with.

How to get your DKIM record

  1. Sign in to your Google Admin Console.
  2. Go to Apps > Google Workspace > Gmail > Authenticate Email.
  3. Select your domain and click Generate New Record.
  4. Google will provide the following:
    • DNS Hostname (Name): something like google._domainkey
    • Record Type: TXT
    • TXT Value: a long DKIM key

How to add it

  1. Go to your domain’s Advanced Settings.
  2. Add a TXT record with the information provided by Google.

For more details:
Google’s Full DKIM Setup Instructions
How to Add TXT Records at Tailor Brands

 

3. How to activate DKIM

After adding the DKIM record to your DNS:

  1. Return to Google Admin Console > Authenticate Email.
  2. Click Start Authentication.
  3. Google will confirm once DKIM is active.

 

4. How to set up DMARC (Domain-based Message Authentication, Reporting & Conformance)

DMARC tells email providers what actions to take when messages from your domain fail SPF and DKIM checks. It also allows you to receive reports about unauthorized email activity.

Basic DMARC record
v=DMARC1; p=reject; rua=mailto:postmaster@example.com, mailto:dmarc@example.com; pct=100; adkim=s; aspf=s
📌 Replace example.com with your domain name.

How to add it

  1. Log in to your domain’s DNS settings.
  2. Add a TXT record with the following details:
    • Name / Host: _dmarc
    • Type: TXT
    • Value: Paste the full record above

For more details:
Google’s DMARC Guide

How to Add TXT Records at Tailor Brands

💡 If you already have a _dmarc record, make sure to replace it with the one above to avoid conflicts.

 

How to Know It’s Working

Once all records are added:

  • SPF: Typically active within a few minutes.
  • DKIM: Must be activated manually in Google Admin.
  • DMARC: Usually begins working within 24–48 hours.

 

Check Authentication Status

To verify that your email authentication is working correctly, use these tools:

 

If you've followed all the steps above and are still encountering issues, please don’t hesitate to contact our support team. We’re happy to assist you further and ensure your emails are working as expected.

Was this article helpful?
0 out of 1 found this helpful