Skip to main content
All CollectionsAccount settings
SPF, DKIM, DMARC setup: Cloudflare & Google Workspace
SPF, DKIM, DMARC setup: Cloudflare & Google Workspace
Premsanth Rajamani avatar
Written by Premsanth Rajamani
Updated over a week ago

This article will help you set up DNS records if you’re using Google workspace for your email accounts and the domain is hosted on Cloudflare.

We’ll cover -

How to add your domain to Google workspace

SPF setup

DKIM setup

DMARC setup

Adding your domain to Google Workspace

1. Log into your Google Workspace Admin console https://admin.google.com/.

2. Click on the "Account" tab and scroll down to the "Domains" tab. Here, click on the "Manage domains" or use this link https://admin.google.com/u/2/ac/domains/manage.

3. Click on the "Add a domain" link.

4. Enter the domain name you purchased on Cloudflare; select domain type as “secondary domain”.

5. Click on “Add domain & start verification”. The verification process will begin and take a few minutes.

6. Once the domain is verified, you have to activate Gmail.

7. The “Activate Gmail” popup will appear where you have to choose a method to activate Gmail.

8. Select the “Set up MX record” option and click “Next”. The activation will take a few minutes.

9. Once Gmail is activated, you will find the MX record in the respective domain’s DNS.

SPF setup

1. Once you verify your domain on Google workspace, Google will automatically create SPF record in Cloudflare DNS records of the domain.

2. Check your SPF records, there should be only one and it should be as follows if you send emails only from Google Workspace -

  • TXT record

  • Host: @

  • Value: v=spf1 include:_spf.google.com ~all

3. If you find any other SPF records, go ahead and delete them because there should only be one SPF record.

DKIM setup

1. Go to https://admin.google.com/.

2. Click on “Apps” → “Google Workspace” → “Gmail” (Or) Navigate to this page: https://admin.google.com/u/2/ac/apps/gmail/authenticateemail.

3. Select the domain for which you want to set up DKIM.

4. Click on “Generate new record”.

5. Once the record is generated in Google, go to Cloudflare and create a new DNS record with the following details -

  • Type - TXT

  • Name - this is the ‘DNS Host name’ from Google Workspace

  • Value - this is the ‘TXT record value’

The record will take a few minutes to propagate.

6. Once the DKIM record is created successfully on Cloudflare, come back to https://admin.google.com/u/2/ac/apps/gmail/authenticateemail and click “Start authentication”.

7. If you get any error message, check if the DKIM record on Cloudflare is saved properly and try authenticating again on Google Workspace after some time.

DMARC setup

1. You have to create a DMARC record using a DMARC record generator and then input the same to Cloudflare.

2. Go to EasyDmarc to generate your DMARC record.

3. Now, go to Cloudflare.

4. Navigate to your domain's DNS management.

5. Click on “Add record” to add the DMARC record.

6. Enter the following details -

  • Type - TXT

  • Name - ‘_dmarc’

  • Value - Copy the DMARC value generated from EasyDmarc tool and paste it here

7. Click “Save”. The DMARC record will be created successfully.

Now that the authentication protocols are set up, you can go ahead and create email accounts on this domain.

Did this answer your question?