Embedded Files
So you've made the decision to use Google Workspace for your business - congratulations. Seriously, you've made a great decision. But have you set it up correctly? Our analysis of almost 2,000 domains that use Google Workspace suggests that up to one third have basic setup configuration errors. Here's what to check.
Make sure you have an SPF record in DNS
Make sure you have an SPF record in DNS
SPF stands for Sender Policy Framework and it's a way of ensuring that email from your domain name only comes from those servers that should be sending it. Because of that it's important that you have an SPF record and that the syntax is correct. If you only send email from Google Workspace then your spf record should look like this:
v=spf1 include:_spf.google.com ~all
Here's the link to Google's help page for SPF records: https://support.google.com/a/answer/33786?hl=en&fl=1&sjid=10768605284437612376-NA
Align your DKIM signature with your domain name
Align your DKIM signature with your domain name
By default Google will sign your emails cryptographically (using something called DKIM) - that's a posh way of saying that if the content is changed the signature gets broken. However, by default Google will sign your emails with a <yourdomainname>.<dateyousignedup>.gappssmtp.com domain name which is rather ugly. By adding a DNS entry that's unique to your Google Workspace tenancy you can change this to your domain name so when recipients receive your email they only see your domain name. This helps to bolster trust and authenticity in your domain name.
Here is Google's help article on how to create a custom DKIM record:
https://support.google.com/a/answer/180504?hl=en&ref_topic=2752442&fl=1&sjid=10768605284437612376-NA
Having a custom DKIM record is also important for the next item - DMARC.
Ensure you have a DMARC record in DNS and make sure you use a reporting service
Ensure you have a DMARC record in DNS and make sure you use a reporting service
DMARC brings together SPF and DKIM. Every email that you send should meet either SPF or DKIM, or ideally both (although that's not always possible). DMARC gives you a way to dictate what happens if a server receives an email that says it's from your domain name, but that doesn't meet either SPF or DKIM. The possible options are:
Do nothing;
Quarantine the email; or,
Reject the email.
DMARC also has the ability to provide reports on what email has been received and whether it's met SPF and/or DKIM. As such the reporting function is a valuable tool to understand if and how your domain name is being misused online.
Implementing DMARC is as easy as adding a single DNS record, but that record needs to be customised to ensure that the reports go to the correct place for analysis.
Subscribing to a DMARC analysis service gives you an easy way to see on a day-by-day basis what's going on. The cost of this service starts from £60/year. If you'd like to get this setup for your domain then please contact us and we will provide the correct record for you to add to your DNS.
Backup your Google Workspace data
Backup your Google Workspace data
But surely Google backup any data that you store in Google Workspace, right? Wrong! Google does a really good job of keeping their platform and your data available, but it's still possible to lose data through human error (both by accident and on purpose). Storing an immutable copy of your data is also a good protection against ransomware and other nasty events that might befall you. Checkout my Google Workspace backup service here.
Going further
Going further
If you'd like to go even further then Google have published a Security checklist for small businesses (1-100 users) . Some of their recommendations are included above, but there are additional settings that they suggest which are all very sensible.
If you need any help or assistance with the above recommendations then please get in contact using the details here.
Report abuse