Enhance security for outgoing email (DKIM)
Turn on email signing
To maintain the safety and security of the email service, we use DKIM signing for all email messages. We now sign all email traffic not signed with DKIM originating from Google Cloud domains with d=*.gappssmtp.com. This should not cause any email delivery issues. In the rare event that your email is rejected, contact the receiving server administrator. In particular, you should suggest that receivers not reject emails based on a missing or unverifiable DKIM signature. See RFC 4871. To prevent any issues, we encourage you to add your own DKIM signature to your emails.
Begin signing mail messages with the domain key
- From the Admin console Home page, go to AppsG SuiteGmail.
- Click Authenticate email.
- Select the domain whose mail you want to sign with the domain key.
The page indicates the status of the domain key for the selected domain.
- Click Start authentication.
You can activate DKIM authentication only after updating the DNS records for the domain. G Suite tries to verify the existence of the DKIM domain key and displays a warning message if unable to do so. You might need to wait for up to 48 hours for the DNS record updates to take effect.
- To confirm that DKIM signing is active, send an email message to someone who is using Gmail or G Suite.
- Open the message in the recipient's inbox.
- Click the at the right of the "Reply" arrow, then choose Show original from the drop-down menu to open the message header.
- In the header, find the line starting with "DKIM-Signature", as in the following example:
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mydomain.com; s=google;
(Where 'd' is the sending domain, and 's' is the signing domain)
This line in the email header confirms that DKIM authentication is active.
Note: You can't perform this test by sending yourself a test message.