You can help prevent spoofing by adding a digital signature to outgoing message headers using the DKIM standard. This involves using a private domain key to encrypt your domain’s outgoing mail headers, and adding a public version of the key to the domain’s DNS records. Recipient servers can then retrieve the public key to decrypt incoming headers and verify that the message really comes from your domain and hasn’t been changed along the way.
Google Apps’ digital signature conforms to the DomainKeys Identified Mail (DKIM) standard.
Overview of steps
Repeat these steps for each domain associated with your Google Apps account.
- Generate the public domain key for your domain.
- Add the key to your domain’s DNS records so recipients can retrieve it for reading the DKIM header.
- Turn on email signing to begin adding the DKIM header to outgoing mail messages.
Skip the first 2 steps if you purchased your domain from one of our domain host partners while signing up for Google Apps. Google automatically generates the domain key and adds the necessary DNS record when you turn on authentication.
To generate the domain key used to sign mail:
- Click Apps > Google Apps > Gmail > Authenticate email.
- Select the domain for which you want to generate a domain key.
The name of your primary domain appears by default. To generate a domain key for a different domain, select it from the drop-down list.
- Click Generate new record.
- If your registrar doesn’t support 2048-bit keys, change the key length from 2048 to 1024.
- Optionally, update the text used as the DKIM selector prefix.
The selector prefix is used to distinguish the domain key that Google Apps uses from any other domain keys you may have. In most cases, you’ll select the default prefix “google”. The only reason to change the prefix is if your domain already uses a DKIM domain key with the selector prefix “google”.
- Click Generate.
The text box displays the information you need in order to create the DNS record that recipients query in order to retrieve the public domain key.