To put it simply. SPF, DKIM, and DMARC are a set of methods to authenticate emails. These methods prove to ISPs and mail services that the sender is actually authorized to send emails from a specific domain.
Additionally, they are a way to verify the server that is sending your emails is actually sending through your domain.
Below are the ways to set up SPF, DKIM, and DMARC:
SPF - Sender Policy Framework
Start by signing into the domain account on your domain host's site (not your Google Admin Console).
This can be GoDaddy, Squarespace, Namecheap, etc.
Go to the page/tab that is used to update your domain’s DNS records.
Some places to look include: DNS Management, Name Server Management, or Advanced Settings
Find your TXT records and check if your domain has an existing SPF record.
Note: The SPF record starts with “v=spf1…”.
If your domain already has an SPF record, remove it.
Create a TXT record with these values:
Name/Host/Alias - Enter @ or leave blank
Other DNS records for your domain might indicate the correct entry.
Time to Live (TTL) - Enter 3600 or leave the default.
Value/Answer/Destination - Enter v=spf1 include:_spf.google.com ~all.
This can take up to 48 hours to take effect.
DKIM - Domain Key Identified Mail
Log into Google Admin: admin.google.com
In the navigation menu on the left hand side: Menu > Apps > GSuite > Gmail
Generate a DKIM Key
Create a DNS TXT Record with the DKIM Key generated in the previous step.
For this you will need to go to your domain provider (GoDaddy, Squarespace, Namecheap, etc.)
After creating the DNS TXT Record in your domain with the DKIM Key, you can Start Authenticating.
DMARC - Domain-based Message Authentication, Reporting, and Conformance
Go to your domain administrator’s site. Find DNS Management or Settings.
Add this TXT Record to your DNS:
Host Name: _dmarc
VALUE (with email): v=DMARC1; p=quarantine; rua=mailto:{email}; pct=90; sp=none
Note: The email version will send reports to whatever email you put in there. This is totally optional. Here is the value without the email:
VALUE (no email): v=DMARC1; p=quarantine; pct=90; sp=none
Verify that all DNS settings were set up correctly here.