Email Forensics

How to Prevent Email Spoofing in Gmail?

Table of Content

    Email spoofing tricks you into believing you are communicating with a trusted source. The malicious act is potent, tough to evade, and easy for people to fall prey to, leading to huge losses. 

    It has also fueled the densification of mail service providers’ security infrastructures. The security protocols are there for your server to comply with. The recommendation for you is to grasp how to activate these protocols. These will help authenticate domains and subdomains that send mail on your behalf. These authentication mechanisms will also prevent fake servers from spoofing your domain for external users.


    Protect your Emails with SPF

    SPF on Gmail Workspace is a protocol that scrutinizes the sender’s server to ascertain if it is authorized to send mails to the recipient address. It will also ensure that emails from legitimate domains and subdomains are not flagged as spam because there is a TXT record to show that they are legitimate. 

    For efficient SPF operations, a TXT record has to be active. The recipient server will compare the IP of the sender with what is available on the server of who the sender claims to be. If the IP matches the records, it passes SPF. Otherwise, it will fail. Sometimes, mails from subdomains of legitimate senders also fail SPF because they fail to create a record for it on their server. Therefore, it is critical for Gmail administrators to add all domains and subdomains in one SPF record.

    The significance of SPF to enterprises receiving mails from others is prominent. It reduces the possibility of them being targets for actors who send spoofed or phishing messages on Gmail.

    How to Activate SPF?

    To add an SPF record to your domain, you must first create the record. An SPF record for a single domain should look like this:

    “V=spf1 ~all”

    Users for whom Google hosts the domain do not need to create one as Google automatically creates one. All you need to do is locate and update it. If your domain host is not Google, you need to contact your domain provider to help with the DNS settings or follow these steps.

    Steps to Add TXT Record to your Domain

    Step 1: Log in to your domain account.

    Step 2: Go to the page for updating DNS records. The name can be DNS Management, Server Management, or Advanced Settings. 

    Step 3: Look for TXT records and check if the domain has an existing SPF record. 

    Step 4: If there is already an SPF record in the domain, update it by including the subdomains you can allow to send emails on your behalf. A typical example will be: v=spf1 include: ~all

    Step 5: Save the record and wait for the new SPF record. It may take up to 48 hours.

    Protect your Emails with DKIM

    DKIM ensures that outbound messages from your server have digital signatures, which recipient mail servers will access with a public key. This authentication standard informs the recipient mail server that you are authentic. It also averts the alteration of mail content between two servers. DKIM solidifies your security and is an effective way to prevent email spoofing in Gmail. It will expose impersonators to the recipient servers and prevent your emails from being sent to spam.

    Steps for Setting up DKIM 

    • Sign in to your admin console using your administrator account.
    • Search for the menu icon.
    • Under the menu icon, navigate toApps > Google Workspace > Gmail.
    • In the Gmail section, click authenticate email.
    • Select the domain where you will set up DKIM.
    • Identify the Generate New Record icon and click on it.
    • A box will appear, containing DKIM key settings and options for DKIM key length and prefix selector. For the DKIM key selector, find out if your domain supports 2048-bit DKIM keys or 1024-bit DKIM keys. It is recommended to go for 2048-bit DKIM key because of its security strength.

    Note: The prefix selector should be Google. You can also add a different one if Google is already the default prefix of your domain DKIM key.

    • Click generate to get a new DKIM record. It may take about 24-72 hours to reflect.

    Steps to Add TXT Record and DKIM Key to your Domain

    Step 1: Log in to the Management Console of your domain provider. Google offers help for those with whom they host their domains. However, if your domain provider is not Google, you can contact them for assistance.

    Step 2: Identify the page for DNS settings.

    Step 3: Add TXT record for DKIM. There are two fields for this procedure. In the first field, add the TXT record name. The DNS record name is your DNS hostname. In the second field, add the DKIM key, which is the TXT record value.

    Step 4: Save the last action.

    It is to be noted that it takes 48 hours to update DNS records. Also, check outbound gateways and ensure they are not affecting the efficiency of DKIM. To do this, configure the outbound message not to modify content.

    Steps to Turn On DKIM

    • Log in to your Google Admin Console through an administrator account.
    • Search for the Menu and navigate to Apps > Google > Workspace > Gmail.
    • Then, click Authenticate Email.
    •  In the Domain menu, choose the domain where you want to turn on DKIM. 
    • Click the Start Authentication button to activate the DKIM.

    Protect Mail Server with DMARC

    DMARC is a protocol, which administrators on the receiving server use to communicate what to do with mail servers that fail SPF and DKIM. Hackers can spoof email domain. However, DMARC prevents this by creating policies that allow only authenticated mails to the recipient server. The effectiveness of this protocol depends on the policy set. There are three policies to consider when activating DMARC.

    1. None: This policy allows all messages to deliver even if they fail SPF or DKIM. It takes no action. Hence, it is only for practice.
    • Quarantine: This policy sends messages that fail SPF and DKIM to spam or junk folders. Quarantine also happen when subdomains of authorized senders are not on the same record which the recipient server queries for verification.
    • Reject: It rejects all emails that fail SPF and DKIM. The messages does not exist on the recipient server. It is recommended to apply this policy to get the best results.

    How to Set Up DMARC for Gmail?

    It is important to note that for DMARC to function, first turn on your SPF and DKIM. Also, you can generate a DMARC record using one of the online tools. For example: the DMARC generator.

    Steps to Add DMARC to DNS Zone

    Step 1: Log in to your Control Panel or DNS Management.

    Step 2: Go to domain and DNS administration.

    Step 3: Add the TXT record.

    Step 4: Type as the host/name (some providers automatically add the domain, so they only accept DMARC in the host value).

    Step 5: Copy and paste the value you generated from the DMARC generator into the Value field. For example: v=DMARC1; p = none;

    Step 6: Set TTL to the lowest.

    How do these 3 Security Protocols Work Together?

    SPF and DKIM are standard authentication methods that can work on their own. Nevertheless, you will need to activate SPF and DKIM for DMARC to function. While SPF and DKIM can perform independently in some situations, it is recommended to combine the three protocols to get critical results. Combining the three protocols is the best chance to tackle email spoofing. 

    SPF will only allow authorized servers to send emails on your behalf. On the other hand, DKIM will confirm to recipient servers that your server is legitimate. DMARC materializes the objective of SPF and DKIM. Its policy will prevent attackers from spoofing by rejecting their emails or quarantining them.

    Other Methods to Prevent Email Spoofing in Gmail

    • Practice Zero Trust for Inbound Mail

    Email spoofing is easy to spot if you maintain zero trust habits for emails you receive. To begin with, always check the header of your mail to see if the address is authentic. To do this, click on the three dots at the top right of your mailbox. The screen will display the complete detail of the email. 

    The attackers who spoof mails intend to get sensitive information from you or make you download malicious attachments. To prevent this, watch for spontaneous messages. These emails can be a gift redemption prompt, a job offer, or an unusual request from your manager.

    • Use Advanced eDiscovery Software to Investigate Email Spoofing Attacks

    A few advanced software can add an extra layer of security to mail receiving servers. They can also help to distinguish mails, which are from legitimate senders, but were pushed to the spam and junk folder, alongside malicious mails. Stellar Email Forensic is one such software that allows email investigation through a single interface. It supports more than 25 file formats. Also, this tool enables investigators to preview emails across various formats, such as HTML, RTF, Internet Header, Hex, etc. 

    With Stellar Email Forensic software, you can generate customized litigation reports and preserve the evidence with MD5 and SHA1 values. Another great feature of this tool is that it allows case management through tagging, bookmarking, and logs.

    Was this article helpful?

    No NO

    About The Author

    Related Posts


    Why Choose Stellar?

    • 0M+


    • 0+

      Years of Excellence

    • 0+

      R&D Engineers

    • 0+


    • 0+


    • 0+

      Awards Received