G Suite Email Broken? | How to Check & Fix your DNS and MX Records

G Suite Email Broken? | How to Check & Fix your DNS and MX Records

G Suite Email Broken? | How to Check & Fix your DNS and MX Records

G Suite Email Broken? | How to Check \u0026 Fix your DNS and MX Records

G Suite MX records should be properly configured not only to receive emails to your domain but also to prevent spam messages from bypassing spam filters.

In this video, we’re sharing how to check and fix the DNS and MX records for your domain.

Read more here:https://www.itgenius.com/how-to-check

Links:
- https://mxtoolbox.com/
- https://cloudflare.com/
- https://support.google.com/a/answer/1
- https://support.google.com/a/answer/3
- https://support.google.com/a/answer/1
- https://support.google.com/a/answer/2

#gsuite #googlecloud #smallbusiness #technology #remotework

Get a FREE Google account audit and professional training: https://www.itGenius.com/transfer-in/

Join our FREE community for business owners: https://www.itgenius.com/gsc/?utm_sou

Claim a FREE consultation: https://www.itgenius.com/consult/?utm

*************************************************************************

We work with ambitious entrepreneurs and business leaders to ensure effective technology strategy is a central driver of their success and a key enabler of business growth. With our help, our customers use innovative technology as an unfair strategic advantage to outsmart their competition and lead their industries.

itGenius is the #1 Small Business Google Cloud partner in Australia and services 1000’s of businesses worldwide. While we retain many significant clientele including Canva, Hubspot, Fairfax and Anytime Fitness as well as multiple Australian Government departments, we specialise in and most enjoy servicing our primarily micro and SME customer base of enterprising and enthusiastic entrepreneur-led companies, who typically employ teams of less than 50 but have big goals for growth and impact.

We specialise in helping businesses un-chain the shackles of overcomplicated or outdated technology strategy and deliver results that simplify \u0026 reduce complexity, dramatically minimise spend, create operational flow and sometimes… even spark joy! We are leaders in implementation and support of G Suite, Dialpad, Asana and many other leading cloud-based business tools, having successfully completed 1000+ implementation projects and have proudly received 100’s of 5-star reviews from happy customers (Google us!).

We can help you:
- Boost your team’s productivity and operational efficiency while slashing your IT spend,
- Work from anywhere, anytime, on any device with killer communication and collaboration tools, and
- Resurrect your business technology from being ‘that scary black box’ to your friend once again

Join our FREE community for business owners: https://www.itGenius.com/gsc?utm_sour

Tags: g suite,fix your g suite,g suite dns record,fix g suite dns record,fix g suite mx records,g suite mx records,g suite administrator,g suite administration console,google apps administration console,google apps administrator,g suite admin login,g suite admin console login,g suite login admin


Content

0.29 -> - Good afternoon, everyone.
1.29 -> Peter Moriarty here, great to have you here.
4.01 -> Now, today, we are gonna be covering
5.43 -> how to make sure your DNS is all in check
8.33 -> for your G-Suite, and we're gonna be covering off
10.31 -> your MX records, SPF, DMARC, DKIM.
13.22 -> If they all sound like gobbledygook to you,
15.52 -> then we're gonna help you out understanding
17.36 -> what are DNS records and why they're important.
19.61 -> And I'm gonna take you through a guide
20.91 -> on how to get them fixed.
22.13 -> Now, before we get into it,
23.37 -> it's really important for me to say
25.09 -> that if you're a business owner,
26.22 -> it's probably not good use of your time
28.26 -> to be messing around with your DNS records.
30.13 -> I, for a long time have hesitated making this video,
33.28 -> because I didn't wanna encourage business owners
36.01 -> to be messing around with this stuff.
37.81 -> Honestly, it's not great use of your time,
39.71 -> and it's much better to delegate
41.1 -> to somebody else to take care of.
42.52 -> And that's because it's really easy to get it wrong.
44.76 -> And although there are many online guides,
47.1 -> which make it seem really easy to get this done,
49.58 -> it's kind of like asking someone
51.36 -> who's not really an expert to juggle knives.
54.73 -> Yeah, if you get it right, it's gonna be fine,
56.78 -> but if you mess something up,
57.86 -> then you're gonna have a bad time.
59.2 -> So really at the end of the day,
60.81 -> I would recommend you leave this to an IT professional
63.44 -> for anything DNS.
64.86 -> But if you want to have a go yourself,
65.97 -> I'm gonna show you exactly what to do.
68 -> Like many people that I've shown how to do this,
70.52 -> you may find that like many people,
71.86 -> part of the way through the process,
72.98 -> you get to the end and you decide
74.53 -> that you want to delegate it to someone else,
76.23 -> which I would thoroughly recommend.
78.14 -> Okay, now we've got that out of the way.
79.6 -> Let's get into the actual content.
81.31 -> And if you're wondering where I am,
83.03 -> I'm actually based in a camper van at the moment,
85.27 -> and I'm traveling around Australia.
87.17 -> And so I'm streaming and working from wherever I am.
89.61 -> So if you're joining from somewhere in Australia
92.7 -> or outside of Australia,
93.82 -> please go ahead and drop your location down below.
95.94 -> I'd love to know where you're watching from,
97.72 -> and we're going to jump into our guide now.
99.67 -> So the first thing that you're gonna need,
101.04 -> you're gonna need a few things to get this working.
103.13 -> The first thing that you're gonna need
104.24 -> is access to a DNS toolbox.
107.24 -> And this is the one that I use and recommend.
109.16 -> It's called MX toolbox and MX toolbox
111.81 -> is the one that we want to use in this session
114.63 -> for me to show you exactly how all of this works,
116.93 -> you're also gonna need access to your DNS.
118.787 -> So I happened to use CloudFlare for my DNS.
122.76 -> You might be using GoDaddy or Crazy Domains,
126.32 -> but we're gonna be using CloudFlare.
128.13 -> And I'm gonna show you how all this works in CloudFlare.
130.45 -> Number three thing that you need
132.3 -> is the Google admin console,
134.53 -> and so the Google admin console
136.41 -> is where we do all of the admin settings
138.9 -> for our G-Suite account.
140.18 -> So obviously you need to be an administrator.
142.13 -> You're gonna need to be able to access that.
143.58 -> And then I'm gonna use some of the Google help guides
146.41 -> here as well.
147.243 -> And so here with the help guides,
149 -> you can see these actually cover off some of the protocols
152.59 -> that we're gonna be working with.
153.62 -> So we've got DMARC there, SPF,
155.34 -> and then we have the MX records as well.
157.81 -> Cool. Okay. So now we've got all those taken care of.
159.77 -> I want to actually take you through
161.69 -> what the DNS records are and how to understand
164.34 -> what is what.
165.173 -> There's A records, there's SPF, MX records, CNAME records.
168.64 -> It all gets a bit confusing,
169.79 -> but the ones that are most important here
171.47 -> are the MX records.
172.924 -> And the MX records are the ones that tell your domain name,
175.929 -> where to deliver email and tell the email servers,
178.85 -> all over the world, where to deliver email for you as well.
182.05 -> And so these are MX records, they stand for mail exchanger,
185.3 -> and we are gonna to be working with our MX records today.
188.18 -> Now there are four types of records
189.99 -> that we're gonna be working with MX, SPF, DKIM and DMARC.
194.3 -> And those four records represent different kinds of elements
197.95 -> on mail delivery.
199.08 -> They're all related to the MX records
200.9 -> and they all have to do with mail delivery,
202.68 -> making sure that email comes into your domain properly,
204.8 -> and then making sure
205.633 -> that email goes out of your domain name properly.
208.03 -> Now I'll try and describe these in different ways
209.78 -> to give you a bit of an idea of what each of them are.
212.21 -> MX records are like a address book
214.81 -> or like your entry in the address book.
216.64 -> And what they do is they tell someone where to go.
219.06 -> So if you remember an old school address book,
220.68 -> you'd open it up, you look for someone's name
222.91 -> and in there, it would tell you exactly
223.95 -> where you need to go to get to that person's house
226.18 -> or what their phone number is.
227.42 -> And that's what those ones do.
228.65 -> And so MX records basically point someone
231.23 -> to the right mail server.
232.22 -> Now one mail server might be G-Suite,
234.1 -> one mail server might be Microsoft Office 365.
237.1 -> It might be a server sitting in an office somewhere,
240 -> but MX records are going to basically point
242.2 -> someone's email to the right place,
243.9 -> somewhere on the internet.
245.02 -> The next ones are called SPF
247.03 -> and that stands for, Sender Policy Framework.
249.35 -> And that is basically like allowing
252.44 -> someone to send on your behalf or let's say,
255.08 -> a license to send.
256.54 -> And that license to send says
258.48 -> which email hosts are allowed to send email
262.27 -> using your domain name.
263.71 -> Now anyone with a computer
265.04 -> can pretend to be someone's email address, right?
267.76 -> It'd kind of be like,
268.88 -> getting an envelope and putting someone else's name
270.87 -> on the back of the envelope.
271.767 -> But if you have a license to send,
274.5 -> then it actually gives you a bit more of a confirmed sending
280.3 -> on the actual letter.
281.4 -> If you know, when you receive a letter,
282.96 -> it has little stamps there and little barcodes
285.63 -> and things that have been stamped on by the post office.
287.55 -> The other kind of things
288.383 -> that are picked up from the different post offices
290.78 -> and different mail routes,
291.84 -> and they actually identify who is sending mail
294.53 -> and where is it coming from?
296.06 -> And so that SPF record is a licensed to send.
298.54 -> If there is not a license to send,
300.95 -> if someone sends an email from an email server
303.07 -> and it's not been licensed,
305.12 -> then it will deprioritize that email.
309.1 -> And so servers all over the world,
310.61 -> will look for those licenses and if someone sends an email
313.5 -> from a Microsoft server
314.69 -> and your emails are based on G-Suite,
317.16 -> if everything is configured correctly,
318.82 -> then it should actually deprioritize the sending
321.66 -> from that Microsoft server.
323 -> So that's what the license to send is for.
325 -> And that is SPF.
326.7 -> Okay, let's talk about the next one.
328.17 -> The next one is DKIM
329.75 -> and I've forgotten the acronym for that,
331.47 -> but DKIM is a way of authenticating your mail
335.18 -> when you send it.
336.2 -> So when you send your email,
338.13 -> most email is what all email is actually, unencrypted.
340.74 -> But what DKIM does,
342.24 -> is it electronically and digitally signs the email,
345.98 -> it doesn't encrypt it,
347.04 -> but it signs it with an electronic signature.
349.14 -> Now, what it says is,
350.37 -> I'm really, really coming from this particular source
353.07 -> and think of that a little bit like a wax seal.
356.26 -> When you put a wax seal on a letter,
357.73 -> then you know that no one else has opened it
359.02 -> and it's actually come from this person.
361.15 -> And so when we implement DKIM
363.57 -> and we set that up in our DNS records,
365.24 -> it means that emails that are sent from G-Suite
368.52 -> are actually going to be properly authenticated as really,
372.52 -> really coming from G suite.
373.91 -> So that's what DKIM does
375.54 -> and that's what we're going to use that for.
377.28 -> And the final one is called DMARC,
379.58 -> and DMARC is basically, it's a policy.
382.48 -> And what the DMARC policy does,
384.1 -> is it actually enforces the the SPF policy.
387.53 -> And so think of DMARC as like the police
390.74 -> to enforce the license to send.
392.87 -> So if someone's been granted a license to send
394.95 -> on your behalf on your domain, then DMARC polices that,
398.01 -> and you can either have a relaxed police force
400.13 -> who kind of don't mind
401.17 -> if other people send on behalf of your domain,
403.04 -> or you can have a really strict military police,
405.79 -> and you get to choose that
407.13 -> when you implement the DMARC policy.
409.26 -> And we're gonna take you guys through
410.58 -> and show you the differences between those. Cool.
413.55 -> So now we've gone through
414.849 -> the different types of DNS records there.
417.27 -> What we're gonna do from here on out
419.17 -> is we're gonna go through actually setting them up.
421.44 -> As I said, you're gonna need some different areas
423.72 -> in your account.
424.72 -> So we've got the MX toolbox, that's at mxtoolbox.com,
428.51 -> and we're gonna be using that one
429.91 -> to set up our mail flow and test all of our records.
432.493 -> Cloudflare is your DNS access, you need your admin panel,
436.7 -> and then we're gonna use some of the others here.
438.04 -> So the first one we're gonna get done is our MX records.
441.36 -> We're gonna check that the actual MX records are correct.
443.687 -> And to do that, you just basically type in your domain name,
446.68 -> I'm going to use itgenius.com.
448.91 -> And I'm going to do an MX look up on my MX toolbox here.
452.4 -> And what this is going to do is
453.85 -> this is gonna allow me to see what my records are.
457.67 -> And it's actually gonna give me
458.68 -> a few little tick boxes here.
460.58 -> Now you notice here
461.413 -> that there's a number of different records.
462.823 -> There's some numbers here, there's some host names,
466.15 -> there's even IP addresses.
467.99 -> The only ones that matter for us are the numbers
470.49 -> and the host names,
471.323 -> because the IP addresses are typically automatic.
474.02 -> So we don't need to worry too much about those.
475.58 -> And you can see here
476.413 -> that it's even picked up that my email service provider
478.76 -> is Google Apps. Okay?
480.03 -> So that is all looking correct.
482.06 -> So how do we actually do that?
483.41 -> Let's jump into our DNS
484.72 -> and have a look at what that looks like.
485.97 -> So let's go into my CloudFlare here.
488.22 -> I'm gonna open up my itgenius.com
490.66 -> and I'm gonna go to DNS.
491.95 -> And this is where I can set up my different DNS records.
494.54 -> Now there's A records, CNAME records, text records.
497.38 -> I don't have time to go through
498.75 -> what all the different ones mean,
499.97 -> but we're gonna be working with our MX records here.
503.32 -> You can see that there are actually five MX records
506.66 -> that have been created.
507.52 -> So we've got a primary mail server,
511.33 -> and that is priority one.
513.37 -> And then we have alternative mail servers
515.72 -> with two on priority five and two on priority 10.
519.05 -> And the priority is as simple as it sounds.
522.07 -> You're basically saying which ones you want to prioritize
524.64 -> sending mail to.
525.81 -> Now Google's one of the best infrastructure companies
528.09 -> in the world, although they're not perfect
529.89 -> and IT systems are not perfect, every now and again,
532.41 -> through either user error or a computer error,
535.07 -> you have issues that happen where a mail system
538.27 -> will stop working.
539.49 -> An email delivery system will stop working.
541.17 -> And so rather than have your emails
543.2 -> bouncing back to the senders,
544.93 -> we wanna have backup servers that they go to.
546.99 -> And those backup servers
547.823 -> are gonna be in different geographical locations
550.53 -> and gonna have different configurations
553.07 -> so that they're always available.
554.65 -> And so that's why we have priorities
556.59 -> and we have different levels of mail servers.
558.54 -> So we'll always have one primary one
560.46 -> but then we'll have multiple backups as well.
562.96 -> So that's the reason that we have
564.38 -> the different ones that are here.
566.45 -> So let's go ahead and jump back in
568.99 -> and have a look at what are the MX records
571.46 -> that we actually need to set up for G-Suite.
574.15 -> You can see here that in the help guide
576.67 -> we've got the different levels of MX records
579.1 -> that need to be created or configured.
580.77 -> And you can see they're just asking us
582.87 -> in the host name to just put an add sign.
584.82 -> That means that we're not going to do it for a sub domain.
587.68 -> We're just gonna do it for our primary domain.
589.58 -> And then you can see here
590.67 -> that we've got our different priorities.
592.41 -> And so it's just a matter of cutting and pasting these,
594.53 -> pretty straightforward.
595.59 -> And then if we are in our CloudFlare,
597.3 -> we're gonna create a new record.
599 -> Remember we're doing a MX record
601.28 -> because we're working with mail.
602.45 -> If you want it to just be for the root domain,
604.54 -> you just put the @ sign
606.31 -> and then we're gonna pop in the mail server there.
609.29 -> Now you'll see, it's gonna ask us for the priority.
611.56 -> And we said, this one was our number one priority.
613.86 -> So we're gonna go ahead and pop in number one.
616.34 -> And that is just a matter of pretty much cutting
618.14 -> and pasting to make sure that all of these
620.81 -> are connected along
622.55 -> and they will all appear in your MX records
627.08 -> and they'll automatically order themselves.
629.03 -> Now, obviously I've set this up myself previously
631.43 -> and it is all working.
632.84 -> Now importantly, if you are setting up these mail records,
636.05 -> you need to then remove any previous mail records
638.94 -> for any previous mail servers,
640.33 -> or you might have an old email service.
641.86 -> You might have Office 365
643.3 -> and so any of those previous mail services
645.33 -> that you may have used,
646.55 -> you actually want to clear those out and remove them,
649.2 -> keep in mind, the moment that you implement this,
651.38 -> it's going to start updating DNS servers all over the world.
654.86 -> And so if you do happen to get something wrong,
657.18 -> your email might start bouncing with your customers.
660.07 -> So if for any reason you are not confident with this,
662.85 -> it might be better to delegate someone else
664.67 -> to take care of it. Okay?
666.21 -> So we've got the MX records done.
667.67 -> Now it's time to do the most important bits
669.72 -> because this kind of tells us where the mail should go.
673.31 -> Remember I said,
674.143 -> it's a little bit like having an address book,
675.89 -> but what we wanna do is after setting up the address book,
679.52 -> we also wanna make sure
681 -> that we have a little bit more security
683.38 -> added to our mail so that not just anyone
685.78 -> can pretend to be us on the internet.
687.67 -> And most business owners are not aware that SPF, DKIM,
691.16 -> and even DMARC actually exist.
692.9 -> And so that's why we're going to be going through those now.
695.87 -> So let's go into our next one, which is SPF.
698.47 -> And I'm gonna go back here to my super tool.
701.79 -> I've got the domain name there,
702.84 -> and we're gonna do an SPF lookup.
704.75 -> And you can see here, this is going to show us
706.45 -> all of the SPF records that I've created.
708.99 -> And so from here, this is like an allow list.
711.92 -> Remember, this is a license to sell.
714.26 -> And so this is the list that we are allowing
717.05 -> for anyone to send on behalf of our domain.
720.6 -> Now, Google is not the only place
722.45 -> that we're actually sending from.
723.64 -> If we're sending from a G-Suite account,
725.72 -> it may be an Infusionsoft account that we have.
728.3 -> We may have an ActiveCampaign account,
730.09 -> any one of those different places on the internet
732.34 -> we may be sending email from.
734.07 -> And so we wanna make sure that anything
736.14 -> that is sending email on behalf, including our website
739.37 -> actually includes the SPF record
742.23 -> in our record here inside our DNS.
744.55 -> If you don't get this right,
745.95 -> if we don't authorize Google to have a license to send,
748.75 -> then anytime we send email from Google,
750.65 -> it's actually less likely to be delivered to our customers.
753.95 -> If we don't have a license to send for our ActiveCampaign
756.56 -> or our Infusionsoft,
757.91 -> then those emails are not gonna go out either.
760.17 -> If we don't have a license to send from our website,
762.9 -> or when someone fills out a web form,
764.52 -> we might not get the email notification
766.82 -> coming in to our inbox.
768.44 -> So this is what it looks like
770.03 -> when we have them here set up in an SPF record.
773.6 -> You can see here that I've got the Google SPF record.
776.54 -> It's there.
777.373 -> We have Infusion Mail, which is Infusionsoft.
779.53 -> I've got Zendesk there.
780.66 -> I've got a number of other manual IP addresses,
783.29 -> and they are linked to websites and other places on the web.
786.33 -> And then you can see, we also have Mandrill,
788.64 -> which is a, another email sending service that we use.
791.89 -> And importantly, the last one here is
794.32 -> what do we do with everything else?
797 -> And so, it's called the tilt prefix here.
799.49 -> That one will actually set up the SPF record to say,
803.51 -> if someone is not on the list,
804.9 -> if they don't have a license to send,
806.85 -> mark the mail as dubious.
808.94 -> Now there's other options here.
810.06 -> If you just put a minus sign,
812.21 -> it will actually drop the mail.
813.55 -> It will say, this email is not a legitimate email
816.53 -> and it'll automatically drop it.
817.8 -> But I'll leave the tilt in there just in case.
820.09 -> And so that will allow you to say that anything
822.53 -> that does not have a license to send
824.35 -> is just going to be questioned,
826.6 -> but not necessarily automatically dropped.
828.42 -> I could be a bit stricter on that now
830.01 -> that we've got it all set up correctly
831.53 -> and probably put in the minus sign
833.46 -> and just drop anything else.
834.68 -> That's how it's set up right now.
836.04 -> And that's probably the easiest thing for you to do,
838.11 -> particularly if you're going to be setting this up,
840.25 -> to set up your website and other apps, inevitably,
843.87 -> most people will forget one or two applications
846.5 -> when they're running around
847.36 -> trying to find the records for all of these.
849.023 -> Now, how do you find those records?
850.59 -> Well, you're gonna need to go to the help guides
852.4 -> for each one of those different websites or services
855.42 -> that you're using.
856.253 -> And you need to find the SPF record settings
859 -> for each one of those, and then come back
861.23 -> and add them into here.
862.53 -> So how do we actually create an SPF record?
865.09 -> Well, let's go into our DNS
866.93 -> and an SPF record is gonna sit in a text record.
871.38 -> And so text records
872.56 -> are a way of creating a record inside your DNS.
875.64 -> It's a bit different to an MX record.
877.18 -> It's a way of just putting other technical data
880.14 -> into your DNS, which doesn't normally fit
882.35 -> in the A records or the MX records or the CNAME records.
885.66 -> And so what we're gonna do
887.05 -> is we will go into our text records here.
889.74 -> Let me show you what that looks like.
890.91 -> And inside our text record, you can see that.
893.15 -> Okay itgenius.com, SPF. Here we go. Excellent.
896.04 -> So we've got our SPF record.
897.57 -> Google actually has a example one
900.22 -> that you can get started with.
901.78 -> So if you go to the SPF record help page,
905.51 -> you can see that Google will actually have a example one.
909.76 -> Let me see if I can find their example.
914.03 -> So that's just starter one
915.23 -> v=SPF, you just need to have there regardless.
918.2 -> include Google means,
919.19 -> you're adding a Google to the list of included services.
922.34 -> And then the 'all' at the end there with the tilt
925.2 -> is going to specify what you do with anything
928.38 -> that is not on your list of licensed to send mail servers.
932.22 -> Okay, so we've got those done. Great.
934.61 -> Then we're gonna come back in
935.87 -> and we're also gonna add all the others
937.62 -> so you can see I've got my v=SPF,
940.03 -> it just tells the text record that this is an SPF record
941.973 -> that we're creating.
943.36 -> Next up, we have the actual Google SPF record.
947.03 -> I have the other SPF records, any manual IP addresses,
950.43 -> I wanna add, I just put in as IP4,
952.96 -> and then I put in the address there
955.56 -> and then all the way through to the tilt.
958.57 -> And then we go ahead there and click save.
960.98 -> And that's going to automatically
963.32 -> add that to our domain name DNS.
966.76 -> Super easy, right?
967.97 -> Now that takes time to get perfect.
970.46 -> You've got to make sure that you've got them exactly right,
973.01 -> because if they're not exactly right,
975.17 -> then it's not gonna give the correct license to send
977.48 -> to your email domains.
978.67 -> And so I like to test these
981.25 -> by actually sending an email
983.65 -> and then jumping into my mailbox.
985.58 -> So I send an email to myself
987.03 -> and then I open up the mail headers.
989.24 -> And I review whether or not it is past SPF.
991.71 -> I don't have time to go into that and in this video,
993.68 -> but you can research how to check the mail headers.
996.33 -> They actually go through into your email
999.02 -> and inside of Gmail, you can view the mail source
1001.17 -> and it will show you all the headers.
1002.39 -> Then you can view those
1003.53 -> and make sure that that has been done.
1004.62 -> Okay, we've done two out of four.
1006.5 -> We've done our MX records, and now we've gone through,
1009.14 -> and we've done our SPF records as well.
1011.56 -> They are two pieces to the puzzle,
1013.36 -> but remember we want to go onto the next one.
1015.47 -> And from here, we want to go to our wax seal.
1019.61 -> And so the wax seal is our DKIM
1022.48 -> and that's how we're going to electronically sign these.
1026.26 -> So they're actually signed properly.
1028 -> And when they're signed properly,
1029.01 -> it's gonna be a little cryptographic message on the email
1032.04 -> that actually says, yes this has actually come from Google
1035.37 -> or yes this has actually come from Microsoft.
1037.11 -> But obviously we're using Google as an example here. Okay.
1040.46 -> So let's go into our admin panel
1042.6 -> and inside our admin panel is where we're going to
1045.2 -> manage our DKIM, the easiest way to do that,
1048.07 -> is just search for DKIM.
1050.12 -> And it's in the authenticate email menu setting
1052.95 -> inside of G-Suite.
1054.34 -> So that's gonna open this up for us in our admin panel.
1057.42 -> Obviously you need to be a G-Suite administrator
1060.04 -> to get access to this,
1061.06 -> and this is where we're going to make it happen.
1063.45 -> Okay. So authenticate email, let's open that up.
1066.16 -> And from here, you can see that this is going to give us
1069.31 -> a host name and then also a text record value.
1073.12 -> And it's just a matter of grabbing that and from there,
1076.16 -> we're gonna cut and paste that into another text record.
1079.4 -> Now, remember the purpose of this is a wax seal.
1083.19 -> And so this wax seal is gonna authenticate the emails.
1086 -> We first need to set this up in our DNS,
1088.94 -> and then we need to wait 24 to 48 hours
1091.14 -> before we switch it on.
1092.98 -> And then once we switch it on,
1094.15 -> it's going to activate the wax seal.
1096.38 -> And any email that gets sent from G-Suite
1099.36 -> is automatically gonna include that wax seal.
1101.69 -> Now, we don't want to activate that wax seal
1104.11 -> until it's actually been set up in the DNS
1106.46 -> and it's propagated because DNS can take up to,
1109.55 -> 24 to 48 hours to kind of swim it's way around the internet
1112.9 -> for everyone to get the message that this has been updated.
1115.4 -> And so this is one that you wanna set up
1117.03 -> and then come back to in two days time. Okay.
1120.07 -> So we've got our code there
1122.13 -> and we're simply gonna take that code.
1123.89 -> We're gonna go back to our DNS.
1125.38 -> You can see here that in this instance,
1127.67 -> we are not actually using itgenius.com.
1129.9 -> It's not actually the root domain name.
1131.71 -> So when we go and create that record,
1134.23 -> let's cancel that old record I used as an example.
1136.95 -> And when we go and create this record here,
1139.21 -> let's go and open that up.
1141.5 -> We're gonna do a text record,
1143.44 -> and then we're going to grab the actual Google domain key.
1147.64 -> We're gonna pop that in the top
1148.73 -> and then our content we're gonna drop in the bottom.
1151.62 -> And so it's not going to be on the actual root level.
1155.75 -> It's going to sit on the sub domain level
1158.93 -> and that's just the way that a DKIM works.
1160.99 -> We're gonna hit the save button
1162.34 -> and that's gonna automatically save the record for us.
1164.64 -> Here's one that I prepared earlier.
1166.19 -> The DKIM automatically sits there.
1168.89 -> So it's always ready to rock and roll. Okay.
1172.52 -> That's about it.
1173.353 -> The only thing we need to do then in 24 hours time
1175.95 -> is we need to come back to our authenticate email screen,
1179.93 -> and we're going to click the button here
1182.26 -> that says, start authentication.
1184.5 -> Mine is currently authenticating.
1185.86 -> So I've only got the stop button there,
1187.62 -> but we're gonna to start authentication
1189.36 -> and that's going to enable our authentication there.
1192.48 -> There we go, we're done.
1193.32 -> Three out of four. Awesome. Okay.
1195.17 -> So let's go on to DMARC.
1197.44 -> So we're up to number four now,
1198.86 -> and we are going to do DMARC
1200.82 -> and remember DMARC are the police that are going to enforce
1204.7 -> the SPF record.
1206.09 -> And so what DMARC does,
1207.75 -> is it gives us another level of enforcement in actually
1212.08 -> having a transparency report.
1214.51 -> And I'm gonna try and, stick with me here, guys.
1216.54 -> We get a transparency report when we use DMARC
1219.37 -> from all of the mail servers in the world
1221.78 -> to report in on their emails that they sent to our domain.
1224.86 -> And it's actually going to say to us
1226.15 -> whether they successfully delivered email to our domain,
1229.09 -> or whether they dropped email to our domain.
1231.65 -> And what that means is that if someone is spamming
1233.51 -> or pretending to be us,
1234.44 -> which is a very, very common occurrence,
1237.78 -> it's a very common type of phishing attack.
1239.81 -> You'll get an email that looks like it came from your CFO.
1242.68 -> And when you respond to that email, they say,
1245.057 -> "Hey, send me $10,000
1246.72 -> to this offshore bank account, please."
1248.67 -> And then what happens is
1250.14 -> you reply to that email and it may even be,
1252.17 -> being bounced through another external server.
1254.41 -> And unfortunately many people have been scammed,
1257.41 -> due to scams like that.
1258.57 -> And so what we're gonna to be doing
1260.03 -> is we're gonna be switching on DMARC,
1261.49 -> which remember is the police that enforce the SPF record.
1264.86 -> So they're gonna enforce the license to send,
1268.16 -> and this is going to actually gain a transparency report
1271.89 -> from everyone else in the world
1273.47 -> who is sending them out through the world's mail servers.
1275.88 -> Now, do you actually need to read
1276.96 -> every one of those reports?
1278.03 -> No, that's not important.
1279.2 -> What is important is that you're forcing those accounts
1282.44 -> to be transparent, and you're actually forcing
1284.7 -> the implementation of the license to send.
1287.57 -> So to turn on DMARC,
1288.84 -> it's a little bit more complicated on this one,
1291.38 -> but we're gonna to take you through it.
1293.14 -> You can see here that
1293.973 -> there are a number of different DMARC policies
1296.45 -> and it does get pretty advanced.
1298.45 -> Again, we're gonna be using a text record
1300.42 -> and you can see here
1301.29 -> that there are a number of different operators,
1303.6 -> which will tell you what to do with email.
1306.55 -> But the most basic concept for you to grasp
1308.8 -> is we're gonna be instructing mail servers,
1311.35 -> how to implement and how to enforce the license to send.
1315.8 -> We're gonna say, right.
1316.8 -> Well, if you uncover an email
1318.75 -> that is not included in the license to send,
1322.03 -> then from there, you can either quarantine it,
1324.89 -> reject it or do nothing. Okay?
1327.41 -> So we've got multiple options here.
1328.6 -> You can quarantine, you can reject, or you can do nothing.
1332.36 -> So quarantine means,
1333.76 -> telling or instructing someone's spam filter
1336.71 -> to quarantine that email every single time.
1339.61 -> Rejecting means obviously rejecting that email completely.
1342.45 -> And then if you do nothing,
1344.03 -> the none option is we're just gonna report on the mail flow,
1348.25 -> but we're not actually going to do anything with it.
1350.21 -> And so you can see here, we've got the different operators,
1353.733 -> so he would be policy.
1354.566 -> So policy would be none, quarantine or reject.
1356.93 -> And then we're gonna give a percentage as well,
1359.35 -> because when you implement DMARC,
1361.2 -> one of the things that you can do
1362.92 -> is you can actually choose to do a phased approach.
1365.78 -> If you've got a lot of mail flow,
1367.16 -> we send thousands of emails a day, invoices,
1369.42 -> automatic responses from our billing system
1371.31 -> and all of those kinds of systems to different customers.
1373.19 -> If we're sending that many emails
1375.32 -> and we want to implement a policy like this,
1377.62 -> if we get it wrong
1378.49 -> and we accidentally enforced too strongly,
1380.89 -> well then legitimate emails
1382.23 -> may not be sent from some of our internal systems,
1384.61 -> or maybe some of our customers won't receive emails,
1386.713 -> they are supposed to receive.
1388.53 -> And so if we want to, we can actually implement this slowly.
1392.09 -> And what we usually do is we'll start with none.
1394.72 -> We'll start with just reporting.
1396.02 -> Then step number two, we'll go to quarantine.
1398.57 -> And then when we're really comfortable with that,
1400.06 -> we'll go to reject.
1401.26 -> And based on what you can see here,
1402.86 -> we can choose to act on certain levels of email as well,
1406.95 -> whether it's like 10% or 20% as we're phasing this in,
1410.37 -> but I'd say start with the none,
1412.22 -> start with the zero reporting and then bit by bit
1415.3 -> implement the others.
1416.35 -> And so let's go ahead
1417.3 -> and have a look at what our actual DMARC record looks like.
1421.44 -> So I'm gonna go into my super tool here to the start,
1425.2 -> where we started and let's go and look up our DMARC policy
1429.06 -> for itgenius.com.
1430.58 -> By the way, this is public information.
1432.86 -> This is all based on somebody's actual public DNS records.
1437.81 -> And when something is on public DNS records,
1440.56 -> then you can search any domain name
1442.4 -> and basically get access to this. Okay?
1444.47 -> So you can see here,
1445.81 -> our record is currently set up as DMARC,
1448.917 -> the policy is to quarantine.
1451.14 -> So the policy is quarantine, we are going to reject.
1453.67 -> It is 20% and then are you a return address?
1458.34 -> What that means is that anyone
1460.62 -> who is running a mail server anywhere in the world,
1462.59 -> and this is the Microsofts, the Googles,
1463.95 -> the anyone else, they will actually send an email report
1467.63 -> sometimes daily, sometimes weekly on any emails
1470.67 -> that they send to that email domain,
1473.24 -> anyone that they've sent on behalf of your domain,
1475.77 -> they're actually gonna send you that transparency report.
1478.38 -> And this is how that enforcement actually works.
1481.32 -> And so we are going to quarantine the email,
1485.34 -> the policy though, is to reject it's 20% of emails,
1489.21 -> so it's not all of emails.
1490.33 -> And then they're actually gonna send
1491.357 -> the transparency report through to my direct email address,
1494.84 -> is where it's going to. Okay.
1496.39 -> So what does that look like in our actual DNS?
1499.42 -> Let's jump into our actual DNS.
1501.34 -> I will open up my DMARC policy. So we've got that there.
1504.71 -> And again, there is an example to generate
1507.68 -> and create your own record, here in the Google help guide.
1513.36 -> And I'll post all the links
1514.25 -> to the Google help guides below this video. Okay.
1518.04 -> They are our four....
1519.3 -> Let's do a quick summary on the four different types
1521.58 -> of DNS records and what they are actually used for.
1524.54 -> Remember the MX records are your address book.
1527.1 -> And what that chooses is where the email actually goes to.
1530.48 -> It's like your public address book listing,
1532.35 -> number two is SPF that is a license to send.
1535.54 -> And what that does is that confirms
1538.26 -> that any mail service sending on your behalf
1540.36 -> is actually authorized to do so.
1541.8 -> And so you can choose
1542.78 -> who does and who doesn't have a license
1544.13 -> to send on your behalf.
1545.37 -> DKIM is the wax seal that says, yes,
1548.07 -> this is truly actually an authenticated email
1550.89 -> that has come from the correct sender
1553.09 -> that it says that it's come from.
1554.5 -> And then number four is DMARC.
1556.47 -> That is the police that enforce the license to send.
1559.67 -> And they include the transparency reports, as well.
1562.34 -> As I said, at the start of this video,
1564.16 -> this is really stuff that is not a great idea
1566.39 -> for you to be messing about with, if you're a business owner
1568.89 -> and you are not a complete techo.
1570.97 -> DNS took me literally years to master,
1573.55 -> and most people will jump on Google
1575.7 -> and find one blog post that tells you how to do MX.
1578.49 -> But as you can see,
1579.323 -> that's only actually one step of the process.
1581.92 -> And so if you're interested
1582.97 -> in having this done professionally,
1584.52 -> so you know there is guaranteed no issues,
1587.62 -> and it's gonna be done correctly the first time.
1589.41 -> And there's absolutely no risk of you losing any email
1592.07 -> or having legitimate emails going to people's spam.
1594.35 -> Once you trash your sender reputation with an email,
1596.97 -> it unfortunately doesn't come back
1598.42 -> so you've gotta be really careful with that.
1599.94 -> If that's of interest to you,
1601 -> then please get in touch with our team by the links below.
1604.72 -> And we'll be certainly very happy to help you out,
1607.31 -> making sure that it's properly implemented
1608.98 -> for all your business.
1609.98 -> Now, if you are a G-Suite user,
1612.18 -> and you've not yet joined our G-Suite community,
1614.19 -> then there will be a link below this video
1616.21 -> where you can get access to free guide support
1618.49 -> and videos like this, before they're released to the public.
1621.46 -> And if you are interested
1622.4 -> in engaging with other business owners all over the world
1625.18 -> who are using G-Suite,
1626.24 -> then that group here is a great place to get started.
1629.89 -> And of course,
1630.723 -> if you're not yet a customer of IT Genius,
1632.71 -> you can get access to some pretty cool perks
1635.36 -> just by transferring your G-Suite billing into us.
1637.64 -> So if that's something that you're interested in
1639.5 -> there is details below there as well.
1641.44 -> If you're not yet a customer
1642.58 -> I'd love to welcome you into the family,
1644.87 -> working with us has great benefits
1646.95 -> and we support small businesses all over the world.
1650.05 -> I will see you in the next video guys,
1651.74 -> thanks so much for tuning in.
1652.83 -> If this was useful, I would love to know if we can improve,
1655.52 -> then please let us know as well.
1656.89 -> And until next time, I'll see you guys soon.
1659.15 -> Take care.
1660.454 -> (air whooshing)

Source: https://www.youtube.com/watch?v=jJqzWTY7FWk