Skip to content Skip to footer
Close

Captain’s Checklist: Secure Your Google Workspace – Gmail

The Cloud Captains’ Checklist series by Cloud Captains is designed to make the life of a Google Workspace administrator easier. We often notice that certain environments don’t meet certain standards. In this document, we discuss the options available in Gmail and the easy solutions. The following topics are covered:

  • Captain’s Checklist
    • Why This Checklist? Details the motivation behind creating the checklist, emphasizing the common security gaps found in many organisations’ Google Workspace environments.
  • Your Domain
    • Ownership: Discusses the importance of maintaining control over the domain’s DNS and the potential issues if the domain ownership is not properly managed.
    • Checking Records: Explains the different types of domain records (A, MX, TXT) and tools like Google Dig, Google Status Check, or MX-Toolbox to verify domain settings.
  • Email Security
    • SPF Record: Details the importance of adding a standard Google SPF record to the domain’s DNS to authorize Google Email servers to send emails from the domain.
    • DKIM Record: Describes the necessity of a DKIM record for email authentication, providing instructions on generating and implementing it in Google Workspace.
    • DMARC Record: Emphasizes adding a DMARC record to detect and prevent email abuse and spoofing, requiring a thorough setup and monitoring process.
    • MTA-STS: Introduces MTA-STS as a security measure ensuring secure email server connections, detailing the setup involving TXT records and web server policies.
  • Google Workspace
    • POP/IMAP: Advises on disabling outdated POP/IMAP protocols in favor of API connections for improved security, providing steps to report and disable these settings.
    • Forwarding: Warns against unauthorised email forwarding, recommending the creation of a separate OU for users with forwarding access and disabling it if unnecessary.
    • Advanced Phishing and Malware Protection: Suggests enabling all security features in Google Workspace to protect against spam, spoofing, and phishing attacks.
    • Enhanced Phishing and Malware Protection: Encourages the use of AI-based enhanced protection features to bolster security measures in Google Workspace.
  • Google Apps Script: DNS Checker
    • DNS Checker Tool: Introduces a Google Apps Script designed to verify SPF, DKIM, DMARC, and SOA records, offering a step-by-step setup guide to streamline domain security checks.

By filling out the form, you will receive a download link. If you have any comments or additions to the document, we would love to hear from you. Together, we can make a better online world 🙂

Tags:

Join the Journey

We’re excited help you on your Cloud journey for all your Google Workspace, Google Cloud Platform and Google Chrome needs including: questions, issue troubleshooting, licensing (discounts), Google Workspace Management, training and adoption, development of apps and support.

Schedule a free no-obligation introductory meeting to explore how we can successfully collaborate and support each other’s goals.

Flying your business through the Google Cloud

Patrick Online Booking Cloud Captains
Patrick Groenendijk
Founder / Captain
Languages 🇳🇱/🇬🇧
Book an appointment
Menu
Google Cloud Partner
Cloud Captains
Socials

Made with ❤️ by Cloud Captains © 2025. All rights reserved.