To enforce a policy in Google Workspace that blocks emails when SPF and DKIM authentication fails, you need to set up advanced Gmail settings in the Google Admin console. Here's how you can do it:
Steps to Set Up the Policy
Access the Admin Console:
- Sign in to your Google Admin console at admin.google.com.
Navigate to Gmail Settings:
- From the Admin console home page, go to
- AppsGoogle WorkspaceSettings for GmailSafety
Navigate to Spoofing and authentication
Choose the relevant policys "Protect against inbound emails spoofing your domain" and Protect against any unauthenticated emails
GoDMARC also recommends seeing other policy under the same category Spoofing and authentication and enable them as per your requirement.