Best practice for DMARC, DKIM, and SPF when hosting DNS and web, but email is at gsuite


Well-Known Member
Nov 1, 2003
Northern Ontario, Canada
cPanel Access Level
Root Administrator
I'm getting more and more clients where the mail is being hosted on Google Apps or Outlook or Fastmail, etc, while I am hosting DNS and web. In these cases, what's the best practice for mail related records in DNS?

1) I've changed the SPF record to look something like this
v=spf1 ~all
2) I think I have to then get someone to login to the mail provider dashboard and generate the DKIM key, that I then use in the DNS zone on my server

3) Then wait 48 hours and add a DMARC record to the DNS zone, even just a fairly open policy

Does that seem sensible?