Skip to main content
How to get Google Calendar Invites to Pass DMARC

How to get Google Calendar Invites to Pass DMARC

Technical Guidance

Even though Google has long supported DMARC, a handful of Google applications are still not capable of sending DMARC-compliant email using SPF.

If you’re a Google Suite customer using your own domain, email that originates from Google’s apps, like Docs, Sheets, Slides, Gmail API and Calendar will still use a domain that points back to Google, and not your own domain. This means domain alignment for SPF cannot be achieved. The misalignment becomes an issue if you are at a DMARC policy of p=quarantine or p=reject and DKIM is not properly in place. Your email will fail DMARC and your Google Calendar invites will be blocked.

To ensure your Google Calendar invites make it to the intended destination, configure DKIM signing using the following steps:

  • Access Google’s Gmail administration panel
  • Click Authenticate Email
  • Generate a new DKIM record
    • When creating the DKIM key, you will be prompted to choose the DKIM key bit strength. We recommend choosing a bit strength of 2048 as longer keys are more secure. However, not all domain DNS providers support this key size. Confirm with your domain DNS provider or administrator if they support this DKIM bit size.
    • You will also be prompted to choose a DKIM prefix selector. The default value is google, and we recommend you leave it as that value.
  • Copy the DKIM record value and publish it to your domain’s DNS provider

Note: If you have already configured DKIM signing for your Google Workspace account because you use Gmail, you do not need to configure DKIM separately for Google Calendar.

See Google’s article for more information on DKIM configuration and verification.

Screenshot of dmarcian platform showing DKIM signing

The screenshot above illustrates our DMARC Management Platform with DKIM signatures that have been configured by our Google Suite administrator. These DKIM signatures are properly attached and aligned so the email is compliant with DMARC.

We know that our customers really want to get to 100% DMARC compliance using both SPF and DKIM; however, that is not possible at this time based on how Google sends Calendar invites and email from other Google apps. DKIM is the only answer.

If you need any help figuring out how to get Google Calendar invitations and email from other Google applications pass DMARC, let us know.

If you need assistance with DMARC monitoring, deployment or compliance, register for a free, 30 day trial, and we’ll help you along the way.

Want to continue the conversation? Head over to the dmarcian Forum.