If you send from an @gmail.com address, you cannot set SPF, DKIM, or DMARC, and you do not need to: Google owns the gmail.com domain and already publishes and signs those records. People search for "gmail dkim" or "gmail spf" all the time, usually because a tool reported a failed check or because consumer Gmail is being mixed up with a domain on Google. The records you are picturing only exist for a domain that someone controls. So the useful question is not how to add them to Gmail, but which of three situations you are actually in.
Which case are you in?
Look at the address your mail is actually sent from — the From address your recipients see:
- It ends in
@gmail.com(likeyou@gmail.com) — that is case 1, consumer Gmail. Nothing to configure. - It is your own domain (like
you@yourcompany.com) and your mail runs on Google — that is case 2, Google Workspace. This is where SPF, DKIM, and DMARC apply. - It is another address you added under Settings → Accounts → "Send mail as" — that is case 3, a Send-as alias. What applies depends on how that mail leaves.
Case 1 — you send from an @gmail.com address
There is nothing to do, and nothing you can do. Google publishes SPF for gmail.com and signs every outgoing gmail.com message with DKIM, so your mail already authenticates. You cannot add or override those records, because you do not own the domain — Google does. Anyone who tells you to "add an SPF record for your Gmail" is confusing a consumer @gmail.com account with a custom domain on Google. If a checker shows records for gmail.com, it is reporting Google's own configuration, not a gap you need to fill. For what SPF, DKIM, and DMARC actually do, see email authentication explained.
Case 2 — you send from your own domain on Google (Google Workspace)
This is the case where email authentication genuinely applies, and it is the Google Workspace setup. Your mailboxes run on Google, but your mail goes out under your own domain (for example you@yourcompany.com), so you are the domain owner and you publish the records. That means one SPF TXT record naming Google as a sender, a DKIM key you generate in the Admin console and publish in your DNS, and a DMARC policy — all on your own domain, never on gmail.com. The exact record values and the Admin console steps are on the Google Workspace email authentication guide.
Case 3 — you use Gmail's "Send mail as"
Gmail lets you send from another address — a separate mailbox or an alias — set up under Settings → Accounts. What authenticates that mail depends on how you configured the SMTP path:
- If you set "Send mail as" to send through your own domain's SMTP server, the message leaves that server, so your domain's SPF and DKIM apply. You set them up at the mailbox provider that runs that SMTP server, exactly as you would for any custom domain.
- If Gmail sends the message through Google's servers on your behalf, the sending path is Google's. Alignment follows the domain that actually sent the mail, so you generally cannot make your custom domain's SPF and DKIM align on that path.
If your alias is on a custom domain, set authentication up at whichever provider sends that domain's mail. For a domain on Microsoft, that is the Microsoft 365 setup; for a domain on Google, it is the Google Workspace setup.
Check what is actually published
You do not have to guess what any domain publishes. Run a lookup from the Relaymetry home page to read the live SPF, DKIM, and DMARC for a domain at once, or check one record at a time with the SPF checker and the DMARC checker. Point a lookup at gmail.com and you will see Google's own records; point it at your own domain and you will see what you have published so far. To set records up for a different mailbox host, start from the email authentication setup hub.