略

CNAME记录，TXT记录，MX记录，SPF，DKIM和DMARC
还有NS记录，A记录等。

参考链接https://support.google.com/a/answer/140034

检查MX
工具URL为https://toolbox.googleapps.com/apps/checkmx/

点击报警会给出解决方法

You need to make a change to your MX records and you want the change to be implemented as soon as possible. What approach can you take?

1. Change your MX records in the admin console and reduce the Time to Live (TTL) value to one hour. Once the change has been implemented revert the TTL value to 24 hours
2. Make the change in your DNS console and reduce the Time to Live (TTL) value to 1 hour. Once the change has been implemented revert the TTL value to 24 hours
3. Change your MX records in the admin console and reduce the Time to Live (TTL) value to one hour
4. Make the change in your DNS console and reduce the Time to Live (TTL) value to 1 hour

Which type of DNS record determines where mail destined for your domain is routed?

1. MX Record
2. TXT Record
3. NS Record
4. CNAME Record

In general, from where would you manage your domain's DNS records?

1. All of the options here
2. In your local DNS files
3. In your domain registrar console
4. In the Google Workspace admin console

What are common uses for a DNS TXT record when using Google Workspace? (Choose 2)

1. Customise a Google service address
2. Control inbound mail to your domain
3. Domain verification
4. Email security records

3招，SPF，DKIM和DMARC
SPF: verify the domain you own
DKIM: prevent email spoofing on outbound message by adding an encrypted header
DMARC: tell email servers how to handle messages that fail SPF/DKIM checks

SPF，通过添加TXT记录到DNS中
Xserver中已经有一条记录了，现在在后面追加

include:_spf.google.com ~all

记录生效需要24小时左右
参考链接：https://support.google.com/a/answer/33786#zippy=%2Cspf-%E8%AE%B0%E5%BD%95%E7%A4%BA%E4%BE%8B

生成后长这个样子

生成的记录在Xserver的DNS DKIM记录中已经有了，一模一样。
参考链接：
https://support.google.com/a/answer/174124

这条TXT记录告诉收件邮箱服务器，如果判定Fail，如何操作，这里是通知管理员。

What is the main purpose of a Sender Policy Framework (SPF) record?

1. It specifies which servers/domains can send messages on your behalf
2. It can be used to verify that message content is authentic and has not changed
3. It defines the action to take on suspicious incoming messages

You have been asked to implement DomainKeys Identified Mail (DKIM) for your organization. How would you do this?

1. Enable DKIM from Apps > Google Workspace > Gmail > Authenticate email
2. Enable DKIM directly in your DNS records
3. Generate a key from your DNS records and add it to the Google Workspace admin console. Then Enable DKIM from Apps > Google Workspace > Gmail > Authenticate email
4. Generate a DKIM record from Apps > Google Workspace > Gmail > Authenticate email. Add the record to your DNS records and then start authentication from the admin console

What policy defines what to do if an incoming message is not authenticated?

1. SPF
2. DKIM
3. All of the options here
4. DMARC

DKIM adds an encrypted signature to the header of all outgoing messages. What happens if you don't turn on email signing with your own domain DKIM key?

1. Gmail signs all outgoing messages with a temporary key generated for your domain
2. Gmail signs all outgoing messages with this default DKIM domain key d=*.gappssmtp.com
3. Gmail signs all outgoing messages with a key generated using the From address in the message
4. Messages are sent as normal with no additional headers