How To Verify Your Organization's Email

If you own an organization, be it a startup or fully blown company and you often send emails to your users, promotional, newsletters, notifications or whatever it is, you would agree with me that one thing that can happen to your users is a possible phishing attack, especially if your organization does something related to finance. i.e. a fintech organization.

While phishing is a cyber security incident that is largely dependent on the individual, organizations and email service providers have been constantly working to help protect their users from such.

For organizations, the use of consistent branding and warnings is often used as seen in the image below:

The image above is a promotional mail from Zenith Bank, but the branding is consistent. Always ending with platforms to contact them on.

Sometimes, they will end the mail with a warning that they’d never call you asking for any of your PIN or passwords. This is a way they protect their users from phishing.

On the email service provider’s end, they utilize mail scanning to ensure that suspicious mails are flagged down and sent to spam among others, of which we would review the most recent one in this article.

The image above is also from Zenith Bank, here, they sent me a copy of my monthly bank statement, and the arrow indicates that the file was scanned by Gmail, but since it is a confidential bank document, it was password protected, hence, Gmail could not scan it all and they had to warn me to be careful.

This goes to show how meticulous they try to help protect Gmail users from phishing.

But in spite of all of these, people are still getting phished.

Like I wrote earlier, phishing attacks rely mostly on the user rather than whatever protection they have.

All of these could be in place, but if the user doesn’t pay attention to all of these, they can still fall prey to phishing.

This is where the most recent Gmail protection update comes into the picture–the verification.

Recently, mail by google or better put Google Mail, shortened as Gmail introduced a way for organizations to verify that they own their domain and email address. This will inadvertently allow users to ascertain the legitimacy of any mail they received.

If you are an organization administrator, you can verify your organization’s domain in Google Workspace. There are two verification means; the email verification and the domain verification.

In this article, I will be focusing on domain verification as it is the most ideal, allowing your organization to have that verified check mark next to your email address when sending emails through Gmail.

Now, let's move to the nitty-gritty of getting your domain verified.

Setting Up Google Workspace

Before we jump into the verification process, you'll need to have a Google Workspace account. If you're already set up, feel free to skip to the next section. If not, here's a quick rundown:

1. Head over to the Google Workspace website.

2. Click on "Get Started" and follow the prompts to set up your account.

3. You'll need to provide some basic info about your business, like your business address, name, phone number, opening and closing hours.

4. Choose a domain (or use one you already own), and select a plan that fits your needs.

5. Once you've got that sorted, you're ready to move on to the verification process.

Verifying Your Domain

Alright, so you've got your Google Workspace account set up. Now let's get that domain verified:

1. Sign in to the Google Admin console. If you're not sure how to get there, just go to admin.google.com and log in with your Google Workspace account.

2. Once you're in, look for "Domains" in the left sidebar and give it a click.

3. You should see your domain listed here. Click on it, and you'll spot a section that says "Verify domain ownership". Click on "Verify" to get the ball rolling.

4. Google's going to present you with a few verification methods. The most common (and usually the easiest) is adding a TXT record to your domain's DNS settings so I will be going with that.

5. Google will give you a unique TXT record. It'll look something like this:

google-site-verification=s0m3bNDKSM83HNjjd9Z

Copy this – you'll need it soon.

6. Now, you'll need to log in to your domain registrar's website. That's wherever you bought your domain from – could be GoDaddy, Namecheap, or any other provider.

7. Look for something like "DNS settings" or "DNS management". Every registrar's interface is a bit different, but you're basically looking for a place where you can add new records to your domain.

8. Find the option to add a new TXT record. Paste in that verification code you copied from Google.

9. Save your changes and pat yourself on the back – you're almost there!

Now, here's where patience comes in handy. DNS changes can take a while to be fully activated – anywhere from a few minutes to 48 hours. So don't worry if it doesn't work right away.

10. Head back to the Google Admin console and click that "Verify" button.

If all goes well, you should see a green check mark and a "Verified" status. Congratulations! You've just verified your domain with Google Workspace.

Concluding Notes

Remember, while this is a great step towards protecting your organization and your recipients from phishing attempts, it's not a magic bullet. It's still important to educate your team and your

recipients about best practices for email security.

And there you have it! You're now part of the verified domain club. Your emails will stand out in the inbox, and you've taken a solid step towards boosting your organization's email security and credibility. Not too shabby for a day's work, right?