I recently had to configure a domain in Google Workspace to process mail with Gmail. To authenticate messages and avoid SPAM filters I had to configure DKIM by generating a key and then creating a DNS record to store said key. The DNS record is of type TXT. The value of a TXT record has to be enclosed in double quotation if there are spaces in the text string.

The DNS record provider I am using is Cloudflare. The problem I ran into is how Cloudflare handles 1024- and 2048-bit key lengths. When enclosing a 1024-bit key in quotes and then querying the DNS record, the quotes are not present. But, when enclosing a 2048-bit key in quotes and then querying the DNS record, the quotes are escaped. Thus, the value of the TXT record is incorrect in the second case. With the incorrect value, Google Workspace will not activate email authentication.

The solution to getting Google Workspace to activate message authentication, if you are using Cloudflare, is to remove the double quotes around the text value of the TXT record when using a 2048-bit key.