After I moved some of my email infrastructure to Google, I decided to add one more optional, but important step and create custom SPF record for that domain. Sender Policy Framework (SPF) allows domain owners to specify which Internet hosts are allowed to send e-mail claiming to originate from that domain by creating a specific DNS TXT record. Google's help page recommends the following:
v=spf1 include:aspmx.googlemail.com ~all
However, a lot of people found that it doesn't work all the time, and alternatively suggest the following:
v=spf1 a mx include:aspmx.googlemail.com include:_spf.google.com ~all
Since I'm still planning to send some of my emails from PHP scripts on my site I also included my web host's domain:
v=spf1 a mx include:aspmx.googlemail.com include:_spf.google.com include:bluehost.com ~all
This should make any spoofed messages, that claim to come from my domain, appear like the fakes that they are. Unless, of course, they were sent from Bluehost's or Google's servers. Umm... well that should reduce the amount by at least a little bit.
