The a host record containing the name "gappssmtp.com" is a default domain key for emails sent through Google's SMTP server. DKIM authentication record will sometimes show gappssmtp. For example, you received an email from name@example.com, the DKIM record will show example-com.20220623.gappssmtp.com.


To check the DKIM authentication record for a suspicious email you will want to review the message headers. The process differs based on the email client you use. You'll want to review the section “signed by” to determine if the email was sent from a secure server. If it says “gmail” then the DKIM record will include gappssmtp; therefore the email was likely sent from an authorized server with a default authentication key.


However every rule does have some exceptions. Not all Google emails will be authenticated the same way. Emails sent with calendar, drive, box do not have a customer identified or configured DKIM, just the Google default record. Those signatures, including gappssmtp, are assigned automatically and simply verify the validity of the email you received. These emails may DKIM alignment.