How to Use MailRoute with Google Apps for Inbound and Outbound Protection
Configure MailRoute for your Inbound Google Workspace Servers
We will need to know where to send your email.
See our article about entering your mail servers here > https://mailroute.zendesk.com/entries/23219453-Inbound-Mail-Servers.
The most common values for Google Workspace inbound servers are:
Mailserver | Priority |
ASPMX.L.GOOGLE.COM | 1 |
ALT1.ASPMX.L.GOOGLE.COM | 5 |
ALT2.ASPMX.L.GOOGLE.COM | 5 |
ALT3.ASPMX.L.GOOGLE.COM | 10 |
ALT4.ASPMX.L.GOOGLE.COM | 10 |
Configure Google Apps
There are three steps to configuring Google Workspace for MailRoute - configuring the inbound email routing, configuring outbound email routing, and setting your SPF records. Each has a number of steps, but they aren't as complicated as they look.
Step 1. Configure Inbound Email Routing
This configuration ensures that Google will accept email that has been routed through MailRoute, and will respect our spam filtering methodologies and not further subject the email to additional filtering that could cause false-positives.
A. Visit https://admin.google.com and login with your administrator password.
B. Select "Apps", and then Google Workspace, and then Gmail:
- Automatically detect external IP (recommended)
- Require TLS for connections from the email gateways listed above
- Message is considered spam if the following header regexp matches
- Disable Gmail spam evaluation on mail from this gatway, only use header value
- Choose "Greater than or equal to" from the popup menu, and set the value to "7"
K. Click Save
Step 2. Configuring Outbound Routing
Step 2A. First we need to set up a Google Workspace Host to handle Internal Email Routing
1. Visit https://admin.google.com and login with your administrator password.
2. Select "Apps", and then Google Workspace, and then Gmail:
- Require mail to be transmitted via a secure (TLS) connection (Recommended)
- Require CA signed certificate (Recommended)
- Validate certificate hostname (Recommended)
7. Click Save
Step 2B. Now we will set up Google Workspace to route outbound email through MailRoute
1. In the breadcrumbs at the top, select Settings for Gmail to navigate back to the other settings.
Now we want your internal mail to be delivered right to your users, not sent back out through MailRoute where it undergoes additional filtering.
5. Under Routing click Add another rule
6. Give the route a name like Workspace Internal Routing
7. Select the checkbox Internal - Sending
8. In section #2, Make sure the Modify message menu item is checked, and choose the checkbox Change Route and use the menu below that to chose the host you set up earlier Internal Google Workspace
9. Scroll way down to the bottom and click Show options
10. In Section B, choose the checkboxes
- Users
- Groups
11. In Section C choose the checkbox Only affect specific envelope senders, choose Pattern Match from the popup menu, and enter in your domain in the Regexp field:
12. Click Save
Step 2C. Update Safety Settings
G Suite/Workspace safety settings will, by default, check for SPF, DKIM, and DMARC errors. MailRoute already does this, and quarantines email that fails these tests. Leaving the Google tests in place can result in their blocking of legitimate email that MailRoute has already filtered. In addition, we have seen Google block email from their own IP addresses! We want to be sure everything you need gets through, so here's one last configuration step to take.
1. Visit https ://admin.google.com/ and login with your administrator password.
2. Select "Apps", and then Google Workspace, and then Gmail:
3. Scroll to and click the Safety configuration option section
4. Scroll to the section Spoofing and Authentication and click on it to adjust the settings
5. Turn off the options Protect against any authenticated emails and Apply future recommended settings automatically:
That's it for the configuration within Google Workspace! It is now configured to accept clean email relayed from MailRoute, to route outside email out through MailRoute, and to keep your internal email inside Google Workspace.
Step 3. Set up your SPF records for both MailRoute and Google Workspace.
Your SPF record MUST include both the entries for MailRoute and for Google Workspace, so it must include include:spf.mailroute.net and include:_spf.google.com
Your SPF record may look like this:
Start a free 30-day trial today.
Contact sales@mailroute.net or support@mailroute.net for more information.
Comments
0 comments
Please sign in to leave a comment.