Email Relay - Google G-Suite
  2. Home
  4. Docs
  6. Email Relay – Google G-Suite
  8. Configuration

Configuration

Trustifi admin portal
Step 1 – Verifying the plan and user type

Navigate to the “My Plan” page and verify that your plan type is “PRO” and your access level is “Admin“.

 

Note: If you don’t have a “Pro” plan, or you do not have admin-level access, please contact support@trustificorp.com

 

Step 2 – Navigating “Domains”

On the left-side navigation panel, click on “Outbound Management” and then open the “Plan Settings” page. Then, click on the “Domains” tab at the top.

 

Adding new domain

This is a quick overview of the domain verification process. To view the full guide click here – https://trustifi.com/docs/general/domain-verification/

 

Step 3 – Adding a new domain

Now, we will need to add the domain(s) that will be used to send emails. Continue by clicking on the “Add Domain” button.

 

Step 4 – Verifying the domain

After adding the domain, you will have to copy and import the records to your DNS provider (e.g. DNS Made Easy, GoDaddy). To view the DNS records, click on “Actions” and then “Show DNS records“.

In the pop-up window, the required DNS records will be arranged by “Identity” (TXT record), “DKIM” (CNAME records) and “MAIL FROM” (TXT and MX records).

Pro-tip: You can click on each of the records (name and value) to easily copy them to your clipboard.

 

Showing your domain's DNS records

Note: You can also click on “Download records CSV” from the “Actions” menu to save these records as a CSV file.

 

Step 5 – Checking if the domain is verified

Make sure all the required records have been added correctly. Typically, DNS records take only a couple of minutes to propagate and finish updating, however in some cases this process can take up to 24 hours.

Once the DNS records have been added and updated, refresh to the Trustifi web portal and check the “Domains” tab again. If all records have been added correctly, the “Status” column should now show as “Can send” and the “DKIM” and “MAIL FROM” columns should now say “Verified“.

 

Domain verified and ready to use
 

Step 6 – Enabling the outbound email relay

In this part, you will need to enable the outbound Email Relay, and copy the “Email Relay key” which is the secret key that will be used to authenticate the transport flow of your emails.

Open the “Plan Settings” page under “Outbound Management”, and you should be on the “Email Relay Integration” tab. Click on the toggle next to “Enable Relay” to enable the integration.

 

After the integration was enabled, your secret key will be generated. You can click on the “copy” button to copy the Email Relay secret key for later use.

 

Google Admin Center

Step 7 – Navigating to the Google Admin Center – Mail flow

Navigate to the “Google Admin Center” via the following link – https://admin.google.com/ After you have logged in, input “hosts” in the search bar and select the first option. Navigating to "Hosts"

Adding host route
Step 8 – Adding a new route

Click on “ADD ROUTE” under “Hosts“. Adding a new route

Step 9 – Creating the host

Follow the steps below to configure the host:

  1. Name your host
  2. Select “Single host
  3. In the “Host name” field enter “smtp.trustifi.com” (without the quotes) with port 25
  4. Check these boxes:
    • Require mail to be transmitted via a secure (TLS) connection
    • Require CA signed certificate
    • Validate certificate hostname
  5. Click “Save

Creating the host

Step 10 – Validate the host

Make sure your host’s address and port are correct. Validating the newly created host

Step 11 – Navigating to “Settings for Gmail”

In the navigation bar at the top of the screen, click on “Settings for Gmail“. Navigating to "Settings for Gmail"

Step 12 – Navigating to “Compliance”

Scroll down to the bottom of the page and click on “Compliance“. Navigating to "Compliance"

Step 13 – Adding a new rule

Now we will need to configure a set of rules to guide mail flow to our new host. In the “Compliance” page, scroll down to the “Content Compliance” section and click on “Add another rule“.

Adding a new compliance ruleStep 14 – Configuring the rule

Name your compliance rule, and check the “Outbound” and “Internal – sending” boxes.

Naming the rule and selecting routing

Step 15 – Configuring the IP routing condition

Note: If you are not using Trustifi for inbound routing/protection as well, next 2 steps are not necessary. In section 2, select “If ALL of the following match the message” and click “Add“. Creating a rule condition

Step 16 – Configuring the IP routing condition

This condition is made to skip emails that have already been sent by Trustifi’s inbound IPs, which can result in email loops. Set the following configurations:

  • Select “Advanced content match
  • Under “Location“, select “Full headers
  • Under “Match type“, select “Not matches regex
  • Add this regex (without the quote marks) – “^Received[:].+(3[.]93[.](?:139|243)[.](?:176|220))”
  • Click “SaveConfiguring the route condition
Step 17 – Adding a custom header

Scroll down to section number 3, make sure “Modify message” is selected, and check the “Add custom headers” checkbox. Click on “Add” to add the headers (see next step).

Selecting addition of custom header

Step 18 – Adding the custom header

In the “Header key” field, enter the value “trustifi-creds” (without the quotes). Note: the full header value is “x-trustifi-creds“. However, since Google add the initial “X” by default, it’s important to only add the value “trustifi-creds” here to avoid a malformed header. In the “Header value” field, enter the value copied over from step 6. Once both values have been entered, click on “Save“.

Adding the custom header

Step 19 – Verifying the custom header

Make sure the custom header key and value were added correctly before continuing.

Verifying the custom header

Step 20 – Setting the route

Now we will have to set the route for this routing rule for our new host. Check the “Change route” box, click on “Normal routing” and select the host you’ve created by it’s name.

Changing the routing

Step 21 – Bypassing spam and displaying more options

Under the “Spam” section, check the box for “Bypass spam filter for this message“. Then, click the “Show options” button to display advanced routing options.

Bypassing spam and showing more optionsStep 22 – Selecting account types to affect

Under “Account types to affect“, make sure both “Users” and “Groups” are selected.

Verifying account types to affect

Step 23 – Deployment for a limited scope

If you wish to deploy the email relay in a limited scope (instead of having all users affected), view our guide for Limited Scope Deployment and follow the steps there.

Step 24 – Saving the changes

Once all the correct route changes have been made, click on “SAVE” at the bottom-right corner. Saving the rule changes

How can we help?