Setup EMP Cloud with Google Workspace (Gsuite) service for both Inbound and Outbound mail flow.
This article explains how to configure Google Workspace (Gsuite) to use EMP Cloud Email Security (SES) as your mail gateway.
What Is Google Workspace?
Google Workspace (also known as Gsuite) is a cloud-based solution from Google which offers email, messaging, security, archiving and other capabilities delivered from Google’s worldwide network of cloud data centers.
For more information please see: https://workspace.google.com
Before You Start
Before continuing with the provisioning and configuration of the EMP Cloud service, it is recommended that you have the information listed below.
INFORMATION NEEDED FOR CONFIGURING EMP Cloud
INFORMATION NEEDED FOR CONFIGURING G SUITE
Setup Inbound Mail Flow
EMP Cloud is deployed between the customer’s Google Workspace environment and the Internet. Inbound mail is routed to EMP Cloud by changing the customer’s MX records. After email is processed by EMP Cloud it is routed to Google Workspace.
Configure EMP Cloud
LOCATE YOUR MX RECORD FOR THE DOMAIN IN G SUITE
These values will be necessary when you add your domains to EMP Cloud.
ADDING DOMAIN(S) TO EMP Cloud
You can verify your domain at this stage or you can verify at a later time. However, the domain must be verified before it can be enabled.
The delivery and failover destinations refers to the points to values captured in the previous section.
Configure Google Workspace
CONFIGURE INBOUND MAIL GATEWAY
Skipping Inbound Mail Gateway Configuration
Skipping this step has been verified to cause bounce errors if the original sender side has a valid SPF or DMARC configuration in place. Please ensure to set this in order to ensure mail delivery.
Check Automatically detect external IP.
When this setting is enabled, Gmail scans the message header to locate the first occurrence of an IP address that is not listed in the Gateway IPs. This is referred to as the “external IP.” Gmail considers the “external IP” as the sending IP and uses this IP for SPF checks and spam evaluation.
UPDATE SAFETY SETTINGS
G Suite’s safety settings allow organizations to enable or disable policies related to viewing and accessing email. If you have enabled some or all of these settings you may experience some delivery issues. Please review the following steps to ensure your settings are supported.
No changes to Attachments Settings or Links and External Images are required. You can leave these settings as they are.
DMARC Errors
Not disabling this feature has also been known to cause bounce back errors indicating a DMARC issue. Please ensure you disable this as instructed.
The error message would be: Unauthenticated email is not accepted due to domain’s DMARC policy
Setup Inbound And Outbound Mail Flow
EMP Cloud is deployed between the customer’s Google Workspace environment and the Internet. Outbound mail is routed to EMP Cloud/Proofpoint by configuring an outbound mail gateway. This will route all outbound mail to EMP Cloud.
ENABLE OUTBOUND RELAYING
ADD SERVICE IP ADDRESSES TO YOUR INBOUND GATEWAY
CONFIGURE OUTBOUND MAIL GATEWAY
Please Note: When configured as per the instructions above, internal to internal email stays within Google Workspace and is NOT scanned for Spam by EMP Cloud.
UPDATE SENDER POLICY FRAMEWORK (SPF)
When sending outbound email through the EMP Cloud gateway, recipients receive mail sent from EMP Cloud rather than G Suite mail servers. If the recipient’s mail service attempts to verify that the message came from your domain, it must confirm that the gateway server is an authorized mail server for your domain.
To enable this, you need to add the SPF record to your domain.