Well, if you are frustrated by all that horrible spam and your current email provider isn’t doing the job, maybe it’s time to use Gmail. The main problem is that we want to use our vanity domain, so how is it to
- Logon to Gsuite with one account.
- You need to setup the right CNAME record and the right MX Records
- Then use the Admin Console with Customized URL to ghs.googlehosted.com
- Because you don’t want to pay $5/month for each user, you can forward vanity accounts to existing (and free gmail accounts).
The most confusing thing is how to support all of this without having to buy a $5/month mailbox for everyone. That makes sense for a company but not a vanity domain. Here are some solutions for routing messages. Note that right now GSuite seems to hang under Safari, so use Chrome:
- Split delivery. This is the right enterprise way to do this, first set up a route to the old mail server `AppsG SuiteGmailAdvanced settings > Hosts >Add Host`. Make sure you use TLS and port for security. Then go to
Apps > G Suite > Gmail > Advanced Routing > Inbound Routingand then Change default routing route so those addresses can go back to the legacy server assuming your old host mail. Then you get all the spam filtering but end-users don’t have to change anything!
- Rerouting mail doesn’t seem tow ork . You can also just reroute mail to another address by going to
Apps > G Suite > Gmail > Advanced Settings > Default Routing > Add Setting > Additional Deliveryand put in another email like a personal Gmail address. This requires that you set up a new route and then you can also set additional devliery
- For remapping in the local system. Then to Apps/G Suite /Settings for Gmail /Advanced settings/Recipient Address Map to fix things which seems to reroute messages, but it looks like it doesn’t work moving off server, so you can’t just point it at an arbitrary email address so only works internally.
- You can also do this at the individual user level with aliasing, so one account can respond to
- There is a strange issue where you can have an organizational account called firstname.lastname@example.org and a personal one called email@example.com. I actually had this problem when creating the Gsuite identity. So I had to create a fake admin name and then delete it once I could create the new identity.
- The only what that seems to work is to create a group and allow outside accounts to be part of the group. Like another gmail address. This works well in those cases where users are already using their vanity name (like firstname.lastname@example.org as their google authentication, because google won’t deliver is there is a name collision). Then you connect it to the outside account. This is a little clunky because you need this extra group, but it is nice because any end user can do it and you do not need admin privileges. In this case you can have lots of folks use free personal gmail accounts, but they get routed mail via the vanity domain. They can also set reply-as in the personal gmail so it looks like they are using the vanity domain.
Then there are some other tricks:
- One way to catch-all address to get all the mail. that isn’t already there. This is buried deep in the Gmail system, so you can see everything that is getting sent in case you missed anything (like mail to webmaster for instance).
- SPF and Setup DKIM to prevent spam, this digitally signs the outgoing message headers so that other servers can detect spam that is falsely written as coming from your servers. You just need to generate a DKIM record in Gmail > Advanced Settings > DKIM and add it as a TXT record in the DNS server. SPF tells other servers what mail servers can send for your domain. That is, sometimes the mail is both forged (fixed with DKIM) and comes from some other mail server (fixed by SPF). You can merge SPFs, so for instance you can use bluehost and Gsuite together using SPF syntax you basically concatenate it all.