Routing Internal Emails in Google Workspace
Failure to complete this step will mean internally sent emails are very likely to be quarantined as impersonation by Mesh. Internal emails should remain within the tenancy in Google, they should not pass through Mesh Gateway.
Create Mail Route
Go to https://admin.google.com
Go to Apps -> Google Workspace -> Gmail.
Scroll down to "Hosts". Click "Add Route"
Give the new route a name such as "Internal Emails Route".
Under "Specify email server", choose "Single Host", and enter "aspmx.l.google.com". Port 25. (If preferable, more hosts can entered using the “alt” options from here: https://support.google.com/a/answer/174125?hl=en).
Important: Uncheck "Perform MX lookup".
Ensure the following boxes are checked:
a. Require mail to be transmitted via a secure (TLS) connection (Recommended).
b. Require CA signed certificate (Recommended).
c. Validate certificate hostname (Recommended).Click Save.
Apply Routing Rule
Go to Apps -> Google Workspace -> Gmail.
Scroll down to the section labelled “Routing”.
Click “Configure” or “Add Another Rule”.
Give the new route a name like "Internal Emails Route Rule".
Select the checkbox "Internal - Sending".
In section 2, select "Modify message" from dropdown. Choose the checkbox "Change Route" and select the host you set up earlier.
Scroll to the bottom and click "Show options".
Ensure the following boxes are checked:
a. Users
b. GroupsUnder Section C, select "Only affect specific envelope senders", choose "Pattern Match" from, and enter in your domain/customer domain in the Regexp field in the format "example.com".
Click Save.
Disable SPF/DKIM checks
SPF and DKIM checks are performed by Mesh. Validating a second time after passing through our servers can cause emails to be falsely marked as spam within Gmail.
Go to Apps -> Google Workspace -> Gmail.
Go to "Safety" section.
Select "Spoofing and Authentication".
Uncheck "Protect against any authenticated emails" and "Apply future recommended settings automatically".
Click Save.
You’re all set!