5

Since "Google Apps" / "Google Apps for business" / "G-Suite" / "Google Workspaces" free tier is being discontinued, I need a solution to migrate my ~30 extended family to a sustainable solution.

I'm looking at the option of having them each piggy-back off a personal @gmail.com address they should each create, forwarding the email, and adding the address using "Send mail as" in gmail, using Google's gmail SMTP server and an app-specific password: enter image description here

I'm using CloudFlare for DNS, and I've activated the CloudFlare Email routing (beta) feature, and I've set the MX records to the various .mx.cloudflare.net servers. I also added the CloudFlare SPF TXT record: v=spf1 include:_spf.mx.cloudflare.net ~all.

Now, it all seems to be working, except what is happening is sent emails seem to often end up in junk/spam. I guess this is possibly something to do with SPF/DKIM/DMARC but this is way outside my domain of knowledge.

I've modified the SPF header from v=spf1 include:_spf.mx.cloudflare.net ~all to v=spf1 include:_spf.mx.cloudflare.net include:_spf.google.com ~all as I saw suggested elsewhere, but that doesn't seem to have solved the problem.

Is it possible to add DKIM and/or DMARC records, and if so, how? My (limited) understanding is that Google would need to give me a key (probably unique to my account) to add, which validates that not only is it Google/gmail that's sending the mail, but specifically me and not some other random gmail user.

Moreover, how would this work with the other users? I need all users to be able to reliably be able to send/receive emails and not have them end up in spam/junk.

If this were like SSH, I would generate a key pair, put the public key on the DNS and each user would add the same private key somewhere in their "Send As" on their gmail settings.

I guess this is probably unrelated to emails getting into spam/junk but I added the _dmarc TXT record: v=DMARC1; p=none; rua=mailto:{{me@gmail.com}}; ruf=mailto:{{me@gmail.com}}; sp=none; fo=1; ri=86400.

Ozzah
  • 159
  • 2
  • There is a very good chance this solution will forever be in and out of spam folders. The better solution is a hosted mail solution. Some spam conditions can only be cleared by reviewing the transactions with the MTA in the mail logs. – Paul Feb 02 '22 at 12:27
  • 1
    Did you already found a way to use DKIM for your custom domain? I have the same configuration in gmail where I use "Send mail as" to use my custom domain, and use Google Domains email forwarding to receive mails. – Bart Bergmans Mar 26 '22 at 21:03
  • No, I just paid for a POP/SMTP server for my non-gmail address. I still use the "Send mail as" feature. Since it's going through the 3rd party SMTP server, it's possible to use DKIM. – Ozzah Mar 27 '22 at 22:31

2 Answers2

0

I haven't done this myself yet, but I assume I'll have to do something similar.

This question was linked from https://www.reddit.com/r/gsuite/comments/s9n7b9/gsuite_email_host_alternatives_with_prices/, I'm surprised no-one from there has responded here.

It looks to me like you should be able to avoid your DKIM issues by configuring Gmail to use a custom SMTP server, and there are free SMTP hosts for personal amounts of email (e.g. <30 per day). A popular one seems to be https://www.sendinblue.com/.

A downside of that appears to be that they will add a forwarding tracking domain to links in any outgoing email. This may or may not bother you. But I believe it should solve the spam problem.

Curious to hear if anyone else knows of free SMTP hosts who don't add the tracking domain.

Robin Winslow
  • 209
  • 1
  • 3
  • 11
0

Sometime i would advise to try is a test email thing like this one : https://tools.redsift.com/sift/investigate

there you can see how your email is evaluated and if theres a problem it will flag it.

they also has an extensive knowledge base article on cloudflare and how to set it up correctly:

https://knowledge.ondmarc.redsift.com/en/articles/2699998-what-is-a-dmarc-record-and-how-do-i-create-it-in-dns-using-cloudflare

ricknroll
  • 11
  • 1
  • As it’s currently written, your answer is unclear. Please [edit] to add additional details that will help others understand how this addresses the question asked. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community May 18 '22 at 14:36