Search
Clear search
Close search
Google apps
Main menu

Outbound mail gateways and email authentication

If you use an outbound mail gateway and authenticate outbound email using Sender Policy Framework (SPF) records or domain key signing (DKIM), you may need to update your configuration.

Sender Policy Framework (SPF) records

When you use an outbound mail gateway, recipients receive mail sent from the gateway server rather than directly from the Google Apps mail servers. If the recipient's mail system wants to verify that the message really came from your domain (and not from a spammer), it needs to confirm that the gateway server is an authorized mail server for your domain.

To enable this, you need to add the outbound mail gateway server to the SPF record for your domain. The SPF record for your domain needs to include both the Google Apps mail servers and the outbound mail gateway server.

Domain key signing (DKIM)

If you sign outgoing messages with DKIM, everything is fine as long as the outbound gateway forwards your messages without modifying them. If the gateway server modifies the message, such as when Postini adds a compliance footer, the change invalidates the DKIM signature. You need to prevent the gateway server from modifying messages or turn off DKIM authentication.

Was this article helpful?
Sign in to your account

Get account-specific help by signing in with your Apps for Work account email address, or learn how to get started with Apps for Work.