Configuration

  • 4 minute(s) read
Prev Next

Navigate to the “My Plan” page and verify that your plan type is “PRO” and your access level is “Admin“.

Note: If you don’t have a “Pro” plan, or you do not have admin-level access, please contact support@trustificorp.com

On the left-side navigation panel, click on “Outbound Management” and then open the “Plan Settings” page. Then, click on the “Domains” tab at the top.

This is a quick overview of the domain verification process. To view the full guide click here – https://docs.trustifi.com/docs/general

Now, we will need to add the domain(s) that will be used to send emails. Continue by clicking on the “Add Domain” button.

 

After adding the domain, you will have to copy and import the records to your DNS provider (e.g. DNS Made Easy, GoDaddy). To view the DNS records, click on “Actions” and then “Show DNS records“.

In the pop-up window, the required DNS records will be arranged by “Identity” (TXT record), “DKIM” (CNAME records), and “MAIL FROM” (TXT and MX records).

Pro-tip: You can click on each record (name and value) to easily copy them to your clipboard.

 

Note: You can also click on “Download records CSV” from the “Actions” menu to save these records as a CSV file.

Make sure all the required records have been added correctly. Typically, DNS records take only a couple of minutes to propagate and finish updating, however in some cases, this process can take up to 24 hours.

Once the DNS records have been added and updated, refresh the Trustifi web portal and check the “Domains” tab again. If all records have been added correctly, the “Status” column should now show as “Can send” and the “DKIM” and “MAIL FROM” columns should now say “Verified“.

In this part, you will need to enable the outbound Email Relay and copy the “Email Relay key” which is the secret key that will be used to authenticate the transport flow of your emails.

Open the “Plan Settings” page under “Outbound Management”, and you should be on the “Email Flow Integration” tab. Click on the toggle next to “Enable Relay” to enable the integration.

After the integration is enabled, your secret key will be generated. You can click on the “copy” button to copy the Email Relay secret key for later use.

Navigate to the “Google Admin Center” via the following link –https://admin.google.com/. After you have logged in, input “hosts” in the search bar and select the first option.

Click on “ADD ROUTE” under “Hosts“.

Follow the steps below to configure the host:

  1. Name your host

  2. Select “Single host

  3. In the “Host name” field enter “smtp.trustifi.com” (without the quotes) with port 25

  4. Check these boxes:

    • Require mail to be transmitted via a secure (TLS) connection

    • Require CA signed certificate

    • Validate certificate hostname

  5. Click “Save

Make sure your host’s address and port are correct.

In the navigation bar at the top of the screen, click on “Settings for Gmail“.

Scroll down to the bottom of the page and click on “Compliance“.

Now we will need to configure a set of rules to guide mail flow to our new host. In the “Compliance” page, scroll down to the “Content Compliance” section and click on “Add another rule“.

Adding a new compliance rule

Name your compliance rule, and check the “Outbound” and “Internal–Sending” boxes.

Naming the rule and selecting routing

Note: If you are not using Trustifi for inbound routing/protection as well, the next 2 steps are not necessary. In section 2, select “If ALL of the following match the message” and click “Add“.Creating a rule condition

This condition is made to skip emails that have already been sent by Trustifi’s inbound IPs, which can result in email loops. Set the following configurations:

  • Select “Advanced content match

  • Under “Location“, select “Full headers

  • Under “Match type“, select “Not matches regex

  • Add this regex (without the quote marks) –

    “^Received[:].+(3[.]93[.]139[.]220|3[.]93[.]243[.]176|3[.]221[.]25[.]19|34[.]192[.]117[.]166|44[.]209[.]231[.]3|35[.]172[.]145[.]174|52[.]54[.]159[.]237|52[.]73[.]143[.]252|3[.]251[.]32[.]127|54[.]195[.]145[.]1|3[.]227[.]182[.]193|54[.]161[.]96[.]109|52[.]89[.]220[.]23|52[.]37[.]228[.]167)”

  • Click “Save

Scroll down to section number 3, make sure the “Modify message” is selected, and check the “Add custom headers” checkbox. Click on “Add” to add the headers (see next step).

 

In the “Header key” field, enter the value “trustifi-creds” (without the quotes).Note: the full header value is “x-trustifi-creds“. However, since Google adds the initial “X” by default, it’s important to only add the value “trustifi-creds” here to avoid a malformed header. In the “Header value” field, enter the value copied over from step 6. Once both values have been entered, click on “Save“.

 

Make sure the custom header key and value were added correctly before continuing.

 

Now we will have to set the route for this routing rule for our new host. Check the “Change route” box, click on “Normal routing” and select the host you’ve created by it’s name.

Under the “Spam” section, check the box for “Bypass spam filter for this message“. Then, click the “Show options” button to display advanced routing options.

Under “Account types to affect“, make sure both “Users” and “Groups” are selected.

If you wish to deploy the email relay in a limited scope (instead of having all users affected), view our guide for Limited Scope Deployment and follow the steps there.

Once all the correct route changes have been made, click on “SAVE” at the bottom-right corner.