Trustifi admin portal
Step 1 – Verifying the plan and user type
Navigate to the “My Plan” page and verify that your plan type is “PRO” and your access level is “Admin“.
Note: If you don’t have a “Pro” plan, or you do not have admin-level access, please contact support@trustificorp.com
Step 2 – Navigating “Domains”
On the left-side navigation panel, click on “Outbound Management” and then open the “Plan Settings” page. Then, click on the “Domains” tab at the top.
.png)
Adding new domain
This is a quick overview of the domain verification process. To view the full guide click here – https://docs.trustifi.com/docs/general
Step 3 – Adding a new domain
Now, we will need to add the domain(s) that will be used to send emails. Continue by clicking on the “Add Domain” button.
Step 4 – Verifying the domain
After adding the domain, you will have to copy and import the records to your DNS provider (e.g. DNS Made Easy, GoDaddy). To view the DNS records, click on “Actions” and then “Show DNS records“.
In the pop-up window, the required DNS records will be arranged by “Identity” (TXT record), “DKIM” (CNAME records), and “MAIL FROM” (TXT and MX records).
Pro-tip: You can click on each record (name and value) to easily copy them to your clipboard.
.png)
Note: You can also click on “Download records CSV” from the “Actions” menu to save these records as a CSV file.
Step 5 – Checking if the domain is verified
Make sure all the required records have been added correctly. Typically, DNS records take only a couple of minutes to propagate and finish updating, however in some cases, this process can take up to 24 hours.
Once the DNS records have been added and updated, refresh the Trustifi web portal and check the “Domains” tab again. If all records have been added correctly, the “Status” column should now show as “Can send” and the “DKIM” and “MAIL FROM” columns should now say “Verified“.
.png)
Step 6 – Enabling the outbound email relay
In this part, you will need to enable the outbound Email Relay and copy the “Email Relay key” which is the secret key that will be used to authenticate the transport flow of your emails.
Open the “Plan Settings” page under “Outbound Management”, and you should be on the “Email Flow Integration” tab. Click on the toggle next to “Enable Relay” to enable the integration.
.png)
After the integration is enabled, your secret key will be generated. You can click on the “copy” button to copy the Email Relay secret key for later use.
.png)
Google Admin Center
Step 7 – Navigating to the Google Admin Center – Mail flow
Navigate to the “Google Admin Center” via the following link –https://admin.google.com/. After you have logged in, input “hosts” in the search bar and select the first option.
Adding host route
Step 8 – Adding a new route
Click on “ADD ROUTE” under “Hosts“.
Step 9 – Creating the host
Follow the steps below to configure the host:
Name your host
Select “Single host“
In the “Host name” field enter “smtp.trustifi.com” (without the quotes) with port 25
Check these boxes:
Require mail to be transmitted via a secure (TLS) connection
Require CA signed certificate
Validate certificate hostname
Click “Save“
Step 10 – Validate the host
Make sure your host’s address and port are correct.
Step 11 – Navigating to “Settings for Gmail”
In the navigation bar at the top of the screen, click on “Settings for Gmail“.
Step 12 – Navigating to “Compliance”
Scroll down to the bottom of the page and click on “Compliance“.
Step 13 – Adding a new rule
Now we will need to configure a set of rules to guide mail flow to our new host. In the “Compliance” page, scroll down to the “Content Compliance” section and click on “Add another rule“.
Step 14 – Configuring the rule
Name your compliance rule, and check the “Outbound” and “Internal–Sending” boxes.
Step 15 – Configuring the IP routing condition
Note: If you are not using Trustifi for inbound routing/protection as well, the next 2 steps are not necessary. In section 2, select “If ALL of the following match the message” and click “Add“.
Step 16 – Configuring the IP routing condition
This condition is made to skip emails that have already been sent by Trustifi’s inbound IPs, which can result in email loops. Set the following configurations:
Select “Advanced content match“
Under “Location“, select “Full headers“
Under “Match type“, select “Not matches regex“
Add this regex (without the quote marks) –
“^Received[:].+(3[.]93[.]139[.]220|3[.]93[.]243[.]176|3[.]251[.]32[.]127|54[.]195[.]145[.]1|52[.]89[.]220[.]23|52[.]37[.]228[.]167|52[.]54[.]159[.]237|52[.]73[.]143[.]252)”Click “Save“
.png)
Step 17 – Adding a custom header
Scroll down to section number 3, make sure the “Modify message” is selected, and check the “Add custom headers” checkbox. Click on “Add” to add the headers (see next step).
Step 18 – Adding the custom header
In the “Header key” field, enter the value “trustifi-creds” (without the quotes).Note: the full header value is “x-trustifi-creds“. However, since Google adds the initial “X” by default, it’s important to only add the value “trustifi-creds” here to avoid a malformed header. In the “Header value” field, enter the value copied over from step 6. Once both values have been entered, click on “Save“.
Step 19 – Verifying the custom header
Make sure the custom header key and value were added correctly before continuing.
Step 20 – Setting the route
Now we will have to set the route for this routing rule for our new host. Check the “Change route” box, click on “Normal routing” and select the host you’ve created by it’s name.
Step 21 – Bypassing spam and displaying more options
Under the “Spam” section, check the box for “Bypass spam filter for this message“. Then, click the “Show options” button to display advanced routing options.
Step 22 – Selecting account types to affect
Under “Account types to affect“, make sure both “Users” and “Groups” are selected.
Step 23 – Deployment for a limited scope
If you wish to deploy the email relay in a limited scope (instead of having all users affected), view our guide for Limited Scope Deployment and follow the steps there.
Step 24 – Saving the changes
Once all the correct route changes have been made, click on “SAVE” at the bottom-right corner.
