

Properly configure Google Apps' Gmail and get rid of "via" - StavrosK
http://www.stavros.io/posts/how-properly-configure-google-apps-email/

======
joshfraser
This is tangental, but while we're talking about SPF...

I've noticed lately that it's getting trickier for businesses to stay within
the 10 DNS lookups per SPF record limit. For example, Google's official SPF
record is _spf.google.com which in turn includes _netblocks.google.com,
_netblocks2.google.com and _netblocks3.google.com. That's 4 DNS lookups. Use
Salesforce? They include Google's SPF record in theirs. Use Zendesk? Their
previously published SPF records are support.zendesk.com and smtp.zendesk.com.
Both those record include mail.zendesk.com which includes _spf.zdsys.com which
includes _netblocks.zdsys.com. The number of includes/DNS lookups is a growing
problem as these businesses continue adding more IPs.

If you're allowing several external services to send email on your behalf, you
might want to double check your SPF record to see how many DNS requests you're
making.

------
qwerta
Properly configure your email and get rid of 'GMail' :-)

------
swamp40
I got rid of the 'via' just using a free Gmail account.

(Google Apps used to have a nice wizard that walked you thru it, but they have
recently stopped giving away Apps for free.)

My website was registered thru Godaddy for $3.17 (I had a coupon) and is
hosted on an Amazon EC2 micro instance (free for a year), so the cost is hard
to beat.

I could share the details if anyone was interested.

The settings on all three (Godaddy, Gmail, Amazon) have to be tweaked.

------
aktau
Anyone have an idea for how to do this with regular gmail? I have a domain
that I manage via outlook.com (it's free and Google Apps isn't anymore), and I
managed to fabricate my own SPF record that authorizes both gmail and outlook
senders, but I'm a bit stumped for the DKIM. Do I need to "generate" it from
gmail or outlook, or both? And if so, where? Can't find the option anywhere.
Maybe it's something exclusive for Google Apps?

~~~
StavrosK
The sending server (Gmail) needs to DKIM-sign your email, and plain Gmail
doesn't have the capability to do that.

------
belthasar
If you use Mandrill to send your emails you'll want to do this too.

[http://help.mandrill.com/entries/21751322-What-are-SPF-
and-D...](http://help.mandrill.com/entries/21751322-What-are-SPF-and-DKIM-and-
do-I-need-to-set-them-up-)

~~~
StavrosK
You pretty much have to set the SPF field regardless of where you host your
email. I don't know if Mandrill signs DKIM and give you a key to add.

~~~
dangrossman
> I don't know if Mandrill signs DKIM and give you a key to add.

They do.

------
figurify
one of the most annoying things in history kinda sorta relieved

~~~
StavrosK
Ugh, I know, it bugged me for ages as well. Setting those two headers resolved
it, and now I no longer need to maintain my own server.

------
CoreyH144
503 Over Quota. Does anyone have a link to a cache of this?

~~~
JimWestergren
[http://webcache.googleusercontent.com/search?q=cache%3Ahttp%...](http://webcache.googleusercontent.com/search?q=cache%3Ahttp%3A//www.stavros.io/posts/how-
properly-configure-google-apps-email/&safe=active&as_qdr=all)

~~~
StavrosK
Works again, thanks.

------
famousactress
Is there any evidence the "via" affects SPAM flagging?

~~~
StavrosK
It's not the "via" that affects it, it's not having DKIM and SPF. Those
definitely do affect it.

------
kevingadd
I started using gmail to send through my personal domain and had been kind of
perplexed by this myself. Nice to know it's possible to fix it (even if it's
really convoluted just how many steps you have to take to configure everything
correctly). You have to send through SMTP instead of through Gmail's servers
(Though oddly enough, the SMTP server _belongs to Google_...), set up SPF and
DKIM manually, etc etc.

EDIT: Just found this, great way to create SPF DNS strings:

[http://www.microsoft.com/mscorp/safety/content/technologies/...](http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/)

It actually explains all the syntax and lets you edit it easily. Much less
confusing than trying to figure out what the hell the elements of the SPF
string do by yourself and then waiting hours to see how verifiers parse it.

~~~
StavrosK
You _don 't_ have to send through alternate SMTP servers (even if they're
Google's). Let me know if that's unclear in the post and I'll edit it.

~~~
kevingadd
No, you actually do according to some other sources I looked up. If you don't
set up your gmail to use alternate SMTP, the headers end up slightly different
and your actual gmail account shows up in the headers.

By switching it to send via SMTP and then plugging in the SMTP details for my
apps account, the gmail account was replaced in the headers by the apps
account.

~~~
StavrosK
I don't know, I tested both ways myself and the headers were the same both
times. To clarify, my account is an _apps_ account, there's no plain-gmail
account in my setup. I only have one account, the other domain is just an
alias to it (so my SMTP settings of the account just pointed to itself).

~~~
kevingadd
OK, that is the confusing thing. I thought you were making your personal gmail
account send through your apps account (since it owns the domain). I guess it
was unclear because when you said 'Gmail' I thought you meant gmail.com gmail,
not apps mail.

~~~
StavrosK
Hmm yeah, it is confusing. I will clarify, thanks.

