To set your outbound Google Workspace e-mail to go through Heimdal™ Email Security and be scanned, you will need to set up a connector and a mail rule to redirect all outbound emails to Heimdal™ Email Security.
IMPORTANT
Your SPF, DMARC, or DKIM records must be set up on your DNS before creating the Host. To do so, edit your SPF Records to include the Email Security SPF Records:
- include:spf-esec.heimdalsecurity.com (for customers stored in the Europe region);
- include:spf-esec-us.heimdalsecurity.com (for customers stored in the United States region);
- include:spf-esec-uk.heimdalsecurity.com (for customers stored in the United Kingdom region).
Example:v=spf1 include:spf.protection.outlook.com include:spf-esec.heimdalsecurity.com -all
Make sure you don't remove any 3rd Party SPF Records that are already set up on your SPF Records. After adding the Email Security SPF Records, do an SPF Record Lookup to make sure the SPF Records are validating correctly (you can use mxtoolbox.com or any other online tool to check).
1. Adding a Google Workspace Host for outbound delivery through the Email Security gateway/smarthost
2. Creating a route to deliver the outbound email through the Email Security gateway/smarthost
ADDING A GOOGLE WORKSPACE HOST FOR OUTBOUND DELIVERY THROUGH THE EMAIL SECURITY gateway/smarthost
To add the Heimdal™ Email Security gateways to the Google Workspace hosts' section, follow the steps below:
1. Log on to the Google Workspace Administration Console.
2. Navigate to Apps -> Google Workspace -> Gmail.
3. Select Hosts.
4. Click Add Route.
5. Complete the following fields:
-
Name - Specify an appropriate name (e.g. Email Security US Outbound host).
- Specify email server - Use the dropdown to select between Single host and Multiple hosts and enter the host or IP address for your region:
- eu-esec-outbound.heimdalsecurity.com with ports 25, 587 (for customers stored in the Europe region);
- us-esec-outbound.heimdalsecurity.com with ports 25, 587 (for customers stored in the United States region);
- uk-esec-outbound.heimdalsecurity.com with ports 25, 587 (for customers stored in the United Kingdom region);
- Options - tick the Require mail to be transmitted via a secure (TLS) connection, Require CA signed certificate and Validate certificate hostname, and Test TLS connection to be sure that it validates;
6. Click Save. After saving, the Hosts section should display your added host (similar to what's displayed in the snippet below).
CREATING A ROUTE TO DELIVER THE OUTBOUND EMAIL THROUGH THE EMAIL SECURITY gateway/smarthost
To configure the Gmail routing rules, follow the steps below:
1. Navigate to Apps -> Google Workspace -> Gmail -> Routing.
2. Click Configure -> Add Another Rule next to the Routing section.
3. Enter a name for the route (e.g. Route outbound emails through Email Security US Outbound host).
4. Configure the Route as below:
- Email messages to affect - Select Outbound;
- For the above types of messages, do the following - Use the dropdown to select Modify Message, select the Route -> Change Route, and use the route dropdown to select the host you have previously configured. Also, choose Spam -> Bypass spam filter for this message.
6. Click Save. After saving, the Routing section should display your added host (similar to what's displayed in the snippet below).
Once this routing rule is saved, it becomes active and mail flow will be sent to our outbound gateway/smarthost, and the mail will be routed outbound through Email Security successfully. You can verify this by sending test messages outbound to external domains and confirming if they appear in the HEIMDAL Dashboard.