Articles in this section

See more

How to Integrate Votiro Cloud with Google Workspace

Ori Bargadda
  • Updated
Follow

Introduction

In this tutorial, you’ll learn how to integrate Votiro Cloudusing with Google Workspace (formerly G Suite).

Procedure

1. Sign in to the Google Admin console with your Google Workspace account.
2. In the left pane, navigate to Apps > Google Workspace > Gmail

3. On the Settings for Gmail page, scroll down and select Spam, phishing, and malware
4. Move the cursor over Inbound gateway and click the pencil button to edit the settings:

5. Enter the IP address provided by Votiro.
6. Verify that the following boxes are checked:
t Automatically detect external IP (recommended)
t Require TLS for connections from the email gateways listed above
7. Click SAVE.

Create a Host

8. Navigate back to Settings for Gmail and select Hosts.

9. Click Add route.
a. Type a name, for example: “Workspace to Votiro Cloud”.
b. Select Single host and type the host name provided by Votiro.
c. Check Require mail to be transmitted via secure (TLS) connection (Recommended).
d. Check Require CA signed Certificate (Recommended).
e. Check Validate certificate hostname (Recommended).
f. Click SAVE.

Configure content compliance rule for emails received from Votiro Cloud

10. Return to Settings for Gmail and select Compliance:

11. Under Content compliance, select CONFIGURE.

a. Specify a name, for example “Votiro Cloud to Workspace”
b. For Email messages to affect, check Inbound.
c. For Add expressions that describe the content you want to search for in each message, select If ANY of the following match the message and click ADD.

d. Select Metadata match, Attribute, Source IP and Match type.
e. Select Source IP is within the following range and enter the IP address provided by Votiro.
f. Click SAVE.

g. Add another expression, select Advanced content match, Location, Full headers, Match type, Contains text.
h. In Content, enter "X-MTConnectorResult".
i. Click SAVE.

j. For 3 - If the above expressions match, do the following: Under Route select Change route and make sure Normal routing is selected.
k. Under Encryption, check Require secure transport (TLS).
l. Click Show options.
i. Under Account types to affect, check the following boxes:
— Users
— Groups
— Unrecognized / Catch-all
ii. Click SAVE.

Configure Content compliance rule for emails sent to Votiro Cloud

12. By now, you should have one rule enabled for Content compliance. Click on ADD ANOTHER RULE for traffic sent from Google Workspace to Votiro.
a. Specify a name, for example “Workspace to Votiro Cloud".
b. Under Email messages to affect, check Inbound.
c. For Add expressions that describe the content you want to search for in each message, select If ALL of the following match the message and click ADD,
i. Select Metadata match, Attribute, Source IP and Match type.
ii. Select Source IP is not within the following range and enter the IP address provided by Votiro.
iii. Click SAVE.

d. For 3 - If the above expressions match, do the following: Under Route, select Change route and make sure “Workspace to Votiro Cloud” is selected.
e. Under Encryption, check Require secure transport (TLS).
f. Click Show options.
i. Under Account types to affect, check the following boxes:
— Users
— Groups
— Unrecognized / Catch-all
ii. Click SAVE

Note: It can take a while for the changes to be applied.

13. After the rules are successfully configured:
a. Send a test email.
b. Under Reporting > Email Log Search, see if the message was routed through Votiro’s Cloud instance.
c. Verify you’re able to see the sanitized email in Votiro’s dashboard.

How To Resolve Google's SPAM Email Alert On SaaS

When utilizing Votiro's relay servers for SMTP traffic, our customers may encounter emails flagged as suspicious and in the “spam” folder. This occurs because the SPF (Sender Policy Framework) check fails, as Votiro's servers are not the original source IP that generated the email.

In this case, Gmail examines the "Received: from" message headers to identify the first public IP address not in the Gateway IP list and treats this IP address as the source IP for the message. This IP address is used for SPF authentication and spam assessment.

We must ensure that Google can continue to scan for the source IP received from the header in the flow to authenticate the source IP and not the first public IP address in the mail flow, as this is not the sender's source IP.

To address this issue, Google requires you to configure Votiro's servers as an inbound mail gateway. The instructions to do this are outlined in the article Set up an inbound mail gateway. A summary of these instructions as applied to Votiro are as follows:

1. In the Google Admin console, navigate to Menu > Apps > Google Workspace > Gmail > Spam, Phishing and Malware.
2. Select your top-level organization on the left, scroll to the Inbound gateway setting, then click Edit. The Inbound gateway settings open on the page.
3. Click Add and enter the IP range: 209.85.128.0/17 in the Add IP address/range box. Verify this range, as it may differ depending on the customer's location (Hint: Check the IP in the email header).
4. At the bottom, ensure that the Automatically detect external IP—(Optional) box is checked.
5. At the bottom, click Save. Note that the changes may take time before going into effect.
6. Test the configuration again.

To summarize, by ensuring that the IP range is on the "Inbound" list, we allow Google to scan the first public IP address that is NOT on the list.

Here is an example of how it should look when an SPF check passes from “DocuSign”.

Related articles

Comments

0 comments

Please sign in to leave a comment.