Edit: Updated with notes about revealing your main gmail address and deliverability, after this HN discussion
If you’ve got a basic Gmail account like [email protected]
(ie not a full Google Workspace account) and a custom domain that you want to send email from, using Gmail’s “Send mail as” functionality, and you want to use this domain with Cloudflare’s email routing then this guide is for you…
ytho?
First some background. Why would you want to do this? Typically, if you have a custom domain that you want to use for email, then you’d have to administer or have access to an email server for it. This email server will need to have DNS MX
records set up for it, and will also need a good sender reputation if your emails aren’t going to end up in spam.
Normally, to “Send mail as” in Gmail, you’d enter the custom domain’s email server SMTP details, and your email username and password. Then when you send emails from Gmail, Google contacts that mail server, and the emails go out from it, rather than from Gmail.
The advantage of this is that you can let the domain’s email server sign the emails with a DKIM signature, as well as having whatever email addresses you want on that custom domain. The downside, is that you need an email server, and inboxes for those custom addresses.
However, now that Cloudflare have made email routing available for domains where they are the authoritative nameserver (host your domain’s DNS records), you can use Gmail to send emails using your custom domain, and Cloudflare to route them, doing away with the need for a custom mailserver entirely.
How to use Gmail’s “Send mail as” with a custom domain and Cloudflare email routing
1. Configure Cloudflare
First you’ll need a domain configured to use Cloudflare, if not you’ll need to change the domain’s authoritative nameservers first. Then you can setup Cloudflare email routing.
You’ll be given some DNS records to set up by default, but you’ll want to alter these slightly.
1.1 Edit your SPF record
Your spf TXT
record will need to look like this:
v=spf1 a mx include:_spf.google.com include:_spf.mx.cloudflare.net ~all
– we’ve added a mx include:_spf.google.com
to indicate that google can send on our behalf, along with Cloudflare.
1.2 Edit your DMARC record
Change it so it looks like this:
v=DMARC1; p=none; rua=mailto:[email protected]; aspf=r;
– where example.com
is your custom domain. The email address in the rua
field can be anything at your custom domain; it’s where email providers will periodically send you aggregated reports about your domain’s email.
We’ve set the domain policy p
to none
(other options are quarantine
and reject
if sending mail fails to pass DMARC checks). The SPF alignment policy aspf
is set to relaxed r
.
Setting the above is critical to not getting your custom domain’s email bounced or rejected, especially as it won’t be DKIM signed by Gmail.
1.3 Create an Email Route
In your Cloudflare dashboard, click the Email option, then add a destination address – use your regular gmail address [email protected]
etc. You’ll need to click the email that’s sent to you to confirm this.
Once you’ve done that, you can add a custom email address e.g. [email protected]
and route it the gmail address you just confirmed.
2. Configure Gmail
Next we’ll do the Gmail configuration.
2.1 Create an app password
First you’ll need to create an email app password in your Google account. Go to https://myaccount.google.com/apppasswords and choose Email
from the “Select app” dropdown and Other
for the device.
Copy the password that’s generated for you.
2.2 Add the email address to Gmail’s “Send mail as” section
There are detailed instructions on adding a new email address, but it’s relatively easy. Go to your Gmail account settings and in the Send mail as: section, click the Add another email address option.
In the pop-up, enter your custom domain’s email address, untick the Treat as an alias option, click the Specify a different “reply-to” address link and add the same custom email address in there. Then click Next Step.
Overwrite the value for SMTP Server. Use smtp.gmail.com
, leave the Port option as is.
Username should be the name part of your regular gmail address, so if you’re [email protected]
then you’d enter your.name
. The Password is the email app password that you generated above. Click the Add Account button. You’ll be sent an email to the custom email address you entered. Click the link in this, and you’re good to go.
All done
You’ll be able to compose emails in Gmail and set the sender to your custom domain email address, and when people reply, Cloudflare will route these back to your regular gmail account, all without you needing a separate custom mail server.
Things to be aware of
Your primary gmail address is visible in the email headers
If you send email using the alias you’ve set up, your primary gmail address is shown in the email headers – you can’t mask your original gmail email.
Deliverability
As long as you’ve added the correct SPF DNS record, your deliverability should be fine. The email won’t be DKIM signed by Gmail, but it will pass SPF checks.
This HN comment suggests otherwise, but I actually tested deliverablity using mail-tester.com and got a score of 7.5/10. The email lost 0.5 because it was an alias coming from gmail (FREEMAIL_FORGED_FROMDOMAIN
& HEADER_FROM_DIFFERENT_DOMAINS
), 1 for not being DKIM signed (which is OK, as long as you have SPF set up correctly as above) and 1 because Gmail is in some email blackhole lists ¯_(ツ)_/¯
评论(0)