If your organization uses Google's G Suite for your email hosting, you can easily add our Fast&Secure encryption service by changing the advanced Gmail settings on your account. First, you will set up a Fast&Secure 'mail route', then set up rules to route all outbound mail to our service. You should also route any inbound encrypted emails through our service, and we will decrypt and route them back to G Suite for you.
Add Fast&Secure Mail Route for Your Domain
Sign in to your Google Admin console.
From the Admin console Home page, go to AppsG SuiteGmailAdvanced settings. Tip: To see Advanced settings, scroll to the bottom of the Gmail page.
- Click Add Route.
- Enter a route name 'Globalcerts'
- Specify any email servers for the route. Select Single host and enter the host name 'gc.fastandsecure.net', and port number 25.
Select the following options you want to require:
Require TLS delivery—Encrypt messages between sending mail servers and receiving mail servers using Secure Sockets Layer/Transport Layer Security (SSL/TLS).
Require CA signed certificate—Require the certificate for the mail route.
At the bottom, click Save.
- It can take up to an hour for changes to propagate through the system. You can track changes in the Admin console audit log.
Setting Up Mail Outbound Mail Routing
Scroll to the Routing setting. In the Routing section, point to the setting, and click Configure.
- Enter a unique name that'll help you identify the setting. (ex. 'Outbound Encryption')
Apply the setting to: Outbound
If you would like to restrict service to only certain senders, you can check the "Only affect specific envelope senders box" and enter the sender or a group you previously defined.
Specify what happens to the message: Choose "Modify Message":
- Select Change route.
- Select the 'Globalcerts' server you defined earlier from the list.
- Scroll down and click Save.
Click Add setting. Any new settings are added to the Gmail Advanced settings page.
At the bottom, make sure to click Save.
Setting up Inbound Routing (Optional)
You will want to set up inbound routing so that GlobalCerts can de-crypt any encrypted message you receive from other GlobalCerts customers, or organizations using your S/MIME certificates. Here, we will set up a route and a routing rule to relay any inbound mail with an encrypted attachment (smime.p7m) to our service for decryption. You can set this up similar to the outbound setting above:
- From the Admin console Home page, go to AppsG SuiteGmailAdvanced settings.
Tip: To see Advanced settings, scroll to the bottom of the Gmail page.
- Scroll to the Attachment compliance setting in the Compliance section, hover over the setting, and click Configure. If the setting is already configured, hover over the setting and click Edit or Add another.
- In the pop-up, give the setting a name like 'Inbound SMIME'
- check the 'Inbound' checkbox.
- In step (2), define the custom attachment types: 'p7m, p7s' (these are for S/MIME signed or encrypted emails)
- In step (3), select 'Modify message' and check 'Change route' checkbox and select the 'Globalcerts' route you created earlier.
- Save the setting by clicking 'ADD SETTING'
Make sure to click 'Save' at the bottom right once done with all setting modifications!
Settings can take up to 1 hour to take effect.
White-listing Our Service on G Suite (Optional)
If you have configured inbound routing through Fast&Secure and you're experiencing sporadic delivery issues on inbound mail or rate-limiting, it may be because the inbound emails sent through our service are marked as suspicious or spam by Google. This is because Google is trying to perform spam and virus checks on the emails like SPF checks, but it is seeing our servers as the original sender of the email. To ensure that emails received from our service make it through, you can let Google know that we are acting as an inbound gateway for your domain(s):
- Under the G Suite -> Gmail -> Advanced Settings, go to the 'General Settings' Tab.
- Go down to 'Spam' Section, and go to 'Inbound gateway' and click the 'Configure' button on the right.
- Give a name like 'Globalcerts' and then add the IP addresses: 22.214.171.124, 126.96.36.199, and click the checkbox to enforce TLS.
- Save the setting by clicking 'ADD SETTING'
For more information on using inbound gateways like Fast&Secure with G Suite:
As always, if you require assistance or troubleshooting please feel free to contact GlobalCerts Support at firstname.lastname@example.org