Google Workspace as MX Record

In this tutorial, you will learn how to configure Google Workspace with Email Security as MX record.

Requirements

Provisioned Email Security account.
Access to the Google administrator console (Google administrator console ↗ > Apps > Google Workspace > Gmail).
Access to the domain nameserver hosting the MX records for the domains that will be processed by Email Security.

Set up Inbound Email Configuration ↗ with the following details:

In Gateway IPs, select the Add link, and add the IPs mentioned in Egress IPs.
Select Automatically detect external IP (recommended).
Select Require TLS for connections from the email gateways listed above.
Select SAVE.

To access the newly created quarantine, select GO TO ADMIN QUARANTINE or access the quarantine directly by pointing your browser to https://email-quarantine.google.com/adminreview ↗.

Go to Compliance, and create a content compliance filter ↗ to send malicious messages to quarantine. Enter the following details:

Content compliance: Add Quarantine Email Security Malicious.
Email messages to affect: Select Inbound.
Add expressions that describe the content you want to search for in each message:
- Select Add to add the condition.
- In Simple content match, select Advanced content match.
- In Location, select Full headers.
- In Match type, select Contains text.
- In Content, enter X-EmailSecurity-Disposition: MALICIOUS.
- Select SAVE to save the condition.
If the above expression match, do the following, select Quarantine message and the Email Security Malicious quarantine that was created in the previous step.
- Select SAVE.

If you would like to quarantine the other dispositions, repeat the above steps and use the following strings for the other dispositions:

If desired, you can create a separate quarantine for each of the dispositions.

Now that you have completed the prerequisite steps, you can set up MX/Inline on the Cloudflare dashboard.