The following article will provide a guideline on how to setup Proofpoint Essentials for G Suite. Please read it carefully.


Our Support team are available to help you:

  • You can book a deployment call with them here
  • Support contact details can be found here.


Before You Start

Before continuing with the provisioning and configuration of the Proofpoint Essentials service, it is recommended that you have the information listed below.

INFORMATION NEEDED FOR CONFIGURING PROOFPOINT ESSENTIALS

  • MX record(s) for domain(s) you are configuring

INFORMATION NEEDED FOR CONFIGURING G SUITE


Stage 1 - Validate Your Domain(s) to Use Proofpoint


When adding a new domain to Proofpoint, you must verify the domain with the text record and enable the domain. If these steps are not followed, Proofpoint will reject any email sent to the domain 


IMPORTANT: Once the domain has been verified and enabled, you MUST wait 30 to 45 minutes before the domain is available for routing inbound and outbound.


Configure a TXT Verification\Enable:


1.  Log into the Proofpoint website US or EU


2. If you are a reseller, locate the company in question under Customer Management then Customers.


3. Once the company has been selected, click Account Management then Domains then select the Edit pencil icon on far right of the domain name.



4. Once in the Edit Domains menu, ensure that the Domain Purpose is set to Relay and the proper Delivery Destination host name is defined.




5- Click on the Verification Method drop down list and select Verify by TXT record and copy the TXT record provided and click button Verify Now.



6- Ignore the Failed Verification message that appears.



7- Add the TXT record that you just copied in your DNS space for the domain you wish to verify and enable.


8- Depending on provider or TTL, you may need to wait 3600 seconds before proceeding to step 9.


9- Once added to your DNS space, go back to ProofPoint Essentials and click 


Account Management then Domains then select the Edit pencil.



10- Click the Verify Now button below and a message will display that the domain has been verified.



11- You will return to the domains list and you can now toggle the switch to enable the domain off to on.


IMPORTANT: Once the domain has been verified and enabled, you MUST wait 30-45 minutes before the domain is available for routing inbound and outbound.

Setup Inbound Mail Flow

Proofpoint Essentials is deployed between the customer’s G Suite environment and the Internet. Inbound mail is routed to Proofpoint Essentials by changing the customer’s MX records. After email is processed by Proofpoint Essentials it is routed to G Suite.


Stage 2 - Configure Proofpoint Essentials

Locate your MX record for the domain in G Suite

  1. Sign-In to the Google Admin console.
  2. From the dashboard go to Apps > G Suite > Gmail > Advanced Settings.

While on the General Settings tab, scroll down to Setup > MX records and make note of all the “Points to” values (you can also enter MX records in the search field). 

These values will be necessary when you add your domains to Proofpoint Essentials.



Stage 3 - Configure Inbound Mail Gateway


  1. Sign-In to the Google Admin console.
  2. From the dashboard go to Apps > G Suite > Gmail > Advanced Settings
  3. While on the General Settings tab, scroll down to the Spam > Inbound Gateway (you can also enter Inbound Gateway in the search field).




4. Hover the cursor to the right of Inbound gateway. To create a new inbound gateway setting, click Configure.

5. Under Gateway IPs, ener the port 25 IP addresses. The IP address to use are either US1 or EU1. 


6. Check Automatically detect external IP.

When this setting is enabled, Gmail scans the message header to locate the first occurrence of an IP address that is not listed in the Gateway IPs. This is referred to as the “external IP.” Gmail considers the “external IP” as the sending IP and uses this IP for SPF checks and spam evaluation.


  1. Check Require TLS for connection from the email gateways listed above.
  2. Click Add Setting.

Stage 4 - Update Safety Settings (OPTIONAL)

G Suite's safety settings allow organizations to enable or disable policies related to viewing and accessing email. If you have enabled some or all of these settings you may experience some delivery issues. Please review the following steps to ensure your settings are supported.

  1. While signed into the Google Admin console, go to Apps > G Suite > Gmail.
  2. Click Safety to expand options.
No changes to Attachments settings or Links and external images are required. You can leave these settings as they are.
  1. If you have Spoofing and authenticationsettings enabled (either all or customized) consider the following setting:
    • Protect against any unauthenticated emails
      • Proofpoint Essentials has already scanned incoming emails for SPF and/or DKIM issues. Emails with issues are scored accordingly and quarantined if they exceed your spam threshold.
      • This setting can be disabled. If it is enabled it may cause unexpected delivery issues for incoming email.


Stage 5 - Setup Outbound Mail Flow

Proofpoint Essentials is deployed between the customer’s G Suite environment and the Internet. Outbound mail is routed to Proofpoint Essentials by configuring an outbound mail gateway. This will route all outbound mail to Proofpoint Essentials.


Stage 5.1 - CONFIGURE PROOFPOINT ESSENTIALS

Enable Outbound Relaying

  1. Sign-in to the Proofpoint Essentials user interface.
  2. Click the Features tab.
  3. Check Enable Outbound Relaying.



  1. Click Save.

Add Service IP addresses to your Inbound Gateway

  1. While logged into the Proofpoint Essentials user interface, click the Domains tab.
  2. Click Managed Hosted Services.


Choose Google Apps.




Click Save.


Stage 5.2 - Configure Outbound Relaying on G-SUITE

Configure Outbound Mail Gateway

  1. Sign-In to the Google Admin console.
  2. From the dashboard go to Apps > G Suite > Gmail > Advanced Settings.( same as Above)
  3. While on the General Settings tab, scroll down to the Routing > Outbound Gateway (you can also enter Outbound Gateway in the search field).



In the Outbound Gateway text field, enter the Proofpoint Essentials Smart host value.

Click Save.



Stage 5.3 - Update Sender Policy Framework (SPF)

When sending outbound email through the Proofpoint Essentials gateway, recipients receive mail sent from Proofpoint Essentials rather than G Suite mail servers. If the recipient's mail service attempts to verify that the message came from your domain, it must confirm that the gateway server is an authorized mail server for your domain.

To enable this, you need to add the Proofpoint Essentials SPF record to your domain.

Stage 5.4 - Anti-Spoofing Policy on 

If you are routing outbound email through Proofpoint we need to implement a rule to avoid any Spoofing Domain False Positive.