avatarTeri Radichel

Summary

The website content discusses Google Workspace email routing, focusing on creating catch-all email addresses and re-routing mail to specific addresses, with a particular emphasis on troubleshooting and configuring these settings to avoid issues like missed password reset emails and spam misclassification.

Abstract

The article delves into the intricacies of setting up a catch-all email address within Google Workspace, which is crucial for capturing emails sent to non-existent addresses within a domain. The author shares personal experiences and challenges encountered while transferring emails between workspaces and configuring email routing. The post highlights the importance of understanding Google's email routing options, the use of regular expressions (regex) for email matching, and the potential pitfalls of misconfigured settings, such as incorrect spam flagging and the non-delivery of important emails. The author also addresses a bug encountered in Google Domains related to email forwarding configuration and provides insights into the correct setup of email routing and DNS records to ensure proper email delivery.

Opinions

  • The author emphasizes the need for careful configuration of catch-all email addresses to prevent password reset emails from being misclassified as spam.
  • There is a concern about the potential loss of important emails due to incorrect email routing settings, which can lead to significant issues like account closure notices from services like Stripe.
  • The author questions the reliability of Google's email routing documentation and finds certain instructions, such as changing the recipient, to be unclear or unhelpful.
  • The author points out a possible bug in Google Domains where it attempts to add workspace records even when a workspace is already associated with the domain.
  • There is a preference for not using DNS records for email forwarding and a recommendation to use Google Workspace's routing functionality instead.
  • The author suggests that the use of headers to flag spam may not always be effective, as emails are not consistently directed to the spam folder as intended.
  • The article concludes with the author's personal resolution for email routing, which involves using regex to catch emails, prepending values to the subject line for unrecognized emails, and ensuring that the routing settings align with the desired email delivery outcomes.

Google Workspace Email Routing

Creating a catch-all email address or re-routing certain mail to certain addresses

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

⚙️ Check out my series on Automating Cybersecurity Metrics. The Code.

🔒 Related Stories: Google Security | Cloud Governance | DNS Security

💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

In the last post I had to stop for a minute and write about something I’m seeing a lot on Facebook. People are complaining a lot about fraudulent transactions in their bank accounts and I wrote about how to reduce the risk of that happening.

In this post, I’m going to write about Google mail routing. Here’s why. I was transferring some emails around between workspaces:

I was looking at how I set up a catch-all email address in one Google Workspace but there’s a message on that configuration saying it is going to be deprecated soon.

A catch-all email address is an email address where any emails sent to non-existent email addresses associated with your domain are sent, routed, or forwarded.

In another account I set up routing in another way to emulate a catch-all email address that kind of works but I think I found something wrong with it.

The methods for setting up a catch-all email address vary in different sources since there have been different ways to set up email addresses over time.

I found this post which appears to be the latest at this time.

Specifically I care about this option:

Requirements for catch-all email addresses

In my case, I have different domains and I would like the administrator for each domain to get any email sent to unrecognized email addresses, possibly other than spam. But the problem is that those password reset emails were going to spam. So to start I’ll just try to send it all to the domain admin.

For example, you might have:

[email protected]

If someone sends an email to the non-existing account:

[email protected]

then I want it to get rerouted to:

[email protected]

But I have a separate catch-all email address for each domain to an email address for that domain rather than a single email address for all non-existent email addresses for all domains.

Google Workspace Email Routing

We can re-route emails that come into Google Workspace using the routing functionality.

Here are the instructions from Google via the link above:

That article tells you to go here:

Apps > Google Workspace > Gmail > Routing

I went here:

Apps > Google Workspace > Settings for Gmail > Default routing

Somewhere along the way, I configured this routing. Or something or someone did. I don’t remember doing this. But here’s an example of how it is set up for this domain I had from an old business venture. Let’s walk through it.

First of all, I’m using regex to match the emails that I want to catch with this rule.

This regex catches everything for the bmetrix.com domain:

.*@bmetrix\.com$

I added some headers to indicate the mail is fishy or spam, which is actually something I probably don’t want if I’m trying to catch all my aliases. I’m going to remove that in my new rules.

In that prior configuration, I prepended SPAM: in front of the subject so it catches my eye that this is not normal mail. You can put whatever in the subject line for these emails.

I removed attachments for this particular domain because I don’t have any alternate emails and anything coming to a non-existent email is likely bogus. If you are using this to catch aliases you set up then you probably don’t want to check that.

Now this part about delivering to more recipients doesn’t look right. Google has settings for “do not deliver spam” and “suppress bounces”. But if I’m flagging the mail as spam then it won’t be delivered. I actually want to see it.

At the end here’s where I am only performing these actions on non-recognized addresses.

An Aha moment

Here’s where I realize what might have been causing my problems with Stripe and some other issues I had earlier. I don’t remember setting up these rules but I probably did.

So here’s what might have happened.

  • I used an alias to create an account somewhere.
  • I didn’t create the alias so it was a non-existent email.
  • The password reset email comes in and has a spam header added to it.
  • The spam header causes the email to not be delivered.
  • I never get the password reset email.

That doesn’t explain why Stripe was trying to close my account as fraudulent for no apparent reason. It does explain why I didn’t get the password reset emails.

The moral of the story is, make sure your routing for your emails works as expected and test it.

The other question is, why did the alias with the asterisk correctly send the mail at some times but not others? And now I can’t enter an asterisk at all. I think that complicated the problem.

Google Workspace and Forwarding Configuration in domains.google (SquareSpace)

So here’s another random problem that popped up as I was adding a dkim record for one of my domains that I had transferred over in Google Domains (now SquareSpace). In fact, those records all get added automagically when you check the DNSSEC box.

But as I was looking into that, I saw this message.

Well, I already have a workspace. But here it’s trying to add my workspace records for some reason. Is that a bug?

When I click the button I get an error (and I’m not sure I should have clicked that button in the first place or have been allowed to since there is already a workspace associated with that email.)

Did I set up this forwarding here? I think I can delete that forwarding record because I have routing set up. I also do not want email addresses in my DNS records. How did that get there? I would never have intentionally added that.

Looking back at the options in the Google Workspace admin panel I see that I followed the above instructions and set this up using Google Domains Email Forwarding. Did that just add a DNS record?? Not sure but check if you are using that option below.

Comparing the settings to the documentation

At this point I want to compare the settings in my prior workspace to the settings in the documentation.

Here’s the problem I have with the documentation. It’s all fine until you get to this box I outlined in red:

If you change the recipient, then you’ll get the mail at your normal email address. You don’t see the email address to which the mail was sent. That’s why I don’t use it.

In fact I don’t get half those instructions. So I skipped that and looked specifically at what the things on the screen mean.

What are those headers for that I checked to be added? I presume it indicates the messages are spam. Here’s what the documentation says.

However, in my case they are not always spam. Even with these headers on the mail is not always going to spam and sometimes it is when I don’t want it to. I’m going to flag these mails a different way. I unchecked that option.

Instead I checked this option I wrote about above. You can prepend whatever value you want to the subject line to indicate it is a non-existent email.

What does changing the route do?

Change the route — Change the message destination from the default Gmail server to a different mail server. Before you can change the route, you must add the server by following the steps in Add mail servers for Gmail email routing.

Hmm. I don’t have any other mail servers so I don’t want this option. Why were the earlier instructions trying to tell me to do this? I don’t want my mail routed through SquareSpace if that’s what it was trying to do. Also, by default there was a routing rule here to change the route for all emails that are not recognized.

Route to where? A black hole?

I unchecked the route box as noted above.

The only things I ended up setting were:

  • The regex to catch the email.
  • I prepend a value onto the subject so I know it’s something out of the ordinary.
  • I checked Add more recipients and added the email where I want non-existent emails to be delivered. After I add the emails it populates the recipients box as shown.

What I don’t know is where else that email goes besides the email I forward it to in this case? Anywhere?

Also, if having an issue figuring out what happens to emails there’s a lot for that as explained above and demonstrated in this video. That could be helpful.

I changed the routing for all my domains to forward emails appropriately. Similar to recent network routing posts, missing routes can send your messages on a route to nowhere and that can be confusing.

Follow for updates.

Teri Radichel | © 2nd Sight Lab 2024

About Teri Radichel:
~~~~~~~~~~~~~~~~~~~~
⭐️ Author: Cybersecurity Books
⭐️ Presentations: Presentations by Teri Radichel
⭐️ Recognition: SANS Award, AWS Security Hero, IANS Faculty
⭐️ Certifications: SANS ~ GSE 240
⭐️ Education: BA Business, Master of Software Engineering, Master of Infosec
⭐️ Company: Penetration Tests, Assessments, Phone Consulting ~ 2nd Sight Lab
Need Help With Cybersecurity, Cloud, or Application Security?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
🔒 Request a penetration test or security assessment
🔒 Schedule a consulting call
🔒 Cybersecurity Speaker for Presentation
Follow for more stories like this:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
❤️ Sign Up my Medium Email List
❤️ Twitter: @teriradichel
❤️ LinkedIn: https://www.linkedin.com/in/teriradichel
❤️ Mastodon: @teriradichel@infosec.exchange
❤️ Facebook: 2nd Sight Lab
❤️ YouTube: @2ndsightlab
Catch All
Email
Google
Workspace
Routing
Recommended from ReadMedium
avatarBernard Builds
AI Is Running My SEO Blog. Here’s the Growth So Far

Half a million impressions, thousands of clicks, and top of Google rankings

6 min read
avatarKevin Shan
How I Turned One Article Into 10 Article Ideas

These types of articles are fantastic for getting more ideas.

2 min read
avatarPawan Kumar
12 Proven Techniques to Send Cold Emails in 2024

Are you sending cold emails but receiving fewer openings?

5 min read
avatarEmin Aliyev
How I Made $1,000 Per Week by Building an On-Demand Gig Driver Hiring Micro SaaS in 3 Days Using…

In the ever-evolving gig economy, the demand for on-demand workers, particularly drivers, has skyrocketed. Recognizing this opportunity, I…

5 min read
avatarElvina Fan
We’ve added 77 countries to the Medium Partner Program

Plus a $10 minimum, details about your earnings included in your Partner Program dashboard, and expanding the Boost Nomination Program.

7 min read
avatarCarmellita
Why I’m Returning to Old-School Blogging

And yes, Google made me do it.

6 min read