Open in app

Sign in

Write

Sign in

Gmail UI with Compose button and Inbox with 6,763 unread.
Image courtesy https://www.wallpaperflare.com/.

Handling Email for Multiple Domains Using One G Suite Account

Daniel Malmer
The Startup
Published in
7 min readJun 12, 2020

--

This is the process I went through to configure my single G Suite account to handle email for half a dozen different domains.

I manage a number of domains. My primary domain is where I get most of my email. I use G Suite for that. I have several less frequently used domains that I also use to send and receive email, but I don’t use them frequently enough to pay for G Suite for each of them. Even if I had G Suite for each domain, it would be inconvenient to login to multiple accounts just to send and receive email.

Ultimately, I wanted to be able to login to one Gmail account, and to send and receive email from any of my domains in the same Inbox. Making this happen turns out to be fairly easy, but figuring it out on my own was a long, frustrating process. Hopefully, this will save someone that frustration.

One of the complications for me was that I use AWS for my DNS nameservers. I won’t go into details regarding the reasons, but it has to do with the different ways that AWS’s DNS and Google’s DNS handle example.com versus www.example.com.

I’ll first describe the necessary changes if you’re using Google’s DNS, and then will describe the additional changes required if you’re using AWS’s DNS.

One caveat here is that both Google and AWS are constantly changing. This process worked for me in June of 2020, but things are likely to change.

For the purposes of this document, I’ll refer to your primary email address that uses G Suite as me@primary.com, and your secondary email that doesn’t use G Suite as me@secondary.com.

The steps are:

  1. Receive mail addressed to secondary.com in primary.com’s Gmail Inbox.
  2. Enable ability to “Send as” secondary.com from primary.com’s Gmail account.
  3. Add SPF, DKIM, and DMARC records in order to improve deliverability.
  4. If you’re using AWS for DNS, move DNS settings from Google to AWS.

Receiving Email

This is done by enabling email forwarding from secondary.com to primary.com.

To do this, login to https://domains.google.com/, click “My Domains,” then click “secondary.com,” then click the “Email” tab in the left sidebar. (It’s also available at this URL: https://domains.google.com/m/registrar/secondary.com/email)

At the bottom of the page, there is an “Email Forwarding” section, with an “add email alias” link. You can add up to 100 email addresses here, or “*” to forward all email to a single address. For example, you by entering “*” and me@primary.com, all emails addressed to an email address at secondary.com will be delivered to me@primary.com.

One gotcha here is that the “Alias email” field doesn’t accept the entire email address (e.g., me@secondary.com), it only accepts the username (e.g., “me”).

If you’re using Google’s DNS for secondary.com, then you’re done with this step. If you’re using AWS’s DNS, you have one more step.

If you’re using AWS’s DNS:

Go to the DNS settings, which is available in the “DNS” tab in the left sidebar, or at this link:

https://domains.google.com/m/registrar/secondary.com/dns

Scroll down to the “Synthetic records” section, and click the “Email forward” link. You should see five hostnames there that have to be added as an MX record in AWS’s DNS settings.

You can also see those five hostnames at: https://support.google.com/domains/answer/9428703.

To add the MX Record to AWS, go to Route 53, visit “Hosted Zones,” and “Create Hosted Zone” if you haven’t already. Click secondary.com, and “Create Record Set.” Leave “Name” blank, choose “MX Record” from the “Type” dropdown, and enter the list of servers in the “Value” field, each preceded with their respective numeric priorities

It should look something like this:

UI for creation of MX records in AWS.

Sending Email

These changes happen in the Gmail settings of the domain that uses G Suite.

You’re going to need an “App Password” to authenticate to Google’s SMTP server. To get an App Password:

  1. Login to https://account.google.com/ with your primary.com email address.
  2. Click on “Security” in the left sidebar.
  3. Scroll to the “Signing in to Google” section.
  4. Click “App passwords.”
  5. Under “Select the app and device you want to generate the app password for,” you should see dropdowns for “Select app” and “Select device.” I don’t know that it matters which of these you choose, but I selected “Other” and entered “SMTP” for name.
  6. Click “Generate,” and then save the resulting password for use, below.

Once you have your app password, you add the ability to “Send as” in your Gmail settings. Go to your Gmail account for primary.com. In the upper right-hand corner, there should be a gear icon:

Gmail context menu for changing Gmail Settings.

Once you’ve opened up “Settings,” click the “Accounts” tab.

Find the “Send email as” section and click “Add another email address.” This should give you an ugly-looking popup that looks like this:

Ugly Gmail popup that asks for email address that you’d like to add to your account.

Enter the email address that you’d like to send as, e.g. me@secondary.com. Uncheck the “Treat as an alias” checkbox and click “Next Step.” You should get the following dialog:

Gmail dialog asking for SMTP Server, Username, and Password.

Enter smtp.googlemail.com as the SMTP Server, the email address that you use to login to your G Suite account, and the app password that you generated above. Click “Add Account,” and you hopefully will get a success message. You may or may not get a confirmation mail at me@primary.com that you’ll have to acknowledge. Depending on whether you’ve added accounts in the past, you may be asked to enter a confirmation code that’s emailed to me@primary.com. Another gotcha is the confirmation page has a “Confirm” button that’s not obvious.

Testing Your Setup

At this point, you should be able to receive email for me@secondary.com in your me@primary.com Inbox, and send email as me@secondary.com from your me@primary.com Gmail account. However, there is a big gotcha.

You cannot test whether me@secondary.com is receiving mail properly by sending to me@secondary.com from me@primary.com. You’ll have to have a third account send an email to me@secondary.com. This is explained here:

https://support.google.com/domains/answer/6276957

If you send an email from me@primary.com to me@secondary.com, it won’t show up.

On the other hand, sending from me@secondary.com to me@primary.com should work fine. When you open a compose dialog, you should be able to select me@secondary.com from the dropdown that appears in the “From” field. You can compose an email addressed to me@primary.com or any other address and have it arrive successfully.

Adding SPF, DKIM, and DMARC Records

This step is optional, but will improve deliverability for your emails. I recommend doing it for both primary.com and secondary.com.

For your SPF record, create a TXT record in either your AWS or Google DNS settings leaving “Name” blank, and filling “Value” with:

“v=spf1 include:_spf.google.com ~all”

For your DKIM record, you first need to generate a public key for your domain. You can generate this value for your DKIM record at many websites, including SocketLabs. Enter primary.com or secondary.com in the “Domain” field, and “dkim” in the “Key Selector” field, and click “Generate.” You should get output that looks like this:

Public key chunk of text for DKIM DNS TXT record.

In the AWS or Google DNS settings, create another TXT record with dkim._domainkey.secondary.com as the name and that long chunk of text as the value.

If you’re using AWS, there’s a big gotcha: it will probably tell you that the value is too long. In that case, you can split the long string into two or more quoted strings, like this:

"v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuLF0NYTcBcE26rHMyevWN5Mif62lfBlpFSVvrKkiaqrDZWFGgXMBnJUhlF+AUyXlILDtRRkaRfXPTZ7FPFBGCUJzEtdPXd7WgQf6OjPeenogndn6C4Tf" "P0KLuIVAtOGAMXI9CrvSKTdbtElgeaF6RjCsO1bpXJeOIJYeqYXuR+LLVqtrItjs3Irw+k3UWvCjiLp65EISMvRPRlw2oxHS8HS9NlEj7Lx0u+CgH714ZrJwrlkfqgHWIBlXuHRWeP7Ti3y+58l1KQrPFBMIx40GiMgBZY2Axwbu+HKw0D0Vuoq12XtYs2l9udaVCPb257MRfKgdybuiXIQxEnQIDAQAB"

For your DMARC record, create a TXT record with the name _dmarc.secondary.com and a value of:

v=DMARC1; p=none; ri=604800; rua=dmarc-reports@secondary.com

You can use whatever email you want for the rua field. It’s the email address that periodic reports will be sent to. The ri field indicates how often those reports are sent, which is once a week for me.

You can test these settings in two ways. You can use a website like DKIMValidator.com. You can also send an email from me@secondary.com, click the three-dot option mention in the upper right, and then “Show original.” If everything is working, you should see something like this:

Snippet of email headers that shows SPF, DKIM, and DMARC passing.

Transferring DNS Settings From Google to AWS

This step only applies if you’re using AWS for your DNS settings rather than Google. This step simply consists of switching your nameservers from Google to AWS. This is probably the easiest part.

In your AWS DNS settings, there will be an NS record. The value for that record should consist of four hostnames.

In your Google Domains DNS tab, also accessible at https://domains.google.com/m/registrar/secondary.com/dns, first scroll to the DNSSEC section and click “Disable DNSSEC,” otherwise you will be prompted to do so in the next step. After you’ve disabled DNSSEC, click the “Use custom name servers” radio button, enter those four hostnames, and click “Save.”

At this point, you should be done! You may get a message that it may take up to 48 hours for the changes to take effect, but in my case it was a matter of minutes.

AWS
Gmail
Email
Domains

--

--

Daniel Malmer
The Startup

Written by Daniel Malmer

101 Followers
Writer for

PhD student researching online hate speech, extremism, and radicalization. https://www.malmer.com/

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams