Gmail UI with Compose button and Inbox with 6,763 unread.
Image courtesy

Handling Email for Multiple Domains Using One G Suite Account

Daniel Malmer
The Startup
Published in
7 min readJun 12, 2020


This is the process I went through to configure my single G Suite account to handle email for half a dozen different domains.

I manage a number of domains. My primary domain is where I get most of my email. I use G Suite for that. I have several less frequently used domains that I also use to send and receive email, but I don’t use them frequently enough to pay for G Suite for each of them. Even if I had G Suite for each domain, it would be inconvenient to login to multiple accounts just to send and receive email.

Ultimately, I wanted to be able to login to one Gmail account, and to send and receive email from any of my domains in the same Inbox. Making this happen turns out to be fairly easy, but figuring it out on my own was a long, frustrating process. Hopefully, this will save someone that frustration.

One of the complications for me was that I use AWS for my DNS nameservers. I won’t go into details regarding the reasons, but it has to do with the different ways that AWS’s DNS and Google’s DNS handle versus

I’ll first describe the necessary changes if you’re using Google’s DNS, and then will describe the additional changes required if you’re using AWS’s DNS.

One caveat here is that both Google and AWS are constantly changing. This process worked for me in June of 2020, but things are likely to change.

For the purposes of this document, I’ll refer to your primary email address that uses G Suite as, and your secondary email that doesn’t use G Suite as

The steps are:

  1. Receive mail addressed to in’s Gmail Inbox.
  2. Enable ability to “Send as” from’s Gmail account.
  3. Add SPF, DKIM, and DMARC records in order to improve deliverability.
  4. If you’re using AWS for DNS, move DNS settings from Google to AWS.

Receiving Email

This is done by enabling email forwarding from to

To do this, login to, click “My Domains,” then click “,” then click the “Email” tab in the left sidebar. (It’s also available at this URL:

At the bottom of the page, there is an “Email Forwarding” section, with an “add email alias” link. You can add up to 100 email addresses here, or “*” to forward all email to a single address. For example, you by entering “*” and, all emails addressed to an email address at will be delivered to

One gotcha here is that the “Alias email” field doesn’t accept the entire email address (e.g.,, it only accepts the username (e.g., “me”).

If you’re using Google’s DNS for, then you’re done with this step. If you’re using AWS’s DNS, you have one more step.

If you’re using AWS’s DNS:

Go to the DNS settings, which is available in the “DNS” tab in the left sidebar, or at this link:

Scroll down to the “Synthetic records” section, and click the “Email forward” link. You should see five hostnames there that have to be added as an MX record in AWS’s DNS settings.

You can also see those five hostnames at:

To add the MX Record to AWS, go to Route 53, visit “Hosted Zones,” and “Create Hosted Zone” if you haven’t already. Click, and “Create Record Set.” Leave “Name” blank, choose “MX Record” from the “Type” dropdown, and enter the list of servers in the “Value” field, each preceded with their respective numeric priorities

It should look something like this:

UI for creation of MX records in AWS.

Sending Email

These changes happen in the Gmail settings of the domain that uses G Suite.

You’re going to need an “App Password” to authenticate to Google’s SMTP server. To get an App Password:

  1. Login to with your email address.
  2. Click on “Security” in the left sidebar.
  3. Scroll to the “Signing in to Google” section.
  4. Click “App passwords.”
  5. Under “Select the app and device you want to generate the app password for,” you should see dropdowns for “Select app” and “Select device.” I don’t know that it matters which of these you choose, but I selected “Other” and entered “SMTP” for name.
  6. Click “Generate,” and then save the resulting password for use, below.

Once you have your app password, you add the ability to “Send as” in your Gmail settings. Go to your Gmail account for In the upper right-hand corner, there should be a gear icon:

Gmail context menu for changing Gmail Settings.

Once you’ve opened up “Settings,” click the “Accounts” tab.

Find the “Send email as” section and click “Add another email address.” This should give you an ugly-looking popup that looks like this:

Ugly Gmail popup that asks for email address that you’d like to add to your account.

Enter the email address that you’d like to send as, e.g. Uncheck the “Treat as an alias” checkbox and click “Next Step.” You should get the following dialog:

Gmail dialog asking for SMTP Server, Username, and Password.

Enter as the SMTP Server, the email address that you use to login to your G Suite account, and the app password that you generated above. Click “Add Account,” and you hopefully will get a success message. You may or may not get a confirmation mail at that you’ll have to acknowledge. Depending on whether you’ve added accounts in the past, you may be asked to enter a confirmation code that’s emailed to Another gotcha is the confirmation page has a “Confirm” button that’s not obvious.

Testing Your Setup

At this point, you should be able to receive email for in your Inbox, and send email as from your Gmail account. However, there is a big gotcha.

You cannot test whether is receiving mail properly by sending to from You’ll have to have a third account send an email to This is explained here:

If you send an email from to, it won’t show up.

On the other hand, sending from to should work fine. When you open a compose dialog, you should be able to select from the dropdown that appears in the “From” field. You can compose an email addressed to or any other address and have it arrive successfully.

Adding SPF, DKIM, and DMARC Records

This step is optional, but will improve deliverability for your emails. I recommend doing it for both and

For your SPF record, create a TXT record in either your AWS or Google DNS settings leaving “Name” blank, and filling “Value” with:

“v=spf1 ~all”

For your DKIM record, you first need to generate a public key for your domain. You can generate this value for your DKIM record at many websites, including SocketLabs. Enter or in the “Domain” field, and “dkim” in the “Key Selector” field, and click “Generate.” You should get output that looks like this:

Public key chunk of text for DKIM DNS TXT record.

In the AWS or Google DNS settings, create another TXT record with as the name and that long chunk of text as the value.

If you’re using AWS, there’s a big gotcha: it will probably tell you that the value is too long. In that case, you can split the long string into two or more quoted strings, like this:

"v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuLF0NYTcBcE26rHMyevWN5Mif62lfBlpFSVvrKkiaqrDZWFGgXMBnJUhlF+AUyXlILDtRRkaRfXPTZ7FPFBGCUJzEtdPXd7WgQf6OjPeenogndn6C4Tf" "P0KLuIVAtOGAMXI9CrvSKTdbtElgeaF6RjCsO1bpXJeOIJYeqYXuR+LLVqtrItjs3Irw+k3UWvCjiLp65EISMvRPRlw2oxHS8HS9NlEj7Lx0u+CgH714ZrJwrlkfqgHWIBlXuHRWeP7Ti3y+58l1KQrPFBMIx40GiMgBZY2Axwbu+HKw0D0Vuoq12XtYs2l9udaVCPb257MRfKgdybuiXIQxEnQIDAQAB"

For your DMARC record, create a TXT record with the name and a value of:

v=DMARC1; p=none; ri=604800;

You can use whatever email you want for the rua field. It’s the email address that periodic reports will be sent to. The ri field indicates how often those reports are sent, which is once a week for me.

You can test these settings in two ways. You can use a website like You can also send an email from, click the three-dot option mention in the upper right, and then “Show original.” If everything is working, you should see something like this:

Snippet of email headers that shows SPF, DKIM, and DMARC passing.

Transferring DNS Settings From Google to AWS

This step only applies if you’re using AWS for your DNS settings rather than Google. This step simply consists of switching your nameservers from Google to AWS. This is probably the easiest part.

In your AWS DNS settings, there will be an NS record. The value for that record should consist of four hostnames.

In your Google Domains DNS tab, also accessible at, first scroll to the DNSSEC section and click “Disable DNSSEC,” otherwise you will be prompted to do so in the next step. After you’ve disabled DNSSEC, click the “Use custom name servers” radio button, enter those four hostnames, and click “Save.”

At this point, you should be done! You may get a message that it may take up to 48 hours for the changes to take effect, but in my case it was a matter of minutes.



Daniel Malmer
The Startup

PhD student researching online hate speech, extremism, and radicalization.