Søren Klintrup

Table of Contents

Gmail architecture
- Incoming email
- Outgoing email

Gmail architecture

This page describes the to-be setup after email migration from gsuite has taken place

Incoming email

Outgoing server finds MX records for cloudflare
Cloudflare¹⁾ checks internal database and forwards the email to gmail

Outgoing email

Gmail authenticates to AWS SES²⁾ servers using unique IAM username/password
1. each unique user is restricted to only be able to send from their own set of email addresses
AWS SES signs the email using DKIM keys stored in internal SES database for the sender domain
AWS SES looks up destination MX server and sends email to destination email server
(optional) Destination email server looks up SPF, DKIM and DMARC via DNS

¹⁾

https://blog.cloudflare.com/introducing-email-routing/

²⁾

https://aws.amazon.com/ses/

[ Back to top | Sitemap ]

prsnl10 on DW under the hood

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial 4.0 International