Posted on

Relaying Salesforce Emails Through Google Apps (For That Natural Feel)

Problem: You need to send trackable, mass emails to multiple, large, segmented lists of ‘real’ (i.e., subscribed) customers which passes gracefully through firewalls/spam filters.

I basically just described the mandate of every sales/marketing technology professional ever to send out mass emails. Don’t think there aren’t dozens of tools for this already. But if you’re already in bed with Salesforce/Pardot, there are some simple ways of staging this scenario.

If you know what an email relay is, this is still a good read because I give some color/connective tissue to the existing instructions.

Requirements (What you don’t want):

  1. You don’t want one of these ugly things on the bottom of your emails:

    I’m not saying you shouldn’t be CAN-SPAM compliant, but it also shouldn’t take up 75% of the visual real estate. The problem is, if you go through services like MailChimp or ConstantContact, we have to stick one of those nasties at the bottom. No fun! Salesforce will send nice, clean emails on your behalf (and they’re trackable!), but there’s a problem:
  2. Email sent from Salesforce, even if it’s ‘from’ you, isn’t really from you. You don’t want ‘via’ info next to your name on emails. I’m not sure how outlook handles this but in Gmail it looks like this:

    This is how Google handles unauthenticated emails from third-party senders. They make it clear that, “If you notice that an email was sent via a program you don’t recognize, the message might be spam.” This is what a spammer looks like:

Do you look like this?? No!
You are a professional marketing automation expert, and would never rock mutton chops.

Google makes it clear how to shed those unwanted ‘via’ qualifiers. Emails need to be authenticated (we’ll get to that below, briefly) and, “Make sure the domain in the “From:” address matches the domain you’re using to authenticate your emails.” To do this, we need to relay emails THROUGH Google Apps.

An open mail relay is an SMTP server configured in such a way that it allows anyone on the Internet to send e-mail through it, not just mail destined to or originating from known users. (Wikipedia)


Solution: Using email relay coupled with the plain-Jane email template from Salesforce, we can send out emails that look like <GASP!> they’re from a real human being. Buried within Salesforce and Google Apps config is a way to make this happen, and happen securely, so any schmuck doesn’t come along and dump a bucket of spam through your Apps account, sullying your good name.

Now that you know what solution you’re looking for, allow me to direct you to instructions to implement it, with some commentary. To achieve this, you are going to have to be the Salesforce Admin AND the Google Apps Admin (last meme, I promise):

Take a break and:

  1. Configure Email Relay Settings in Google Apps:
    • This is where it all begins. You’re going to whitelist (allow) the Salesforce servers to relay email through your Google Apps domain.
  2. Ensure a Copy of Sent Mail Appears In Your Inbox:
    • Not actually a requirement. In fact, many people DON’T want 500 similar messages to appear in their inbox. But if, for compliance reasons, or severe OCD, you need to keep a copy of every sent message, you need to do this.
  3. Get the Whitelist IP Addresses from the Salesforce IP Whitelist List:
    • As far as I know, there is only 1 authoritative page with these addresses, and this is it. There are a lot of blog posts out there which post old addresses which no longer work, and do not link to this page. This page is updated by the folks at Salesforce and (usually) they send out an email if anything on it changes.
    • DO NOT do what Dumb Jesse did the first time and whitelist the entire range in the beginning of the article (where it lists the ARIN numbers). It’s not necessary. And because each entry only accepts a max of 65,536 addresses, you’re going to have to sit there and convert all those ranges to smaller CIDR blocks using some kind of online CIDR converter tool. You’re also going to have to understand what CIDR is, since it helps to actually know what you’re doing. And if you happen to be on vacation, as I was, neither of those things are very fun.
      INSTEAD: Scroll down to where it says, “The addresses used for email relay include:” and enter those directly. You’ll be fine, I promise.
  4. Set up Email Relay in Salesforce:
    • Once this is active, it’s active for all users in your org. You don’t need to worry about telling users to tweak things at an individual level.
    • Don’t forget to Require TLS
    • Make sure you run the test at the end, and check for the 4 emails in your inbox.
  5. Setup DKIM for Google Apps:
    • I could probably write a separate article on this one but it’s the finishing touch on this whole process. It’s relatively straightforward but requires the ability to login to your hosting provider (as well as Google Apps).

There’s only one problem with this – if the email bounces and is retried, each retry shows up in your sent folder (if you have followed #2). This can get super ugly and clutter the crap out of your sent messages. Since you can’t make a filter which removes mail from your Sent folder (only copies/adds a label), you can make a ‘fakey’ sent box which excludes those emails you don’t wish to see and then hide your traditional Sent folder. Sounds complicated, but not difficult to setup. Note – Google claims this is not a bug, and has had me enter it as a feature request, although it’s clearly a bug.

That small issue aside, you are well on your way to sending classy, seemingly personal emails to the masses. Assuming you keep mentions of Viagra or your Royal Nigerian Heritage to a minimum, your emails should pass gracefully through spam filters and reach their intended recipients.

Shout out to the folks at Cirrus, who covered quite a bit of this, but didn’t link to the whitelist page or keep their own page up to date.