Prerequisites
- A Google Workspace Super Administrator account
- Permission to update the SPF TXT record for every sending domain
- TLS (Transport Layer Security) must be enabled in your environment
- SIGNandGO relay IP: 57.153.76.186
- SIGNandGO smart‑host IP: 9.163.219.29 – Port 25
Granting User Permissions
- Go to https://consent.signandgo.io/ and click Connect Google Workspace. Sign in with your corporate email account on the SIGNandGO login screen.
- After signing in, you'll be redirected to Google's consent screen. Choose your Super Administrator account, review the requested scopes, and click Allow.
- Authorization is completed instantly.
- For detailed instructions, watch our YouTube video:
Update SPF Records
To prevent your emails from being marked as spam, add the SIGNandGO IP to the SPF record of each sending domain:
v=spf1 include:spf-gws.protection.signandgo.io include:_spf.google.com ~all
Update the SPF Record
Add the SIGNandGO IP address to the SPF record of every sending domain to prevent messages from being marked as spam:
v=spf1 ip4:57.153.76.186/32 include:_spf.google.com ~all
High‑Level Flow
- Add the SIGNandGO smart‑host
- Configure an SMTP relay rule that trusts the SIGNandGO IP
- Create a Content Compliance rule so only unsigned messages are routed to SIGNandGO
👉 Step 1 – Add the SIGNandGO Smart Host
- Sign in to admin.google.com with a Super Administrator account
- Navigate to Apps › Google Workspace › Gmail › Hosts
- Click Add route.
- In the pop‑up window, enter:
- Name:
SIGNandGO - Single host → Host name / IP:
9.163.219.29 - Port:
25 - Clear Perform MX lookup
- Click Save.
- Name:
👉 Step 2 – Configure the SMTP Relay Service
Under Gmail settings, open the Routing tab.
- In the SMTP relay service row, click Configure (or Add rule if none exists).
- Name:
Relay Service for SIGNandGO - Allowed senders: Only addresses in my domains.
- Authentication:
- Tick Only accept mail from the specified IP addresses → Add →
57.153.76.186
- Tick Only accept mail from the specified IP addresses → Add →
- Encryption: Select Require TLS encryption
- Click Save
👉 Step 3 – Create a Content Compliance Rule
- In Gmail settings, switch to the Compliance tab and choose Content compliance.
- Click Configure (or Add another rule if rules already exist).
- Name:
Route to SIGNandGO - Email messages to affect: Check Outbound and Internal – sending
- In Expressions, click Add:
- Location: Full headers
- Match type: Does not contain text
- Content:
X-PEAKUP-Signature - Click Save
- Under If the above expressions match, do the following:
- Choose Change route → select SIGNandGO.
- Expand Modify message → Add custom header and enter:
X-SIGNandGO-Thumbprint: <YourCompanyThumbprint>- Replace
<YourCompanyThumbprint>with the thumbprint value provided by SIGNandGO.
⭐(Optional) Use Show options to scope the rule to specific user groups.
User identification options
Sender-based filtering in Google Compliance rules must be configured using Envelope Filter.
Test Usage (Limited Users)
During the initial setup, the rule can be applied to a limited number of users for validation purposes.
Configuration:
- In C. Envelope Filter, enable
Only affect specific envelope senders. - Select Single email address from the dropdown.
- Add the email addresses of the users included in the test phase.
This step is intended only for testing and verification.
Rollout (Using Customer Domains)
After successful testing, the rule should be expanded to include the customer’s own email domains.
Configuration:
- Ensure Only affect specific envelope senders is enabled.
- Select Pattern match from the dropdown.
- Enter a Regexp value based on the domains used in the customer’s environment.
Sample Regex (for illustration only):
^.*@(peakdrive\.org|peakdrive\.com)$
Note: The domains shown above are examples only.
The customer must replace them with their actual email domains shared during the setup phase.
With this configuration, the Compliance rule will apply only to emails sent from the specified customer domains.
- Click Save to activate the rule🎉
Version: 1.2