Changing your primary domain as a startup with Gsuite domain aliases

0

When you are a startup, your name and your website are going to change quite a bit. Here’s a way to make it all easier. First of all if you use Gsuite, it will be easier since it supports the idea of multiple domains. You can actually have the same person attached to multiple secondary domains, so rich@foo.com and rich@bar.com goto the same inbox.
You can even swap your primary with any secondaries, so you can run for a while in a dual mode and then swap the primary location.
Here is what to do

  1. First, add a domain alias to GSuite Admin in the Domain section. It is really important to make it a domain alias and NOT a secondary domain. A secondary domain requires you to recreate all accounts while a domain alias handles mail automatically.
  2. For me anyway, this had a problem with Bluehost, the verification didn’t work and when I tried to add a TXT record, I could see it and so could Google’s dig, but whatever is caching in GSuite couldn’t even after hours. I finally had to go backward and change the DNS server to point to a new WordPress domain and then connect by editing the header.php to have the right Meta tag. YOu do this in the Appearance/Theme Editor/header.php where you can add the meta tag.
  3. Now make sure that mail delivery works by changing the MX records of the new domain to point to Google. These are set to aspmx.l.google.com and then you can set up as many alternatives as you want as alt1.aspmx.l.google.com and so on up to alt4.aspmx.l.google.com
  4. Edit your SPF record to include google so that you have some spam prevention so add include=_spf.google.com and run their checkmx program to make sure it is right. This is what bluehost recommends v=spf1 a mx ptr include:bluehost.com ?all` but this is what google recommends v=spf1 include:bluehost.com include:_spf.google.com ~all. The difference is that the bluehost one allows any hosts that have an mx or an A record or a PTR record to also be accepted as valid senders and the tilde means a soft fails whereas bluehost says question mark which means it just allows it go through. You probably want the tilde.
  5. Setup up DKIM, this signs your mail so that hackers can’t spoof things coming from your email server. Note that google does this by default for all mail, but then you can’t tell the difference between any domain that google hosts and you. You go to the Gsuite Admin and in the Mail section choose Authenticate Mail to generate a key. You then publish the public key in your DNS and you get a magic TXT record with a name like google_domainkey and the contents is a public key. You have to wait 48 hours for the DNS to update across the web, so leave this open until it works.
  6. Setup up DMARC after DKIM and SPF are working. This is done with yet another TXT record of the form, with the name `_dmarc.your_domain.com` and then the record itself has parameters so this means quarantine 5% of the messages from a suspicious sender  “v=DMARC1; p=quarantine; pct=5; rua=mailto:postmaster@your_domain.com”` and then mail reports to your postmaster.`
  7. Now if you just have a domain alias, then email from any of the secondary domains just magically arrive in the user inbox. The outbound is still the original though.
  8. When you are comfortable, go to the admin and make the secondary the primary and voila, you have switch domains and everything else.

Data Migrations between Primary and Secondary Domains

This is pretty complicated, but there is a different guide for each data type:

  1. Data migration for each email. You need to however have authentication of each user. There is also a transfer guide for all the different data types:
  2. Calendar. You go to the calendar web page, select the calendar, right click and choose settings and sharing, allow the new user to Make changes and manage sharing, this in effect, makes the calendar owned by the new account. However, if you are eventually going to delete this user, then you want to export the entire calendar and then import it. Note that by default if you export, you get a zip file, you actually have to unzip it before importing it.
  3. Google Drive. The easiest way it to use the Backup and Sync application and then download everything and copy it to the new Google Drive. This won’t deal completely with permissions though, you have to change those manually.

Having Mail sent to both new and old domain

Second you have to map the primary to the secondary domain so you can see them in both places. The old per user mapping no longer works. The Recipient Map is the place to do this:

  1. In the mail area, you make sure that it goes to the destination site
  2. Then you have to add a comma separated list from the old to the new domain

AT this point, the email appears at both the old and the new domain.

Related Posts

© All Right Reserved