Google Workspace Setup
Standard setup checklist for the Lumifeed Google Workspace (support@lumifeed.app).
Google Workspace Setup
Single-user workspace: support@lumifeed.app. Work through this checklist top-to-bottom — DNS changes first, then admin console, then integrations.
1. DNS Records (do first)
All records go on the lumifeed.app domain in your DNS provider (e.g. Vercel, Cloudflare).
| Type | Host | Value |
|---|---|---|
| MX | @ | Google's MX records (shown in Admin console → Domains → Manage domains → Set up MX) |
| TXT | @ | v=spf1 include:_spf.google.com ~all |
| TXT | google._domainkey | DKIM key — generated in step 3 below |
| TXT | _dmarc | v=DMARC1; p=quarantine; rua=mailto:support@lumifeed.app |
DNS propagation takes up to 48 hours. DKIM must be generated in Admin console before you add the DNS record.
2. Email Aliases
Admin console → Directory → Users → support@ → Add alternate emails.
Add these aliases (all route to support@):
hello@lumifeed.appnoreply@lumifeed.appbilling@lumifeed.appabuse@lumifeed.app
3. DKIM Setup
- Admin console → Apps → Google Workspace → Gmail → Authenticate email
- Select domain
lumifeed.app→ Generate new record - Copy the TXT value, add it to DNS as
google._domainkey.lumifeed.app - Wait for DNS propagation, then click Start authentication
4. Admin Console: Security
- 2FA: Security → 2-step verification → Enforcement → On for all users
- Recovery: Add personal email + phone as recovery options for the admin account
- Session duration: Security → Google session control → Set to 24 hours (not indefinite)
- Login alerts: Reports → Audit → Login → enable email alerts for suspicious activity
5. Gmail Filters / Labels
Suggested label structure for support@:
Billing— Stripe/Razorpay receipts, subscription emailsAuth— Google/GitHub OAuth alertsSupport— user questions forwarded inInfra— Vercel, Neon, Sentry, Trigger.dev alertsLegal— anything requiring action
6. Postmaster Tools
Register lumifeed.app at postmaster.google.com to monitor:
- Domain reputation
- Spam rate
- Delivery errors
Add the domain → verify (uses existing MX/SPF records, no extra DNS needed).
7. Transactional Email
Do not use Google Workspace SMTP for transactional mail (magic links, notifications). Mixing transactional + human mail hurts deliverability for both.
Use a dedicated provider for code-triggered emails. Recommended for Lumifeed:
- Resend — simple API, generous free tier, good Next.js integration
- Postmark — best deliverability for transactional
When setting up: verify lumifeed.app domain with the provider (they add their own DKIM/SPF records — compatible with Google's, just add both).
8. Google Services Checklist
| Service | Action |
|---|---|
| Google Search Console | Add + verify lumifeed.app property |
| Google Analytics | Create GA4 property for lumifeed.app |
| Postmaster Tools | Register domain (step 6 above) |
| Google OAuth app | Already configured — ensure consent screen shows lumifeed.app as authorized domain |
9. Verified Owner Email for External Services
Use support@lumifeed.app as the owner/billing email for:
- Vercel
- Neon
- Sentry
- Stripe
- Razorpay
- Trigger.dev
- Anthropic (Claude API)
- Voyage AI
- GitHub (repo + OAuth apps)
10. Optional: Google Groups
Even with 1 member, create a group team@lumifeed.app via Admin console → Directory → Groups. Useful when adding contractors — give them group access without exposing your personal inbox.
Status Tracker
| Task | Done? |
|---|---|
| MX records set | ☐ |
| SPF TXT record | ☐ |
| DKIM generated + DNS added | ☐ |
| DKIM authentication started | ☐ |
| DMARC TXT record | ☐ |
| Email aliases created | ☐ |
| 2FA enforced | ☐ |
| Session duration set | ☐ |
| Postmaster Tools registered | ☐ |
| Transactional email provider set up | ☐ |
| Search Console verified | ☐ |
| GA4 property created | ☐ |
| External services updated to support@ | ☐ |