Bounce Error When Mailing Internally within Google Workspace

Situation – You receive a bounce message when messaging internally with Google Workspace

Solution – This document will explain the workaround that Google has provided for that bounce

Google Blocks Its Own IP Address

  • With some customers, we have seen bounce-back errors from Google, where Google is blocking its own IP address. The IP address is within one of the CIDR ranges added in the Inbound Gateway list, but the bounce message states that it is not in the whitelist. The error message looks similar to this:
    • Google tried to deliver your message, but it was rejected by the relay <a href=”http://aspmx.l.google.com” target=”_blank”>aspmx.l.google.com</a> [Google IP]. We recommend contacting the other email provider at <a href=”mailto:postmaster@aspmx.l.google.com” target=”_blank”>postmaster@aspmx.l.google.com</a> for further information about the cause of this error. The error that the other server returned was: 421 4.7.0 IP not in whitelist for RCPT domain, closing connection. 39si990106uak.192 – gsm
  • If you get this error, the solution that Google provided was to uncheck the box that says “Reject all mail not from gateway IPs” under the inbound gateway. To get there from the Admin Portal, go to Google Workspace > Gmail > Spam, Phishing, and Malware > Inbound Gateway

If you do uncheck this box, your mail server is not locked down to only accept external mail from Spambrella/Proofpoint IPs. It is possible for senders to route directly to your mail system instead of following normal MX lookups to route through Proofpoint.