Skip to content

Configuring the Inbound Gateway


Given the potential for service disruption during this process, Coro recommends scheduling these changes at a time of least impact.

Configuring the Inbound Gateway requires changes to an organization's own DNS and email infrastructure, as well as enabling the Gateway inside your Coro workspace. This section describes the steps required.

Changes are required in your DNS and email service

To set up the Coro Inbound Gateway to protect your incoming emails, you must perform some configuration steps in your email and DNS services before you can configure your Coro workspace. You need to:

  • Obtain all prerequisites.
  • Set up your original email provider to recognize Coro as the gateway for inbound email.
  • Update your email domain DNS settings, mapping your highest priority mail exchanger (MX) record to Coro's Inbound Gateway server IP address.


Before you begin, make sure you have the following information:

  • IP address(es) of Coro’s Inbound Gateway email proxy service. Contact Coro Support for details.
  • MX record details for Coro’s Inbound Gateway email proxy service. Contact Coro Support for details.
  • The identity of your email service provider
  • Your email domain

Setting Coro as an inbound gateway with the original email provider

Coro can be configured with the following email providers:


  1. Sign into Google Workspace Admin with your administrator credentials.
  2. In the Admin console, go to Menu > Apps > Google Workspace > Gmail > Spam, Phishing and Malware.
  3. In the left pane, select your top-level organization.
  4. Locate the Inbound gateway setting and select Edit. The Inbound gateway dialog appears.
  5. Specify the IP address(es) of the Coro Inbound Gateway and select Save.


By specifying Coro Inbound Gateway IP addresses in the Inbound gateway setting, Gmail does not then perform SPF or DMARC checks on incoming messages.

Microsoft 365

  1. Sign into the Exchange Admin console with your administrator credentials.
  2. Go to Home > Mail flow > Connectors.
  3. Select + Add a connector. The new connector dialog appears.
  4. Add a name describing the incoming mail connection. For example, “SMTP server connection”.
  5. Set the Mail flow scenario as:

    • From: Your organization’s email server
    • To: Office 365 (Microsoft 365)
  6. Set the sent email identity as having originated from the Coro Inbound Gateway IP address. Then, select the radio button to add this address into the IP address field. Select Save to save your changes.

  7. Make sure the connector status is set to On.


Due to the way Microsoft verifies third party servers configured in your mail flow connectors, you might see SPF authentication failures in the headers of your email messages relating to the Coro email proxy. This is to be expected and does not affect processing or delivery of your emails. For more details, contact Coro Support.

Third party MTA

Coro can support other third party message transfer agents (MTAs) that are capable of receiving emails from an inbound email proxy gateway, skipping SPF/DMARC and similar checks. Coro recommends contacting the customer support team for your MTA to clarify what settings should be applied. For further assistance, contact [Coro Support.

Updating email domain DNS settings

To enable Coro to analyze incoming emails, add Coro’s Inbound Gateway server address as a highest-priority MX record in your DNS settings.

This section provides general configuration advice for most scenarios, and specific guides for:

General configuration

Your organization's original MX records can remain defined in your DNS but must be configured as lower priority than the Coro Inbound Gateway MX record. Through this, any interruptions to the availability of the Coro service mean that emails are sent instead to servers defined in lower-priority MX records (the default behavior of SMTP).

MX record priority is determined by the lowest number applied. In other words, an MX record priority value of 10 is treated as higher priority than a value of 20.

Keep a note of your original MX records as these are required for configuration in the Coro console later.


Updates to DNS records can take up to 24 hours to take effect.

Microsoft 365

To configure MX records in Microsoft 365:

  1. Sign into the Exchange Admin console with administrator credentials.
  2. Go to Home > Settings > Domains > [CUSTOMER EMAIL DOMAIN].
  3. Select the DNS records tab.
  4. In the Microsoft Exchange section, locate the MX record entry:

    Configuring Microsoft Exchange MX records

  5. Select the record to view the MX record dialog.

  6. Make a note of the current MX record. For example, “”. Retain this for later configuration.
  7. Add a new entry for the Coro Inbound Gateway MX record:


    Be aware that Exchange Admin might give validation warnings or errors regarding the new MX record not matching expected values. You can safely ignore this.

  8. Select Done to close the dialog.

Google Domains Service

To configure MX records in Google Domains Service (for organizations who registered their domains using Google DNS):

  1. Sign into Google Domains Service ( with your administrator credentials.
  2. Select your domain, then select Manage:

    Configuring Google DNS 1

  3. Select DNS.

  4. Make a note of the current MX records for later configuration.
  5. (Recommended) Back up the current DNS settings as a precaution by selecting Export DNS records.
  6. Set Type as “MX” and add a Data entry corresponding to the Coro Inbound Gateway MX record address.
  7. Make sure to add the Coro Inbound Gateway address with the lowest priority number (giving it highest priority in the list). Other servers in the list should be the original Google servers:

    Configuring Google DNS 2

  8. Select Save.

  9. If Google asks for confirmation for overriding the existing configuration, select Yes.
  10. Verify and re-add missing records such as SPF if you find this was overridden by these changes. To do this, select Create new record > SPF, add the required data, then select Save:

    Configuring Google DNS 3

What changes are required within your Coro workspace

After you have configured your DNS and email services, enable the Inbound Gateway in your Coro workspace. This process takes place inside the Coro console.

Before you begin this procedure, make sure you have the following information:

  • Your email domain name
  • The list of MX records associated with the domain

To enable the Coro Inbound Gateway:

  1. Sign into your Coro workspace.

  2. On the Actionboard, select Control Panel at the top of the Email Security dashboard panel:

    Email Security dashboard Control Panel link

    Alternatively, select Email Security from the main Control Panel:

    Control Panel Email Security icon

  3. Coro displays the Email Security configuration page:

    Email Security page

  4. Select the Inbound Gateway tab:

    Inbound Gateway configuration page

  5. Select an Email security mode.

    Choose from Warning only or Block according to your requirements:

    Inbound Gateway security mode


    For more information on these settings, see How is malicious email handled.

  6. Select Add Domain:

    Add a domain

    The Add domain to inbound proxy dialog is displayed.

  7. Enter the following settings:

    • Enter domain name: Specify the domain for your email service.
    • Relay SMTP Proxy: Enter the list of MX domains to which emails are forwarded by the Coro Proxy. For each entry, use the drop-down list to select port 25 (or the port number relevant to your settings).

    Adding your domain details

    Select Add to save your settings and close the dialog.

  8. On the main Inbound Gateway tab, verify the proxy connection by selecting Test from the 3-dot menu adjacent to your new domain entry:

    Testing your inbound proxy

  9. In the Test Proxy dialog, specify a valid email address at your domain in the Mail to field, then select Send Test Email:

    The Test proxy dialog

    A confirmation message is displayed:

    Test confirmation message

  10. Locate and open the received test email, then select the enclosed link to confirm delivery. If the email was not received, check your spam folder. Also, double-check the Relay SMTP Proxy settings or contact Coro Support for further assistance.

    If the test is successful, the domain's Test Status field is updated to reflect this.

    Configuration of the Inbound Gateway is now complete.