Business email — Google Workspace multi-domain (moosequest.net primary + aliases)

Status: operational reference. This is a DIY setup, not a legal or tax matter. No pro required.

Last updated: 2026-04-22. Current state reflects the active Google Workspace tenant on moosequest.net.

TL;DR — adopted architecture

Primary domain: moosequest.net (existing Google Workspace Business Plus tenant, kris@moosequest.net). Alias domains (free): raxx.app, raxx.io, getraxx.com.

This is Architecture C — one mailbox, multiple brand addresses. Any mail to kris@{moosequest.net | raxx.app | raxx.io | getraxx.com} lands in the one moosequest.net inbox. Role aliases (support@raxx.app, hello@getraxx.com, docs@raxx.io, etc.) forward to the same inbox. One license, no per-domain cost.

DNS deterministic records for all three alias domains (MX / SPF / DMARC) were added to Cloudflare on 2026-04-22 via the Cloudflare API. Domain verification TXT + DKIM remain per-domain human steps in the Google Admin console (tokens are generated by Google at enrollment time).

Later, if Raxx hires and needs a separate mailbox (e.g. alice@raxx.app distinct from alice@moosequest.net), convert raxx.app from alias → secondary domain and add a license.

Decision: which domain?

Both domains are reportedly already controlled:

Recommendation framework (not a recommendation): if Raxx is the go-forward brand, kris@raxx.app is the cleanest founder email and hello@getraxx.com / support@getraxx.com can live alongside on the marketing domain. Google Workspace supports multiple domains on one account (primary + secondary), so both can be served from one tenant.

Setup path (already partly executed 2026-04-22)

Done via Cloudflare API (all 3 alias domains)

For each of raxx.app, raxx.io, getraxx.com:

• MX (at apex, 5 records matching Google's legacy fleet — compatible with both new single-MX and legacy-5-MX Google routing):
• 1 aspmx.l.google.com
• 5 alt1.aspmx.l.google.com
• 5 alt2.aspmx.l.google.com
• 10 alt3.aspmx.l.google.com
• 10 alt4.aspmx.l.google.com
• SPF (TXT at apex): v=spf1 include:_spf.google.com ~all
• DMARC (TXT at _dmarc.<domain>): v=DMARC1; p=quarantine; rua=mailto:kris@moosequest.net; fo=1

Verified in each zone via curl ... /dns_records?type=MX — all records show OK.

Remaining per-domain human steps (Google Admin console)

These require Google-generated tokens and cannot be scripted from outside the tenant.

For each of raxx.app, raxx.io, getraxx.com:

1. Open https://admin.google.com → Domains → Manage domains → Add a domain
2. Select "User alias domain" (NOT "Secondary domain" — alias gives free mirroring into the existing kris@ mailbox)
3. Google shows a TXT verification record (something like google-site-verification=...). Copy the value.
4. Tell me the value → I add it to the Cloudflare DNS for that domain (or add it yourself via the Cloudflare panel).
5. Click Verify in Google Admin. Verification usually completes in under a minute once DNS propagates.
6. Enable DKIM once the domain is verified: Admin console → Apps → Google Workspace → Gmail → Authenticate email → select the alias domain → Generate new record (2048-bit recommended).
7. Copy the DKIM TXT value (google._domainkey.<domain>) → I add it, or you add it.
8. Click Start authentication in Admin to activate DKIM signing for that domain.

Role aliases (free, one-time setup)

After all 3 alias domains are verified:

• In Admin console → Users → your user (Kris) → Aliases → Add alias.
• Add as many as you want (up to 30 per user). Common ones:
• support@raxx.app, hello@raxx.app, press@raxx.app, legal@raxx.app
• docs@raxx.io
• hello@getraxx.com, support@getraxx.com, press@getraxx.com
• All land in Kris's inbox. Reply-as any of them via Gmail "Send mail as."

Send-as setup in Gmail (per alias)

• Gmail → Settings → Accounts and Import → Send mail as: Add another email address
• Add each alias address. Google auto-verifies since they're already aliases of the verified user.
• Set the default from-address per your preference (probably kris@moosequest.net for parent-entity correspondence).

Cost (as of research date — verify at https://workspace.google.com/pricing.html)

Single-user annual cost at Business Starter: ~$72/year. Budget item, not a blocker.

Alternatives to Google Workspace (not researched deeply here): - Microsoft 365 Business Basic: ~$6/user/month. Equivalent. - Fastmail: ~$3–$5/user/month; strong privacy story; no integrated docs/drive. - Proton Business: ~$7/user/month; E2E-encrypted mail; small-bulk senders may have deliverability issues.

Why set this up before filing anything

• USPTO correspondence defaults to the email on the trademark application. Losing access to that email = losing notices about office actions.
• IRS EIN confirmation and 2553 / payroll correspondence is largely postal but increasingly email-supplemented.
• Banks and registered-agent services send compliance notices to the email on file.
• Stripe / payment processors send account-recovery and fraud-hold notifications that are deliverability-sensitive.

Starting with a clean, deliverable founder email (kris@raxx.app) with SPF/DKIM/DMARC already live prevents a lot of downstream pain.

Domain verification — human steps tracking

Update as each step completes.

Historical DNS context (superseded)

1. DNS authority: raxx.app, raxx.io, getraxx.com → Cloudflare (confirmed). moosequest.net → Oracle Dyn (monthly billing, separate tenant — MX there already points to Google Workspace aspmx.l.google.com etc.).
2. No pre-existing MX on the 3 alias domains as of 2026-04-22 — clean slate for Google.
3. No plan to migrate moosequest.net DNS off Dyn at this time.

Sources

1. Google Workspace pricing. https://workspace.google.com/pricing.html (verify current plans and prices at purchase time).
2. Google Workspace MX records reference. https://support.google.com/a/answer/140034 (verify the current single-MX vs legacy-5-MX guidance for your tenant).

This is a DIY operational task. No attorney or CPA required. Ship it before you file anything that depends on a business email.