Business email — Google Workspace multi-domain (moosequest.net primary + aliases)
Status: operational reference. This is a DIY setup, not a legal or tax matter. No pro required.
Last updated: 2026-04-22. Current state reflects the active Google Workspace tenant on moosequest.net.
TL;DR — adopted architecture
Primary domain: moosequest.net (existing Google Workspace Business Plus tenant, kris@moosequest.net).
Alias domains (free): raxx.app, raxx.io, getraxx.com.
This is Architecture C — one mailbox, multiple brand addresses. Any mail to kris@{moosequest.net | raxx.app | raxx.io | getraxx.com} lands in the one moosequest.net inbox. Role aliases (support@raxx.app, hello@getraxx.com, docs@raxx.io, etc.) forward to the same inbox. One license, no per-domain cost.
DNS deterministic records for all three alias domains (MX / SPF / DMARC) were added to Cloudflare on 2026-04-22 via the Cloudflare API. Domain verification TXT + DKIM remain per-domain human steps in the Google Admin console (tokens are generated by Google at enrollment time).
Later, if Raxx hires and needs a separate mailbox (e.g. alice@raxx.app distinct from alice@moosequest.net), convert raxx.app from alias → secondary domain and add a license.
Decision: which domain?
Both domains are reportedly already controlled:
| Domain | Fit for business email |
|---|---|
| getraxx.com | Marketing-leaning; works well for hello@, press@, support@. Less ideal as the founder's personal business email because kris@getraxx.com sounds like a marketing address. |
| raxx.app | Product-leaning; reads cleaner as kris@raxx.app. The .app TLD has HSTS preload by default — browsers enforce HTTPS automatically, which is a small security win but does not affect email. |
| moosequest.net (existing) | Works if the user wants to keep MooseQuest as the parent brand. Probably not ideal as the Raxx founder email. |
Recommendation framework (not a recommendation): if Raxx is the go-forward brand, kris@raxx.app is the cleanest founder email and hello@getraxx.com / support@getraxx.com can live alongside on the marketing domain. Google Workspace supports multiple domains on one account (primary + secondary), so both can be served from one tenant.
Setup path (already partly executed 2026-04-22)
Done via Cloudflare API (all 3 alias domains)
For each of raxx.app, raxx.io, getraxx.com:
- MX (at apex, 5 records matching Google's legacy fleet — compatible with both new single-MX and legacy-5-MX Google routing):
1 aspmx.l.google.com5 alt1.aspmx.l.google.com5 alt2.aspmx.l.google.com10 alt3.aspmx.l.google.com10 alt4.aspmx.l.google.com- SPF (TXT at apex):
v=spf1 include:_spf.google.com ~all - DMARC (TXT at
_dmarc.<domain>):v=DMARC1; p=quarantine; rua=mailto:kris@moosequest.net; fo=1
Verified in each zone via curl ... /dns_records?type=MX — all records show OK.
Remaining per-domain human steps (Google Admin console)
These require Google-generated tokens and cannot be scripted from outside the tenant.
For each of raxx.app, raxx.io, getraxx.com:
- Open https://admin.google.com → Domains → Manage domains → Add a domain
- Select "User alias domain" (NOT "Secondary domain" — alias gives free mirroring into the existing kris@ mailbox)
- Google shows a TXT verification record (something like
google-site-verification=...). Copy the value. - Tell me the value → I add it to the Cloudflare DNS for that domain (or add it yourself via the Cloudflare panel).
- Click Verify in Google Admin. Verification usually completes in under a minute once DNS propagates.
- Enable DKIM once the domain is verified: Admin console → Apps → Google Workspace → Gmail → Authenticate email → select the alias domain → Generate new record (2048-bit recommended).
- Copy the DKIM TXT value (
google._domainkey.<domain>) → I add it, or you add it. - Click Start authentication in Admin to activate DKIM signing for that domain.
Role aliases (free, one-time setup)
After all 3 alias domains are verified:
- In Admin console → Users → your user (Kris) → Aliases → Add alias.
- Add as many as you want (up to 30 per user). Common ones:
support@raxx.app,hello@raxx.app,press@raxx.app,legal@raxx.appdocs@raxx.iohello@getraxx.com,support@getraxx.com,press@getraxx.com- All land in Kris's inbox. Reply-as any of them via Gmail "Send mail as."
Send-as setup in Gmail (per alias)
- Gmail → Settings → Accounts and Import → Send mail as: Add another email address
- Add each alias address. Google auto-verifies since they're already aliases of the verified user.
- Set the default from-address per your preference (probably
kris@moosequest.netfor parent-entity correspondence).
Cost (as of research date — verify at https://workspace.google.com/pricing.html)
| Plan | Storage / user | Price (annual commit) | Relevant features |
|---|---|---|---|
| Business Starter | 30 GB | ~$6/user/month | Custom email, 100-person Meet, standard support |
| Business Standard | 2 TB | ~$12/user/month | Longer Meet recordings, more storage, Appointment Booking |
| Business Plus | 5 TB | ~$18/user/month | Vault (eDiscovery + retention), advanced endpoint mgmt |
Single-user annual cost at Business Starter: ~$72/year. Budget item, not a blocker.
Alternatives to Google Workspace (not researched deeply here): - Microsoft 365 Business Basic: ~$6/user/month. Equivalent. - Fastmail: ~$3–$5/user/month; strong privacy story; no integrated docs/drive. - Proton Business: ~$7/user/month; E2E-encrypted mail; small-bulk senders may have deliverability issues.
Why set this up before filing anything
- USPTO correspondence defaults to the email on the trademark application. Losing access to that email = losing notices about office actions.
- IRS EIN confirmation and 2553 / payroll correspondence is largely postal but increasingly email-supplemented.
- Banks and registered-agent services send compliance notices to the email on file.
- Stripe / payment processors send account-recovery and fraud-hold notifications that are deliverability-sensitive.
Starting with a clean, deliverable founder email (kris@raxx.app) with SPF/DKIM/DMARC already live prevents a lot of downstream pain.
Domain verification — human steps tracking
| Domain | DNS (MX/SPF/DMARC) | Google domain-added | TXT verification | DKIM live |
|---|---|---|---|---|
| raxx.app | ✅ 2026-04-22 | ⬜ | ⬜ | ⬜ |
| raxx.io | ✅ 2026-04-22 | ⬜ | ⬜ | ⬜ |
| getraxx.com | ✅ 2026-04-22 | ⬜ | ⬜ | ⬜ |
Update as each step completes.
Historical DNS context (superseded)
- DNS authority:
raxx.app,raxx.io,getraxx.com→ Cloudflare (confirmed).moosequest.net→ Oracle Dyn (monthly billing, separate tenant — MX there already points to Google Workspace aspmx.l.google.com etc.). - No pre-existing MX on the 3 alias domains as of 2026-04-22 — clean slate for Google.
- No plan to migrate
moosequest.netDNS off Dyn at this time.
Sources
- Google Workspace pricing. https://workspace.google.com/pricing.html (verify current plans and prices at purchase time).
- Google Workspace MX records reference. https://support.google.com/a/answer/140034 (verify the current single-MX vs legacy-5-MX guidance for your tenant).
This is a DIY operational task. No attorney or CPA required. Ship it before you file anything that depends on a business email.