To prevent Google from evaluating SPF/DMARC rules on mail that goes through SpamTitan first (causing it to treat it like Spam), and the SpamTitan IPs to the Inbound Gateway.
Only the mail relay that receives mail directly from the original sender (i.e. SpamTitan) should be evaluating SPF/DMARC.
SpamTitan Cloud / SpamTitan Private Cloud / SpamTitan Gateway
Step-by-Step 'How To'
- Go to Google workspace > Settings for Gmail > Spam, phishing, and malware > Inbound Gateway
- Add the SpamTitan IPs to the Gateway IPs and Save (your IPs will be different than the below)
If Google Mail is comparing the SpamTitan IPs to the original senders SPF record, that will always not match. Also only use "Reject all mail..." if you are certainly that all inbound mail domains goes through SpamTitan