split delivery with google (I know, another of the same question)

Maybe (probably) I am totally out of my element here but here we go.

I am trying to setup our company google workspace to do email routing so that certain addresses are handled by MXRoute. So if you send, for instance, an email to [[email protected]](mailto:[email protected]) it reroutes that email ideally to both a google group (for users to have visibility) and also a mailbox so that a software application that scrubs our invoices can pick that up. Google is a bit limited in that regard in that you have to sign up for an additional employee account for every programatic inbox and maintain 2FA codes and browser profiles and login sessions for each and every one which is a giant pain. MXRoute seemed like the answer

Well, now I have setup the routing host in google workspace (it only allows port 25 and 587, so I am trying to use 587) and I have setup the forwarding rule but I keep getting this message:

Google tried to deliver your message, but it was rejected by the relay taylor.mxrouting.net [168.119.13.219]. The error that the other server returned was: 550 relay not permitted, authentication required

Now, if I am just too stupid to understand this or nobody wants to help thats fine, I will just setup more google inboxes. But I seriously want to know and learn what is the next step here.

I even setup my MX records for the domain in question with MXRoute at my domain with a larger priority number. I have tried a separate google workspace tenant and new domain where I have more control and ability to try things in a sandbox.

I think MX route is just saying 'oh look you are trying to send mail from your phone email client, yeah you need to authenticate' when what is actually trying to happen is I want to relay a message.

I think I just dont understand the way SMTP works in this case.