Gmail’s SMTP server is smtp.gmail.com, reachable on port 587 with STARTTLS or port 465 with implicit SSL/TLS. Both ports require authentication with an app password or an OAuth 2.0 token; Google finished removing plain-password access in May 2025. This page is the settings reference, the error table, and the API path for when SMTP stops being worth it.
What are the Gmail SMTP server settings?
Section titled “What are the Gmail SMTP server settings?”Gmail’s outgoing mail server is smtp.gmail.com on port 587 (STARTTLS) or port 465 (implicit SSL/TLS), with TLS 1.2 or higher required. The username is the full Gmail address, and the password is a 16-character app password or an OAuth 2.0 access token. Port 25 isn’t available for standard Gmail accounts.
| Setting | Value |
|---|---|
| SMTP server | smtp.gmail.com |
| Port (STARTTLS) | 587 |
| Port (SSL/TLS) | 465 |
| Encryption | TLS 1.2 or higher |
| Authentication | App password or OAuth 2.0 |
| Username | Full Gmail address |
| Daily limit (personal) | 500 messages |
| Daily limit (Workspace) | 2,000 messages |
Google Workspace accounts that need higher throughput can use the relay at smtp-relay.gmail.com, which supports up to 10,000 recipients per day per user and allows IP-based authentication. According to Google’s Workspace relay documentation, the relay targets printers, scanners, and internal apps sending from a known IP range.
How do you set up a Gmail app password for SMTP?
Section titled “How do you set up a Gmail app password for SMTP?”A Gmail app password is a 16-character code that replaces the account password for SMTP connections. Google generates it after you enable 2-Step Verification, and it’s currently the only password-based SMTP authentication for personal Gmail accounts: Google began shutting down “Less Secure Apps” access on September 30, 2024, and completed the removal on May 1, 2025.
Creating one takes about 3 minutes:
- Confirm 2-Step Verification is on at myaccount.google.com/security.
- Open myaccount.google.com/apppasswords.
- Enter a name for the app and select Create.
- Copy the 16-character code. It’s shown once and can’t be retrieved later.
- Use it as the SMTP password; the username stays your full email address.
Google’s own guidance favors OAuth over app passwords: the September 2023 Workspace announcement directed apps that need mail access to OAuth or the Gmail API. App passwords also get revoked automatically whenever the account password changes, so any integration built on one breaks at that moment until you generate a new code.
What are Gmail SMTP sending limits?
Section titled “What are Gmail SMTP sending limits?”Personal Gmail accounts can send 500 messages per rolling 24-hour window; Google Workspace accounts get 2,000. Exceeding the limit triggers a temporary rejection and suspends outbound sending for up to 24 hours, while incoming mail keeps working. Trial Workspace accounts stay capped at 500 per day until cumulative payments reach $100 USD.
| Limit | Personal Gmail | Google Workspace |
|---|---|---|
| Messages per day | 500 | 2,000 |
| Recipients per message (web UI) | 500 | 2,000 (500 external) |
| Recipients per message (SMTP) | 100 | 100 |
| Recipients per day | 500 | 10,000 |
| Outgoing message size (with attachments) | 25 MB | 25 MB |
The 100-recipient SMTP cap catches scripts that worked fine in the web UI. According to Google’s Workspace sending limits, SMTP, POP, and IMAP connections are capped at 100 recipients per message regardless of account type, so larger sends need batching. Bulk senders delivering 5,000+ messages per day to Gmail recipients also need SPF, DKIM, and DMARC plus a one-click unsubscribe header, requirements Google began enforcing in February 2024.
Why does Gmail SMTP authentication fail?
Section titled “Why does Gmail SMTP authentication fail?”Gmail SMTP authentication fails for 4 common reasons: a missing app password, wrong or revoked credentials, disabled 2-Step Verification, or too many simultaneous connections. Google returns a specific SMTP code for each case, so the error text identifies the fix.
| Error code | Message | Cause | Fix |
|---|---|---|---|
534-5.7.9 | ”Application-specific password required” | 2-Step Verification is on but no app password is in use | Generate an app password |
535-5.7.8 | ”Username and Password not accepted” | Wrong, expired, or revoked app password | Generate a new app password |
421-4.7.0 | ”Too many concurrent SMTP connections” | More than 10 simultaneous sessions from one account | Reduce pool size, add backoff |
550-5.4.5 | ”Daily sending quota exceeded” | Hit the 500 or 2,000 per day limit | Wait for the 24-hour window to reset |
530-5.7.0 | ”Must issue a STARTTLS command first” | Port 587 without STARTTLS | Enable STARTTLS or switch to port 465 |
The most common failure is 534-5.7.9, usually from copying an older tutorial that used a regular Gmail password. Those examples stopped working when the Less Secure Apps shutdown completed in May 2025. To see the raw server response when a client hides it, test the handshake directly with swaks, which prints every SMTP exchange in about 5 seconds.
--server smtp.gmail.com \ --port 587 \ --tls \ --auth LOGIN \ --auth-password "abcd-efgh-ijkl-mnop"How do you send Gmail without SMTP?
Section titled “How do you send Gmail without SMTP?”Sending through the Nylas Email API removes the SMTP layer entirely: one POST /v3/grants/{grant_id}/messages/send request delivers mail through the connected Gmail account over HTTPS, with OAuth tokens refreshed automatically every 3,600 seconds. There’s no port, no STARTTLS negotiation, and no app password to rotate when the account password changes.
The request below sends a message from a connected Gmail account. The same call works for Microsoft, Yahoo, iCloud, IMAP, and EWS accounts, and sent messages land in the provider’s Sent folder like any other email.
curl --request POST \ --url "https://api.us.nylas.com/v3/grants/<NYLAS_GRANT_ID>/messages/send" \ --header 'Authorization: Bearer <NYLAS_API_KEY>' \ --header 'Content-Type: application/json' \ --data '{ "subject": "Sent without SMTP", "to": [{"email": "[email protected]"}], "body": "No smtp.gmail.com, no port 587, no app password." }'Gmail’s own sending limits still apply, because the message goes out through the user’s mailbox. The send email without SMTP recipe covers attachments, CC, and reply-to handling, and transactional send covers application-generated mail at volume.
What’s next
Section titled “What’s next”- Send email without SMTP is the full API sending walkthrough.
- Outlook SMTP settings is the Microsoft equivalent of this reference.
- How to handle bounced email catches the failures that SMTP error codes report.
- Schedule send queues messages for later delivery without a cron job.