Gmail SMTP Setup: Settings, Fixes, and What Google Broke
Your Gmail SMTP setup broke. Your office printer stopped sending scans to email. Your WordPress contact form went silent. Your legacy CRM throws a "535 Authentication Failed" error every morning. Nothing changed on your end - but Google changed everything on theirs.
Between 2024 and 2025, Google systematically shut down basic password authentication for SMTP across most common setups, and a staggering number of devices and apps just stopped sending. Here's how to fix it, what actually changed, and the settings you need right now.
What You Need (Quick Version)
Server: smtp.gmail.com
Port: 587 with TLS or 465 with SSL
Authentication: Required - use an App Password, not your regular Gmail password
Encryption: TLS (STARTTLS) or SSL
The decision is simple:
- Personal Gmail or a device like a printer/scanner? App Password.
- WordPress site? OAuth via Gmail API through WP Mail SMTP.
- Server-based sending at volume? SMTP relay via
smtp-relay.gmail.com.
That's the 30-second version. The rest of this guide covers why things broke, how to configure Gmail SMTP the right way for each method, and what to do when it still won't work.
Why Gmail SMTP Broke
Google didn't flip one switch. They ran a slow, methodical deprecation over roughly 20 months that caught most people off guard.
September 2023: Google announced that "Less Secure Apps" access - the setting that let devices and apps authenticate with just a username and password - was going away. Most admins ignored this.
Starting June 2024: Google removed the "Less Secure Apps" setting from the Workspace Admin console. This is when the first wave of printer and scanner failures hit.
March 14, 2025: The big one for Workspace. Google fully enforced OAuth for legacy password authentication for CalDAV, CardDAV, IMAP, SMTP, and POP on Workspace accounts. Any app or device that couldn't do OAuth 2.0 or use an App Password stopped working.
May 2025: Enforcement completed across Google's rollout window. The era of "just type your Gmail password into any SMTP field" was over.
The categories hit hardest were predictable: office printers and MFPs, older versions of Outlook, and legacy business apps. One sysadmin on r/sysadmin described an older Claris FileMaker installation that only supports Plain Password or CRAM-MD5 - and with basic auth gone, SMTP sending simply broke. The business owner wouldn't upgrade the software. That scenario is playing out in thousands of organizations right now.
The fix for most situations is straightforward. Let's walk through it.
How to Set Up Gmail SMTP with App Passwords
App Passwords are the universal workaround for any device or app that can't handle OAuth. Here's the process:
Enable 2-Step Verification on your Google account. Go to myaccount.google.com > Security > 2-Step Verification > Turn it on. You can't generate App Passwords without this.
Navigate to App Passwords. Go to myaccount.google.com > Security > App Passwords. If you don't see it immediately, search "App Passwords" in the account settings search bar.
Generate a password. Name it something descriptive - "Office Printer" or "WordPress SMTP" - and click Create. Google gives you a 16-character code.
Enter the 16-character code as the SMTP password in your device or app. Use your full Gmail address as the username. Don't add spaces in the password - just paste the 16 characters straight in.
App Passwords Not Showing Up?
This trips people up constantly. If you don't see the App Passwords option, check these four things:
- 2-Step Verification isn't enabled. This is the #1 cause. You must enable 2FA first.
- 2FA is set to security keys only. If your account requires physical security keys, App Passwords won't appear. Switch to allowing other 2FA methods.
- Your account is managed by work or school. Your Workspace admin may have disabled App Passwords at the org level. Talk to IT.
- Advanced Protection is enabled. Google's Advanced Protection Program disables App Passwords entirely. You'll need to use OAuth-compatible apps instead.
A K-12 sysadmin on Reddit confirmed this exact fix for multiple Kyocera printers that stopped scanning to email - enable 2FA, generate App Password, paste it into the printer's SMTP config. Done.
Three Google SMTP Options Compared
Google offers three different SMTP services, and picking the wrong one causes headaches. Here's how they break down:
| smtp.gmail.com | smtp-relay.gmail.com | Restricted SMTP | |
|---|---|---|---|
| Ports | 587 with TLS, 465 with SSL | 587, 465, 25 | 587, 465 |
| Auth | App Password or OAuth | IP allowlisting | Internal-only |
| Daily sending limit | 500 (free) / 2,000 (Workspace) | Up to 10,000/day | Internal-only |
| Best for | Personal + Workspace mailboxes, apps, WordPress | Server-based sending, IP-locked | Internal routing/notifications |
smtp.gmail.com is what most people need. It works with App Passwords and OAuth and requires no admin configuration beyond the account level. If you're configuring Gmail SMTP for the first time, this is the server you want.
smtp-relay.gmail.com is the Workspace option for higher volume. It supports up to 10,000 emails/day depending on your plan and uses IP allowlisting instead of per-user authentication, which makes it ideal for application servers and internal systems. But here's the gotcha that catches Workspace admins: IP allowlisting means only traffic from approved IP addresses can send. If your team works remotely, their laptops won't be on the allowlisted IP, and their mail gets rejected. We've seen this trip up remote-first teams more than any other relay issue. Use relay for servers, not for people.
Restricted SMTP is for internal-only routing and notifications where you don't need external delivery.
You're troubleshooting Gmail SMTP because emails need to reach real people. But even a perfect SMTP config can't save you if the email addresses themselves are wrong. Prospeo's 5-step verification delivers 98% email accuracy - so every message you send through that freshly configured SMTP actually lands.
Stop fixing delivery infrastructure for emails that bounce anyway.
Configuration for Specific Use Cases
WordPress (The Right Way)
Look, you can use an App Password for WordPress SMTP, but you shouldn't. Storing a password-equivalent in your WordPress database is a security risk, and it's more prone to random auth failures. The right approach is OAuth via the Gmail API.
The easiest path is WP Mail SMTP, which supports a Google/Gmail mailer. The Pro version has a One-Click Setup that handles the OAuth plumbing for you - no password stored in WordPress, faster configuration, fewer things to break.
If you're on the free Lite version, here's the manual method:
- Go to the Google Cloud Console and create a new project.
- Enable the Gmail API for that project.
- Configure the OAuth consent screen - set it to External, add your email, and fill in the required fields.
- Create an OAuth Client ID and select the Web application type. Google generates credentials for you.
- Copy the Authorized redirect URI from WP Mail SMTP and paste it into the Google Cloud credential settings.
- Copy the Client ID and Client Secret back into WP Mail SMTP.
- Click "Allow plugin to send emails using your Google account" and authorize.
Your site must be running SSL (https). The most common errors are copy/paste issues with the Client ID and Secret - double-check for trailing spaces. If you change any settings later, you'll need to re-authorize the connection.
Outlook
Modern Outlook generally supports OAuth natively: when you add a Gmail account, it redirects you to Google's sign-in page and handles authentication automatically.
If you're using an older mail client that still asks for a raw SMTP username/password, use smtp.gmail.com, port 587 with TLS, and enter your 16-character App Password as the SMTP password. Same settings regardless of which desktop client you're connecting.
Printers and Scanners
Printers are the single most common Gmail SMTP breakage. Kyocera, Ricoh, Lexmark - many models rely on basic SMTP auth, and a lot of them broke when Google tightened authentication.
The fix is clean:
- Create a dedicated Gmail account for your printer, or use an existing one.
- Enable 2-Step Verification on that account.
- Generate an App Password labeled "Printer" or "Scanner."
- On the device, set the SMTP server to
smtp.gmail.com, port 587, TLS enabled. - Enter the Gmail address as username and the 16-character App Password as the password.
Use a dedicated account rather than someone's personal Gmail. When that person leaves the company, you don't want every printer in the building to stop working.
Legacy Apps (FileMaker, Older CRMs)
If your app only supports CRAM-MD5 or plain password authentication, it's in the danger zone. Try entering the App Password anyway - some apps that look "basic-auth only" will still accept it - but if it can't authenticate, your practical options are:
- Switch to a third-party SMTP service like SendGrid (free tier around 100/day), Amazon SES (~$0.10 per 1,000 emails), or Postmark (from $15/mo).
- Route mail through an internal mail server that can authenticate to Google using a supported method.
- Upgrade or replace the app.
If the software hasn't been updated to support modern auth by 2026, it's time to replace it. Full stop.
Gmail SMTP Sending Limits
Gmail's sending limits are lower than most people expect, and enforcement is stricter than it used to be.
| Account Type | Daily Limit | Reset Window |
|---|---|---|
| Free Gmail | 500 emails | Rolling 24 hours |
| Google Workspace | 2,000 emails | Rolling 24 hours |
| Workspace (trial) | 500 emails | Until $100 paid + 60 days |
| SMTP Relay | Up to 10,000 | Rolling 24 hours |
A few things that catch people off guard: the limit is a rolling 24-hour window, not a midnight reset. If you send 400 emails at 3 PM, you won't get your full quota back until 3 PM the next day. Vacation auto-responders, internal replies, and alias sends all count toward your limit.
If you breach the limit, Gmail suspends your sending for 1 to 24 hours. There's no way to speed this up - you just wait.
Hourly pacing matters too. Google doesn't publish official per-hour limits, but in our experience, sending 20+ emails per hour can trigger temporary throttling. If you're automating sends, build in delays of at least a few seconds between messages.
One nuance for new Workspace accounts: you're capped at 500/day during the trial period. The limit doesn't increase to 2,000 until your domain has paid at least $100 cumulatively and 60 days have passed after hitting that threshold. The rolling 24-hour window catches more teams off guard than the daily cap itself - plan your sends accordingly.
Troubleshooting Common SMTP Errors
When Gmail SMTP fails, the error message usually tells you exactly what's wrong - if you know how to read it.
| Error | What It Means | Fix |
|---|---|---|
| 535 Auth Failed | Bad credentials | Use App Password, not regular password |
| "Username and Password not accepted" | Google blocked the login | Enable 2FA, generate App Password |
| 534 | App-specific password required | Same fix - App Password needed |
| Connection timeout | Port or firewall issue | Switch to port 587 with TLS, check firewall |
| "Daily sending limit exceeded" | Quota hit | Wait 1-24 hours, reduce volume |
| App Passwords missing | Account config issue | See the 4-item checklist above |
The 535 and 534 errors are by far the most common, and they both have the same root cause: you're trying to authenticate with a regular password in a post-2025 world. Generate an App Password and the error disappears.
Connection timeouts are usually a port issue. Port 587 with TLS is the modern standard and works with virtually every client. If your ISP blocks port 25 - and many residential ISPs do - that's another reason to stick with 587. Port 465 with SSL is the fallback if your client doesn't support STARTTLS.
If you're getting "Daily sending limit exceeded" and you haven't sent anywhere near 500 or 2,000 emails, check whether other apps or devices are sharing the same Gmail account. Every send from every connected app counts toward one shared quota.
Deliverability: SPF, DKIM, and DMARC
Getting Gmail SMTP to send is only half the battle. Getting your emails to actually land in inboxes requires proper authentication records on your domain.
As of 2026, Gmail has ramped up enforcement on non-compliant senders. Messages that fail authentication checks risk temporary or permanent rejection. Here's the checklist:
- SPF record - tells receiving servers which IPs are authorized to send for your domain.
- DKIM signing - cryptographically signs your messages so recipients can verify they weren't tampered with.
- DMARC policy - tells receiving servers what to do when SPF or DKIM fails: quarantine, reject, or report.
- One-click unsubscribe header - required for marketing email.
- Domain alignment - your From address must match the domain you've authenticated.
- List hygiene - keep your bounce rate low by removing invalid addresses.
Authentication records protect your domain, but they can't save you from sending to invalid addresses. We've seen teams set up perfect SPF/DKIM/DMARC records and still tank their sender reputation because 15% of their list was dead. Running your contacts through a verification tool like Prospeo before hitting send catches bad addresses before they become bounces.
When NOT to Use Gmail SMTP
Here's our honest take: Gmail SMTP is the best free option for low-volume transactional email. But if you're doing anything beyond basic notifications and personal sending, you shouldn't be using it at all. Every bounce on a 500/day limit hurts disproportionately - one bad batch can suspend your sending for 24 hours. The ceiling is too low and the penalties are too harsh for anything resembling scale.
Skip Gmail SMTP if:
- You're sending more than 500 emails/day on free or 2,000/day on Workspace. Use SendGrid or Amazon SES instead.
- You're running cold outreach at volume. Gmail's limits and Google's increasingly aggressive spam filtering make this a losing game. (If you are doing outbound, read our guide on email velocity so you don’t burn the domain.)
- You need reliable transactional email for a SaaS product. Dedicated transactional services offer better deliverability tracking, webhooks, and throughput.
Use Gmail SMTP if:
- You're sending contact form notifications from a WordPress site.
- Your office printer needs scan-to-email.
- You're sending low-volume transactional emails from a small app.
- You need a quick outgoing mail server for Google Workspace internal tools.
The #1 deliverability killer isn't SMTP misconfiguration - it's bad contact data. When you're working within Gmail's tight daily limits, every verified address matters more than it would on a platform with headroom to spare. (If you’re diagnosing bounces, see our email bounce rate breakdown.)
Hitting Gmail's 2,000/day Workspace sending limit? That ceiling matters a lot more when 15-35% of your list bounces on bad data. Prospeo users like Snyk cut bounce rates from 35% to under 5% - meaning more of those daily sends actually connect with real buyers.
Make every email count - start with addresses that are actually valid.
FAQ
Is Gmail SMTP free?
Yes, for personal Gmail accounts. You get 500 emails/day through smtp.gmail.com at no cost, and App Passwords are free to generate. Google Workspace starts at around $7-$8/user/month and raises the daily limit to 2,000. The SMTP relay service, supporting up to 10,000/day, requires a Workspace subscription.
Should I use port 587 or 465?
Use port 587 with TLS (STARTTLS) - it's the modern standard supported by virtually every email client, plugin, and device manufactured in the last decade. Only fall back to port 465 with SSL if your specific client doesn't support STARTTLS.
Can I use Gmail SMTP for bulk email?
Not effectively. Free Gmail caps at 500 emails/day, Workspace at 2,000. For bulk sending, use a dedicated service like SendGrid or Amazon SES - and verify your list first to protect your sender reputation. A single bad batch on Gmail's tight limits can suspend your account for a full day.
Does Gmail SMTP require 2FA?
If you're using App Passwords, yes - 2-Step Verification must be enabled before you can generate them. The alternative is OAuth 2.0, which handles authentication through token exchange and doesn't require App Passwords at all.
How do I find my Gmail SMTP password?
You don't have one by default. Your regular Gmail password won't work for SMTP anymore. Go to myaccount.google.com > Security > App Passwords, generate a new 16-character code, and use that as your SMTP password. You need 2-Step Verification enabled first.