Google SMTP is the server infrastructure behind sending email through Google accounts and Workspace domains. Understanding how it works helps teams troubleshoot delivery issues and configure reliable integrations.
Developers, administrators, and power users rely on clear settings for authentication, ports, and encryption when connecting applications or devices to Gmail and Google Workspace.
| Service | SMTP Host | Port | Encryption | Authentication |
|---|---|---|---|---|
| Gmail | smtp.gmail.com | 587 (STARTTLS) | TLS | OAuth 2.0 or user password |
| Google Workspace | smtp-relay.gmail.com or custom relay | 587 or 465 | TLS | App password or SMTP auth token |
| Google Cloud Email | sendmail.googleapis.com | 25 (relayed) | TLS enforced | Service account with API keys |
| Google Admin Controls | Relay settings in Admin console | Configurable | Custom policies | Organization-wide restrictions |
Configuring Google SMTP for Gmail and Workspace
Server settings and ports
Secure delivery starts with entering the correct hostname, port, and encryption method in your client or application. Gmail and Workspace require authenticated submission using modern authentication for most connections.
For legacy apps that only support plain password login, app passwords or dedicated SMTP credentials are necessary to avoid sign-in failures while maintaining security policies.
Authentication and Security Requirements
Modern authentication and app passwords
Google enforces strong authentication, so OAuth 2.0 is preferred for new integrations. When OAuth is not possible, app passwords or service-specific SMTP credentials become essential for reliable delivery.
Administrators can define which apps and devices are allowed, reducing the risk of unauthorized email relay and supporting compliance requirements across the organization.
Troubleshooting Delivery Failures
Common errors and quick fixes
Blocked ports, expired tokens, and mismatched encryption settings are frequent causes of failed sends. Verifying settings against Google’s current documentation often resolves unexpected problems without external support.
Reviewing outbound logs, authentication results, and Google Workspace audit trails provides visibility into why messages are rejected, quarantined, or marked as spam by remote receivers.
Google Workspace Admin Controls
Relaying rules and organization policies
Workspace admins can restrict SMTP usage to approved relays, enforce TLS, and block less secure apps to align with enterprise security standards. These settings apply centrally and simplify large-scale management.
Granular configurations for groups, domains, and IP addresses allow precise control over who can send via Google SMTP, balancing usability with governance and data protection.
Recommended practices for Google SMTP
- Use OAuth 2.0 or app passwords for authentication.
- Always enable STARTTLS on port 587.
- Configure SPF and DKIM for your sending domains.
- Monitor delivery logs and admin audit trails regularly.
- Set relay limits and IP allowlists in Workspace Admin.
FAQ
Reader questions
How do I find my Google SMTP settings for Gmail?
Use smtp.gmail.com on port 587 with STARTTLS and your full Gmail address plus an app password if 2-Step Verification is enabled. Legacy clients may require an app-specific password generated in your Google Account security settings.
Can I use Google SMTP for outgoing newsletters from WordPress?
Yes, configure your mailing plugin with smtp.gmail.com, port 587, TLS encryption, and an app password or OAuth. For higher volume, consider a transactional email service or relay through Google Workspace to avoid rate limits and authentication issues.
What should I do if my emails are marked as spam when sending via Google SMTP?
Check SPF, DKIM, and DMARC records for your sending domain, align the sending mail server with authorized hosts, and maintain consistent reverse DNS and branding to improve inbox placement.
How can an administrator control SMTP relay in Google Workspace?
In the Admin console, set relay rules under Gmail and API controls, specify approved IPs and apps, enforce TLS, and restrict less secure access to prevent unauthorized use while supporting legitimate business workflows.