TL;DR
Gmail can act as an SMTP relay for other apps and devices using smtp.gmail.com, an App Password, and port 587. It works well for low-volume, personal, or transactional use - and breaks down fast for bulk sending, since Google caps it at 500-2,000 recipients/day and actively watches for abuse. If you are instead trying to send email that looks like it came from your own domain when composing inside Gmail, that's a different setup - see our custom domain email guide instead.
What "Gmail as SMTP relay" actually means
Every Gmail account has an SMTP server attached to it - smtp.gmail.com - the same server Gmail itself uses to send your outgoing mail. Google lets third-party apps and devices authenticate against that server and send mail through your Gmail account, as long as they have valid credentials.
That's the whole idea behind "using Gmail as an SMTP relay": instead of building your own mail server or paying for a transactional email API, you point something else - a WordPress plugin, a cron job, a network printer - at Gmail's SMTP server and let Google handle actually delivering the message.
This is the opposite direction from what most people mean when they say "send from my custom domain in Gmail." Here, Gmail is the server doing the sending on behalf of something else. In the custom-domain case, Gmail is the client - the interface you compose in - while a separate SMTP relay sends on behalf of your domain. If that's what you're after, our Cloudflare Email Routing + Gmail Send As guide covers that setup end to end.
Who actually needs this
It's the right tool for a narrower set of cases than most guides suggest
Gmail SMTP relay is a good fit for:
WordPress contact forms and order notifications
Low volume, transactional, one recipient per event. This is the single most common use case for plugins like WP Mail SMTP.
Cron jobs and server scripts
Sending yourself an alert when a backup fails, a script errors out, or a threshold is crossed.
Network printers and scanners
"Scan to email" features on office multifunction printers that need an SMTP server to relay through.
Home lab and IoT projects
Raspberry Pi monitors, NAS devices (Synology, QNAP), self-hosted apps that need to send the occasional notification.
It is a bad fit for newsletters, marketing campaigns, onboarding sequences, or anything sent to a list - see When this is the wrong tool below.
Before you start
Two prerequisites that trip people up
You need:
2-Step Verification turned on
Google requires this before it will let you generate an App Password. If you haven't enabled it, do that first at myaccount.google.com/security.
A Gmail or Google Workspace account you control
Any personal Gmail account works. Google Workspace accounts also work the same way for this setup - the separate, higher-volume 'SMTP relay service' is a different feature, covered later in this guide.
"Less secure app access" is gone. Google phased out sign-in with just a username and password for third-party SMTP clients years ago. If a guide tells you to toggle on "less secure apps," it's outdated - that setting no longer exists. App Passwords are now the only supported path.
Step 1: Create an App Password
A 16-character password scoped to a single app
- Go to myaccount.google.com/apppasswords and sign in
- Enter a name that describes what will use it (e.g.
WordPress contact formorbackup-server-cron) - Click Create - Google shows you a 16-character password
- Copy it immediately. Google will not show it again; if you lose it, you'll need to generate a new one
Generate one App Password per app. Don't reuse the same password across your WordPress site, your cron job, and your printer. If one integration is compromised or misbehaves, you can revoke its password individually without breaking everything else.
Step 2: Configure your app or device
The same four settings, everywhere
Whatever you're configuring - a WordPress plugin, a printer's scan-to-email settings, a script using smtplib or nodemailer - it asks for the same four values:
smtp.gmail.com587 (STARTTLS)you@gmail.comthe 16-character App PasswordIf port 587 with STARTTLS isn't available in a particular tool, port 465 with implicit SSL/TLS also works. Avoid port 25 - most hosting providers block outbound traffic on it, and Google doesn't support authenticated SMTP on it anyway.
Example: WordPress with WP Mail SMTP
- Install and activate the WP Mail SMTP plugin
- Under Mailer, choose Other SMTP
- Enter the four values above, with Encryption set to
TLS - Set From Email to the same Gmail address you authenticated with - Gmail will reject attempts to send as a different address unless it's a verified alias
- Save and send a test email from the plugin's test tab
Step 3: Send a test email
Confirm delivery before relying on it
Send a test message to an address you can check immediately. Two things to verify:
- It arrives in the inbox, not spam - if it lands in spam, check the sending name/address matches your Gmail account exactly
- Your Gmail account itself doesn't show a security alert - Google sometimes emails you when a new app starts sending on the account's behalf. Confirm it was you if prompted, or the sends may get blocked
Working setup. At this point your app or device is authenticating directly against Google and sending real mail through Gmail's infrastructure - no separate email service required.
Sending limits (and what happens at the ceiling)
This is where most Gmail-as-relay setups eventually break
Gmail enforces a daily recipient cap that resets on a rolling 24-hour basis, not at midnight:
| Account type | Recipients / 24 hours |
|---|---|
| Personal Gmail (free) | 500 |
| Google Workspace | 2,000 |
| Workspace SMTP relay service | 10,000 per licensed user |
That count is recipients, not messages - one email addressed to 20 people uses 20 of your daily allowance. Google also applies unpublished per-hour rate limits, so sending in a sudden burst can trigger throttling well before you hit the daily number.
Once you exceed the limit, Gmail returns a 550-5.4.5 error for the rest of the window, and repeated overages can lead Google to temporarily suspend the ability to send from that account altogether.
The other "SMTP relay": Google Workspace's version
A different feature that shares a confusingly similar name
Most articles on this topic conflate two genuinely different Google features:
| Gmail SMTP (smtp.gmail.com) | Workspace SMTP relay service | |
|---|---|---|
| Authentication | App Password, one mailbox | IP address or account credentials |
| From-address | Must be the authenticated mailbox | Any address on your Workspace domain |
| Volume | 500-2,000/day | 10,000/day per license |
| Typical use | One app, one mailbox | Office printers/copiers, internal apps at a company already on Workspace |
| Availability | Any Gmail account | Google Workspace only, admin console setup |
If you're a Workspace admin trying to route mail from office equipment or internal line-of-business apps, look for "SMTP relay service" under Apps > Google Workspace > Gmail > Routing in the admin console - that's the right feature, and it's configured per-domain rather than per-app-password.
Common errors and fixes
534-5.7.9 Application-specific password required
You're authenticating with your normal account password instead of an App Password. Generate one at myaccount.google.com/apppasswords and use it in place of your regular password.
535-5.7.8 Username and Password not accepted
Either the App Password was copied incorrectly (check for extra spaces), 2-Step Verification isn't actually enabled yet, or you're using an old app-specific password that was revoked.
553-5.7.1 Sender address rejected: not owned by user
Gmail requires the From address to match the authenticated mailbox, or be a verified 'Send mail as' alias on that account. You cannot send as an arbitrary address through smtp.gmail.com.
421-4.7.0 Temporary System Problem / rate limited
You've hit an hourly or daily sending threshold. Wait - typically an hour for rate limits, up to 24 hours for the daily cap - before retrying. Sending in smaller, spaced-out batches avoids this.
Account temporarily disabled for suspicious activity
A new IP address (commonly a VPS or hosting provider) suddenly sending SMTP traffic can trigger Google's abuse detection. Sign in through a browser from that IP and complete the security checkpoint, then retry.
Emails deliver but land in spam
This is less common with Gmail SMTP since Google's own infrastructure is well-trusted, but it can still happen if the message content looks spammy or the recipient has specific filtering. Check content and confirm the From name matches your actual Gmail account.
When this is the wrong tool
Two situations where Gmail SMTP relay will cause more problems than it solves
Bulk or list-based sending
Newsletters, marketing campaigns, and onboarding sequences need list management, unsubscribe handling, and deliverability infrastructure that Gmail's consumer SMTP server was never built for. You will hit the recipient cap fast, and repeated large sends increase the odds of a suspension. Use a dedicated ESP instead - Mailchimp, ConvertKit, or Brevo all have generous free tiers built for this.
Sending as your own custom domain
If your goal is actually to compose and send email from you@yourdomain.com while working inside Gmail - not to relay mail from a separate app - Gmail SMTP relay is the wrong direction entirely. That requires Gmail's "Send mail as" feature connected to an SMTP relay that sends on behalf of your domain, with matching SPF, DKIM, and DMARC records so it doesn't show a "via" banner or land in spam.
Looking for the reverse setup?
Send as you@yourdomain.com, right inside Gmail
SendMailAs handles the SMTP relay, DNS records, and DKIM alignment for sending from your own domain in Gmail - no "via" banner, no Google Workspace. First domain free.
Frequently asked questions
smtp.gmail.com. Use port 587 with STARTTLS (recommended) or port 465 with SSL. Port 25 is blocked by most hosts and by Google for this purpose.
Yes, for any personal Gmail or Google Workspace account with 2-Step Verification on - which Google now requires for most accounts. Your regular Gmail password will not work for third-party SMTP authentication; you need a 16-character App Password generated specifically for that app.
500 recipients per rolling 24-hour period on a personal Gmail account, 2,000 on Google Workspace. This counts total recipients, not messages - one email to 10 people counts as 10. Google also applies unpublished rate limits per hour on top of the daily cap.
No, and this is the most common point of confusion. Personal Gmail SMTP (smtp.gmail.com) authenticates as one specific mailbox with an app password and caps out at 500-2,000 recipients/day. Google Workspace's separate 'SMTP relay service' (smtp-relay.gmail.com) authenticates by IP address or account, supports higher volume (10,000 recipients/day per license), and is meant for routing mail from office equipment, apps, and servers - not for sending as arbitrary from-addresses.
This error (534-5.7.9) means the account has 2-Step Verification enabled but you tried to authenticate with the regular account password instead of an App Password. Generate an App Password at myaccount.google.com/apppasswords and use that instead.
Technically yes, but you shouldn't. Gmail's sending limits and Google's abuse detection are tuned for personal and transactional volume, not bulk sending. Newsletters sent through smtp.gmail.com risk tripping spam filters, hitting rate limits mid-send, or getting the account temporarily locked. Use a dedicated email service provider (Mailchimp, ConvertKit, Brevo) for anything list-based.
Google's automated abuse detection sometimes flags a sudden burst of outgoing SMTP activity from a new IP address (a server, VPS, or hosting provider) as suspicious, even if it's legitimate. Signing in via browser and completing the security checkpoint usually resolves it. Repeated triggers can lead to a longer suspension, which is one reason not to route production traffic through a personal Gmail account.
Custom domain email in 5 minutes
Skip the manual DNS setup. SendMailAs automates Cloudflare email routing, SMTP relay, and authentication records. First domain free.