SMTP settings consist of host, port, encryption method (STARTTLS or implicit TLS), and authentication. Common configurations: Gmail uses smtp.gmail.com on port 587 with STARTTLS or 465 with SSL; Microsoft 365 uses smtp.office365.com on 587 with STARTTLS; SendGrid uses smtp.sendgrid.net on 587 or 465. Authentication is OAuth 2.0 for major providers and API key or username/password for ESPs.
SMTP Settings Reference: A Configuration Index
SMTP settings are simple in theory — host, port, encryption, auth — but the specifics vary across providers and the details that don't work right away are the ones that cost you hours. This is the reference I keep open when configuring new sending integrations.
SMTP configuration basics
Every SMTP setup needs four things:
- Host — the SMTP server hostname (e.g.,
smtp.sendgrid.net) - Port — typically 587 (STARTTLS) or 465 (implicit TLS); see SMTP port numbers explained
- Encryption — STARTTLS for port 587; SSL/TLS for port 465
- Authentication — credentials (API key, OAuth token, or username/password)
Some setups also require:
- Specific MAIL FROM (envelope sender) configuration
- Custom HELO/EHLO hostname
- Custom DKIM signing
Settings by major provider
Gmail / Google Workspace
| Setting | Value |
|---|---|
| Host | smtp.gmail.com |
| Port | 587 (STARTTLS) or 465 (SSL) |
| Auth | OAuth 2.0 (preferred) or app password |
| Sending limits | 2,000/day per workspace user; 500/day for free Gmail |
For Google Workspace business accounts, the modern setup is OAuth 2.0. App passwords work for legacy applications that can't OAuth. Personal Gmail accounts using basic auth have been disabled since 2022.
For higher volume, use Google Workspace SMTP Relay on smtp-relay.gmail.com:587 — same protocol but supports up to 10,000 messages/day per user.
Microsoft 365
| Setting | Value |
|---|---|
| Host | smtp.office365.com |
| Port | 587 (STARTTLS only) |
| Auth | OAuth 2.0 (preferred) or SMTP AUTH per mailbox |
| Sending limits | 30 messages/minute, 10,000 recipients/day per mailbox |
Microsoft 365 disabled basic SMTP authentication tenant-wide by default. New tenants must enable SMTP AUTH per mailbox or use OAuth. For app-style sending, Microsoft recommends Direct Send (smtp delivery to <tenant>.mail.protection.outlook.com) or High Volume Email (separate add-on).
SendGrid
| Setting | Value |
|---|---|
| Host | smtp.sendgrid.net |
| Port | 25, 587, 465, or 2525 |
| Auth | Username apikey, password = your SG API key |
| Sending limits | Per your plan |
SendGrid's API is more capable than its SMTP relay, but SMTP works fine for transactional sending. Username is literally the string apikey; the password is the actual API key.
Mailgun
| Setting | Value |
|---|---|
| Host | smtp.mailgun.org (US) or smtp.eu.mailgun.org (EU) |
| Port | 587, 465, or 2525 |
| Auth | SMTP credentials from Mailgun dashboard (per-domain) |
| Sending limits | Per your plan |
Mailgun gives you per-domain SMTP credentials. The username is typically [email protected] for the default sending domain. Use API for higher throughput.
Postmark
| Setting | Value |
|---|---|
| Host | smtp.postmarkapp.com |
| Port | 25, 587, 465, or 2525 |
| Auth | Username and password both = your Server API Token |
| Sending limits | 10 messages/second; per-plan monthly limits |
Postmark is transactional-focused (no bulk marketing). For both SMTP username and password, paste the same Server API Token. Postmark also tags messages with stream — Transactional or Broadcast.
Amazon SES
| Setting | Value |
|---|---|
| Host | email-smtp.us-east-1.amazonaws.com (varies by region) |
| Port | 25, 587, 465, or 2587/2465 |
| Auth | IAM SMTP credentials (different from API keys) |
| Sending limits | Per-account quota; sandbox limited until graduated |
SES requires generating dedicated SMTP credentials via the IAM console — these are NOT the same as your AWS access keys. Production accounts start in a sandbox limited to verified recipients only; submit a quota increase request to enable broader sending.
Other ESPs
| Provider | Host | Port |
|---|---|---|
| Mailjet | in-v3.mailjet.com | 587, 465 |
| Brevo (Sendinblue) | smtp-relay.brevo.com | 587 |
| SparkPost | smtp.sparkpostmail.com | 587, 2525 |
| SocketLabs | smtp.socketlabs.com | 587, 465, 2525 |
| Elastic Email | smtp.elasticemail.com | 2525, 587 |
| Resend | smtp.resend.com | 587, 465 |
For ESP-specific deliverability tradeoffs, see the SendGrid review, Mailgun review, Postmark review, and Resend review.
Settings for self-hosted SMTP
If you run your own Postfix or other MTA:
| Setting | Typical value |
|---|---|
| Host | Your MTA's hostname (e.g., mail.example.com) |
| Port (submission) | 587 or 465 |
| Port (relay) | 25 (server-to-server only) |
| Auth | SASL via Dovecot or PAM, typically |
| Encryption | STARTTLS (587) or implicit TLS (465) |
Plus required DNS configuration:
- A/AAAA record for the MTA hostname
- Reverse DNS (PTR) that matches the forward hostname
- MX records (for receiving)
- SPF, DKIM, DMARC records
- Optionally MTA-STS
See Postfix Dovecot setup guide for the canonical self-hosted configuration.
Application-side SMTP configuration
Configure SMTP in environment variables, not in source code. A typical .env structure:
SMTP_HOST=smtp.sendgrid.net
SMTP_PORT=587
SMTP_USERNAME=apikey
SMTP_PASSWORD=SG.xxxxxxxxxxxxxxxxxxxxxxxxxxxx
[email protected]
SMTP_FROM_NAME=Your App
SMTP_ENCRYPTION=tls
For Node.js using Nodemailer:
const transporter = nodemailer.createTransport({
host: process.env.SMTP_HOST,
port: parseInt(process.env.SMTP_PORT),
secure: process.env.SMTP_PORT === '465',
auth: {
user: process.env.SMTP_USERNAME,
pass: process.env.SMTP_PASSWORD,
},
});
For Python using smtplib:
import smtplib
with smtplib.SMTP(SMTP_HOST, 587) as server:
server.starttls()
server.login(SMTP_USERNAME, SMTP_PASSWORD)
server.send_message(msg)
For port 465, use smtplib.SMTP_SSL instead of SMTP and skip starttls().
Practitioner note: I see a lot of Python code using port 587 with
SMTP_SSL(or 465 withstarttls()). Both fail in confusing ways. The rule: 465 → SMTP_SSL, no starttls; 587 → SMTP, then starttls(). Get this right once and you'll save a few hours of debugging next time.
Verifying SMTP settings
After configuring, send a test message and verify three things:
- The message arrives in the recipient's inbox (or check spam).
- The Authentication-Results header shows
dkim=pass,spf=pass, anddmarc=pass. - The From: header matches what you configured.
Use a tool like Mail-Tester for a complete deliverability test. Or send to a Gmail account and open the headers.
# Quick SMTP test via swaks
swaks --to [email protected] \
--from [email protected] \
--server smtp.sendgrid.net:587 \
--auth-user apikey \
--auth-password SG.xxxxx \
--tls
Common SMTP setting mistakes
- Wrong port for the encryption mode. Port 465 expects implicit TLS; port 587 expects STARTTLS upgrade. Mixing them up causes connection failures.
- Using your account password instead of an API key / app password. Most providers now require API keys or OAuth for SMTP authentication.
- Forgetting to configure SPF for the sending IP. Even with valid auth, mail from an unauthorized sender will fail SPF and likely DMARC.
- Setting From: to a domain that doesn't authenticate. The visible From: domain must align with SPF or DKIM for DMARC to pass.
- Hardcoding credentials. Use env vars or a secret manager — never commit credentials to source.
- No retry/backoff logic on 4xx errors. Temporary failures (421, 450, 451) need exponential backoff retry; permanent failures (5xx) should not retry.
If you're configuring SMTP across multiple environments and want help getting the credentials, auth flow, and bounce handling right, book a consultation. SMTP integration is a frequent piece of audit and setup work.
Sources
- RFC 5321: Simple Mail Transfer Protocol
- RFC 6409: Message Submission for Mail
- Google Workspace — Use SMTP Relay Service
- Microsoft Learn — Send Email Using SMTP AUTH
- SendGrid — SMTP Integration
- Postfix Configuration Documentation
v1.0 · May 2026
Frequently Asked Questions
How do I setup an SMTP server?
Two paths: use a managed SMTP relay (SendGrid, Mailgun, Postmark, Amazon SES — fastest, most deliverability-friendly), or install Postfix on a Linux server (full control, requires DNS, authentication, and TLS configuration). For most applications, a managed SMTP relay is the right choice. Self-hosted SMTP requires sustained infrastructure work to maintain deliverability.
How to configure SMTP host?
Four settings: host (hostname like smtp.sendgrid.net), port (typically 587 or 465), encryption (STARTTLS for 587, SSL/TLS for 465), and authentication (API key, OAuth, or username/password). Set these in your application's mail config or environment variables — never hardcode credentials in source.
How to install SMTP server on Linux?
Install Postfix via your distro's package manager (apt install postfix on Debian/Ubuntu, dnf install postfix on RHEL/Fedora). Configure main.cf for myhostname, mydomain, relayhost (if relaying), and TLS settings. Add SPF, DKIM, and DMARC DNS records. Test with swaks or a manual SMTP session before going live.
How to create your own SMTP server?
Stand up a Linux VPS, install Postfix, configure SMTP authentication and TLS, set up SPF/DKIM/DMARC, and ensure reverse DNS matches your sending hostname. Expect significant ongoing work to maintain deliverability — managed SMTP services exist because the work is non-trivial.
What's the SMTP server URL for Gmail?
smtp.gmail.com on port 587 (STARTTLS) or 465 (SSL). Authentication requires either OAuth 2.0 or, for personal Google accounts, an app password. Basic username/password using your account password no longer works for most setups since Google deprecated less-secure-apps access.
Want this handled for you?
Free 30-minute strategy call. Walk away with a plan either way.