Skip to content

Instantly share code, notes, and snippets.

@irazasyed
Last active June 19, 2024 00:10
Show Gist options
  • Save irazasyed/a5ca450f1b1b8a01e092b74866e9b2f1 to your computer and use it in GitHub Desktop.
Save irazasyed/a5ca450f1b1b8a01e092b74866e9b2f1 to your computer and use it in GitHub Desktop.
Using Gmail SMTP with Cloudflare Email Routing: A Step-by-Step Guide

Using Gmail SMTP with Cloudflare Email Routing: Step-by-Step Guide

Learn how to send emails through Gmail SMTP with Cloudflare Email Routing in this comprehensive guide.

Step 1: Enable 2-Factor Authentication

To proceed with this method, ensure that you have enabled two-factor authentication for your Google account. If you haven't done so already, you can follow the link to set it up → Enable 2FA in your Google account.

Step 2: Create an App Password for Mail

In your Google account settings, create an App Password specifically for Mail. Follow this link to create the App Password → Create an App Password (You will need to copy and use this password later along with your Gmail address in the Google SMTP server settings in the "Add another email address" form).

When creating the App Password, select "Mail" as the app and choose your computer as the device. Click on "Generate" and make sure to copy the generated password. You will need it later in the process.

Step 3: Add Your Cloudflare-Routed Email Address to Gmail

Open Gmail and navigate to Settings → Accounts → Send mail as. In this section, click on "Add another email address" and fill out the form with your name and your Cloudflare-routed email address. Untick the "Treat as an alias" option and click on "Next Step."

Step 4: Fill Out the Next Form

SMTP Server: smtp.gmail.com
Port: 587
Username: Your Gmail address (including @gmail.com)
Password: The App Password you generated in Step 2
Leave TLS enabled
Click on Add Account

You will receive an email from Gmail asking you to confirm ownership by providing a code. Enter the code in the dialog box or click the link provided in the confirmation email to complete the process.

Step 5: Setup SPF Records & DMARC Policy in Cloudflare DNS

SPF Record

  • Type: TXT
  • Name: @
  • TTL: auto
  • Content:
v=spf1 include:_spf.mx.cloudflare.net include:_spf.google.com ~all

DMARC Policy

If you wish to set up a DMARC Policy or already have one, ensure that the policy's p parameter is set to none. Otherwise, your outbound emails may fail to authenticate and get blocked.

You can use Cloudflare's DMARC Management to set up a policy for monitoring outbound emails.

Example TXT Record:

v=DMARC1; p=none; rua=mailto:<your-email-to-report>

That's it!

You have successfully configured Gmail SMTP with Cloudflare Email Routing. Now, when composing a new message in Gmail, you can select your new email address from the list. Additionally, when replying to an email received at your new address, the new address should automatically populate in the From: field.

Credits

This guide is based on the following published resources below.

@johnpyp
Copy link

johnpyp commented Jun 23, 2023

This still has the issue of failing DKIM checks right?

@holms
Copy link

holms commented Aug 18, 2023

This still has the issue of failing DKIM checks right?

As I understand there's totally no way to work around this. I mean cloudflare doesn't provide smtp server for you to use. If you use gmail smpt server then it will have DKIM for gmail.com domain. Unless you find free smtp server then yeah it's possible, generate DKIM keys in there and add it to DNS records.

As I understand with DMARC p=none anyone can send mails using your domain..? The only thing is that you'll be able to notice this in Cloudflare dashboard. Not ideal at all.

@notjb
Copy link

notjb commented Sep 19, 2023

Thank you for sharing, it helped !!

@marmiha
Copy link

marmiha commented Sep 26, 2023

Thanks, this worked!

@2color
Copy link

2color commented Nov 1, 2023

Thanks! This worked!

@KuryKat
Copy link

KuryKat commented Nov 17, 2023

This works, but if you want to go further and send emails with a Profile Picture, you need some extra steps

Using Google Profile Picture for Cloudflare-Routed Email: Step-by-Step Guide

Step 1: Update Email Settings in Your Google Account

Navigate to your email settings and scroll down to the "Alternate Emails" section.

Step 2: Add Cloudflare-Routed Email Address

Add your Cloudflare-routed email address as an alternate email.

Setting Alternate Emails

Step 3: Confirm Alternate Email

Wait for an email from Google and confirm your alternate email.

Confirming Email

Step 4: Set Custom Email as Default

In Gmail, navigate to Settings → Accounts → Send mail as, and set your custom email as the default. This step ensures that your profile picture is associated with your outgoing emails.

Setting Account as Default

Step 5: Enjoy Your Profile Picture in Emails

Congratulations! All emails sent from your Cloudflare-routed email address will now feature your Google profile picture.

Email Sent with PFP

Tip: You can use your App Password to authenticate and send emails programmatically with Nodemailer

@michaelgriff86
Copy link

michaelgriff86 commented Dec 4, 2023

This works, but if you want to go further and send emails with a Profile Picture, you need some extra steps

Using Google Profile Picture for Cloudflare-Routed Email: Step-by-Step Guide

Step 1: Update Email Settings in Your Google Account

Navigate to your email settings and scroll down to the "Alternate Emails" section.

Step 2: Add Cloudflare-Routed Email Address

Add your Cloudflare-routed email address as an alternate email.

Setting Alternate Emails

Step 3: Confirm Alternate Email

Wait for an email from Google and confirm your alternate email.

Confirming Email

Step 4: Set Custom Email as Default

In Gmail, navigate to Settings → Accounts → Send mail as, and set your custom email as the default. This step ensures that your profile picture is associated with your outgoing emails.

Setting Account as Default

Step 5: Enjoy Your Profile Picture in Emails

Congratulations! All emails sent from your Cloudflare-routed email address will now feature your Google profile picture.

Email Sent with PFP

Tip: You can use your App Password to authenticate and send emails programmatically with Nodemailer

Hi there, after I completed the initial steps, the ones you added resulted in "[alternate email address] is already using Gmail".

Any tips?

@KuryKat
Copy link

KuryKat commented Dec 5, 2023

Hi there, after I completed the initial steps, the ones you added resulted in "[alternate email address] is already using Gmail".

Any tips?

I'm not exactly sure why.... maybe it's already linked to an email? 🤔

@cizordj
Copy link

cizordj commented Jan 3, 2024

My emails are going to SPAM folder because they are passing the SPF and failing DMARC checks.

v=DMARC1; p=none; rua=mailto:omitted@example.com

This is what I got from outlook.

Authentication-Results: spf=pass (sender IP is 209.xx.xxx.xx) smtp.mailfrom=gmail.com; dkim=none (message not signed) header.d=none;dmarc=fail action=none header.from=mydomain.com;compauth=fail reason=001

Do you guys know how to fix this?

@stdmje
Copy link

stdmje commented Jan 5, 2024

@cizordj i am facing the same issue. Did you found any solution?

@cizordj
Copy link

cizordj commented Jan 5, 2024

Not exactly a solution but I did find this.

2024-01-03_17-11

It seems that cloudflare has it own DKIM signature which makes all mail sent from gmail invalid.

This signature seems to be hidden and I can't see it in the DNS record.

@franzramadhan
Copy link

Screenshot 2024-01-20 at 21 57 55 Screenshot 2024-01-20 at 21 59 22

@cizordj my workaround is to utilize SMTP relay. So the DKIM signing process is offloaded on them. In my case using the free tier setup in Mailjet is sufficient

@mathieucarbou
Copy link

mathieucarbou commented Feb 8, 2024

Is it supposed to work ? I followed the steps but got a reply saying:

You no longer have access to **********. To send this email, select a different shipping address and try again. To learn more, visit https://support.google.com/mail/answer/22370?hl=en

The only way I was able to unlock me is by adding the email as an alias in my gmail account.

I also get some delivery errors in Cloduflare, a if google was not able to deliver my validation emails to the alternate email addresses I want to add.

SPF status
pass
DMARC status
pass
DKIM status
pass
Rejected reason:
Unknown error: transient error (421): 4.7.28 Gmail has detected an unusual rate of unsolicited mail. To protect4.7.28 our users from spam, mail has been temporarily rate limited. For4.7.28 more information, go to4.7.28 https://support.google.com/mail/?p=UnsolicitedRateLimitError to4.7.28 review our Bulk Email Senders Guidelines. ti8-20020a056871890800b0021853bbe734si1466623oab.140 - gsmtp

@franzramadhan
Copy link

Screenshot 2024-01-20 at 21 57 55 Screenshot 2024-01-20 at 21 59 22
@cizordj my workaround is to utilize SMTP relay. So the DKIM signing process is offloaded on them. In my case using the free tier setup in Mailjet is sufficient

By the way, I wrote down this alternative in my blog post below.

https://franzramadhan.dev/blog/01-free-own-domain-email-using-cloudflare-mailjet/

@cizordj
Copy link

cizordj commented Feb 13, 2024

@franzramadhan I just read your article and it seems promising, I will try that when I have the chance.

@gsusI
Copy link

gsusI commented Feb 24, 2024

Nice one, @cizordj

@yen360
Copy link

yen360 commented Mar 19, 2024

Google is phasing out the app password. This will not work on the newly created google account

@Link0Darck
Copy link

Hello, Have you found the solution to prevent emails from ending up in spam?
Did you also find a way to put the photo on the emails?

@eyalis
Copy link

eyalis commented May 16, 2024

Amazing, I've been trying different ways and this is the only one that works, thank you!

@Link0Darck
Copy link

Hello, Have you found the solution to prevent emails from ending up in spam?
Did you also find a way to put the photo on the emails?

@Le0X8
Copy link

Le0X8 commented May 27, 2024

Is it supposed to work ? I followed the steps but got a reply saying:

You no longer have access to **********. To send this email, select a different shipping address and try again. To learn more, visit https://support.google.com/mail/answer/22370?hl=en

The only way I was able to unlock me is by adding the email as an alias in my gmail account.

I also get some delivery errors in Cloduflare, a if google was not able to deliver my validation emails to the alternate email addresses I want to add.

SPF status
pass
DMARC status
pass
DKIM status
pass
Rejected reason:
Unknown error: transient error (421): 4.7.28 Gmail has detected an unusual rate of unsolicited mail. To protect4.7.28 our users from spam, mail has been temporarily rate limited. For4.7.28 more information, go to4.7.28 https://support.google.com/mail/?p=UnsolicitedRateLimitError to4.7.28 review our Bulk Email Senders Guidelines. ti8-20020a056871890800b0021853bbe734si1466623oab.140 - gsmtp

For some reason, everything worked fine an hour ago, but now I get the same error.

@Link0Darck
Copy link

Is it supposed to work ? I followed the steps but got a reply saying:

You no longer have access to **********. To send this email, select a different shipping address and try again. To learn more, visit https://support.google.com/mail/answer/22370?hl=en

The only way I was able to unlock me is by adding the email as an alias in my gmail account.
I also get some delivery errors in Cloduflare, a if google was not able to deliver my validation emails to the alternate email addresses I want to add.

SPF status
pass
DMARC status
pass
DKIM status
pass
Rejected reason:
Unknown error: transient error (421): 4.7.28 Gmail has detected an unusual rate of unsolicited mail. To protect4.7.28 our users from spam, mail has been temporarily rate limited. For4.7.28 more information, go to4.7.28 https://support.google.com/mail/?p=UnsolicitedRateLimitError to4.7.28 review our Bulk Email Senders Guidelines. ti8-20020a056871890800b0021853bbe734si1466623oab.140 - gsmtp

For some reason, everything worked fine an hour ago, but now I get the same error.

Welcome to the club, that’s what I ask but no answer.

@Le0X8
Copy link

Le0X8 commented May 27, 2024

@Link0Darck I changed my target address to Outlook because they don't reject the mails. I know, Gmail is better but Outlook is an alternative which works.

Google doesn't seem to like this kind of configuration, because lots of other Cloudflare users seem to have trouble with Gmail.

@cusco
Copy link

cusco commented May 28, 2024

hey, just set this up, and sending email from gmail, from an account using gmail's smtp, goes with DKIM unsigned.

This means sending to an @hotmail.com account, it arrives in the spam folder.

I just checked its headers after receiving it in hotmail.com address and I see: compauth=fail reason=001;
seems to mean: the sending domain didn't have email authentication records published, or if they did, they had a weaker failure policy (SPF ~all or ? all , or a DMARC policy of p=none )

is there a de facto service smtp server that could be used for this? I never heard of mailjet before

@gdob
Copy link

gdob commented Jun 3, 2024

By the way, I wrote down this alternative in my blog post below.

https://franzramadhan.dev/blog/01-free-own-domain-email-using-cloudflare-mailjet/

@franzramadhan Thanks, this worked great! 👍

@franzramadhan
Copy link

@gdob glad to know that 👍

@gdob
Copy link

gdob commented Jun 13, 2024 via email

@franzramadhan
Copy link

@gdob thanks for mentioning smtp2go, the free plan quota looks better than Mailjet. WIll give it a try

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment