Skip to content

Instantly share code, notes, and snippets.

@irazasyed
Last active June 25, 2024 12:03
Show Gist options
  • Save irazasyed/a5ca450f1b1b8a01e092b74866e9b2f1 to your computer and use it in GitHub Desktop.
Save irazasyed/a5ca450f1b1b8a01e092b74866e9b2f1 to your computer and use it in GitHub Desktop.
Using Gmail SMTP with Cloudflare Email Routing: A Step-by-Step Guide

Using Gmail SMTP with Cloudflare Email Routing: Step-by-Step Guide

Learn how to send emails through Gmail SMTP with Cloudflare Email Routing in this comprehensive guide.

Step 1: Enable 2-Factor Authentication

To proceed with this method, ensure that you have enabled two-factor authentication for your Google account. If you haven't done so already, you can follow the link to set it up → Enable 2FA in your Google account.

Step 2: Create an App Password for Mail

In your Google account settings, create an App Password specifically for Mail. Follow this link to create the App Password → Create an App Password (You will need to copy and use this password later along with your Gmail address in the Google SMTP server settings in the "Add another email address" form).

When creating the App Password, select "Mail" as the app and choose your computer as the device. Click on "Generate" and make sure to copy the generated password. You will need it later in the process.

Step 3: Add Your Cloudflare-Routed Email Address to Gmail

Open Gmail and navigate to Settings → Accounts → Send mail as. In this section, click on "Add another email address" and fill out the form with your name and your Cloudflare-routed email address. Untick the "Treat as an alias" option and click on "Next Step."

Step 4: Fill Out the Next Form

SMTP Server: smtp.gmail.com
Port: 587
Username: Your Gmail address (including @gmail.com)
Password: The App Password you generated in Step 2
Leave TLS enabled
Click on Add Account

You will receive an email from Gmail asking you to confirm ownership by providing a code. Enter the code in the dialog box or click the link provided in the confirmation email to complete the process.

Step 5: Setup SPF Records & DMARC Policy in Cloudflare DNS

SPF Record

  • Type: TXT
  • Name: @
  • TTL: auto
  • Content:
v=spf1 include:_spf.mx.cloudflare.net include:_spf.google.com ~all

DMARC Policy

If you wish to set up a DMARC Policy or already have one, ensure that the policy's p parameter is set to none. Otherwise, your outbound emails may fail to authenticate and get blocked.

You can use Cloudflare's DMARC Management to set up a policy for monitoring outbound emails.

Example TXT Record:

v=DMARC1; p=none; rua=mailto:<your-email-to-report>

That's it!

You have successfully configured Gmail SMTP with Cloudflare Email Routing. Now, when composing a new message in Gmail, you can select your new email address from the list. Additionally, when replying to an email received at your new address, the new address should automatically populate in the From: field.

Credits

This guide is based on the following published resources below.

@mathieucarbou
Copy link

mathieucarbou commented Feb 8, 2024

Is it supposed to work ? I followed the steps but got a reply saying:

You no longer have access to **********. To send this email, select a different shipping address and try again. To learn more, visit https://support.google.com/mail/answer/22370?hl=en

The only way I was able to unlock me is by adding the email as an alias in my gmail account.

I also get some delivery errors in Cloduflare, a if google was not able to deliver my validation emails to the alternate email addresses I want to add.

SPF status
pass
DMARC status
pass
DKIM status
pass
Rejected reason:
Unknown error: transient error (421): 4.7.28 Gmail has detected an unusual rate of unsolicited mail. To protect4.7.28 our users from spam, mail has been temporarily rate limited. For4.7.28 more information, go to4.7.28 https://support.google.com/mail/?p=UnsolicitedRateLimitError to4.7.28 review our Bulk Email Senders Guidelines. ti8-20020a056871890800b0021853bbe734si1466623oab.140 - gsmtp

@franzramadhan
Copy link

Screenshot 2024-01-20 at 21 57 55 Screenshot 2024-01-20 at 21 59 22
@cizordj my workaround is to utilize SMTP relay. So the DKIM signing process is offloaded on them. In my case using the free tier setup in Mailjet is sufficient

By the way, I wrote down this alternative in my blog post below.

https://franzramadhan.dev/blog/01-free-own-domain-email-using-cloudflare-mailjet/

@cizordj
Copy link

cizordj commented Feb 13, 2024

@franzramadhan I just read your article and it seems promising, I will try that when I have the chance.

@gsusI
Copy link

gsusI commented Feb 24, 2024

Nice one, @cizordj

@yen360
Copy link

yen360 commented Mar 19, 2024

Google is phasing out the app password. This will not work on the newly created google account

@Link0Darck
Copy link

Hello, Have you found the solution to prevent emails from ending up in spam?
Did you also find a way to put the photo on the emails?

@eyalis
Copy link

eyalis commented May 16, 2024

Amazing, I've been trying different ways and this is the only one that works, thank you!

@Link0Darck
Copy link

Hello, Have you found the solution to prevent emails from ending up in spam?
Did you also find a way to put the photo on the emails?

@Le0X8
Copy link

Le0X8 commented May 27, 2024

Is it supposed to work ? I followed the steps but got a reply saying:

You no longer have access to **********. To send this email, select a different shipping address and try again. To learn more, visit https://support.google.com/mail/answer/22370?hl=en

The only way I was able to unlock me is by adding the email as an alias in my gmail account.

I also get some delivery errors in Cloduflare, a if google was not able to deliver my validation emails to the alternate email addresses I want to add.

SPF status
pass
DMARC status
pass
DKIM status
pass
Rejected reason:
Unknown error: transient error (421): 4.7.28 Gmail has detected an unusual rate of unsolicited mail. To protect4.7.28 our users from spam, mail has been temporarily rate limited. For4.7.28 more information, go to4.7.28 https://support.google.com/mail/?p=UnsolicitedRateLimitError to4.7.28 review our Bulk Email Senders Guidelines. ti8-20020a056871890800b0021853bbe734si1466623oab.140 - gsmtp

For some reason, everything worked fine an hour ago, but now I get the same error.

@Link0Darck
Copy link

Is it supposed to work ? I followed the steps but got a reply saying:

You no longer have access to **********. To send this email, select a different shipping address and try again. To learn more, visit https://support.google.com/mail/answer/22370?hl=en

The only way I was able to unlock me is by adding the email as an alias in my gmail account.
I also get some delivery errors in Cloduflare, a if google was not able to deliver my validation emails to the alternate email addresses I want to add.

SPF status
pass
DMARC status
pass
DKIM status
pass
Rejected reason:
Unknown error: transient error (421): 4.7.28 Gmail has detected an unusual rate of unsolicited mail. To protect4.7.28 our users from spam, mail has been temporarily rate limited. For4.7.28 more information, go to4.7.28 https://support.google.com/mail/?p=UnsolicitedRateLimitError to4.7.28 review our Bulk Email Senders Guidelines. ti8-20020a056871890800b0021853bbe734si1466623oab.140 - gsmtp

For some reason, everything worked fine an hour ago, but now I get the same error.

Welcome to the club, that’s what I ask but no answer.

@Le0X8
Copy link

Le0X8 commented May 27, 2024

@Link0Darck I changed my target address to Outlook because they don't reject the mails. I know, Gmail is better but Outlook is an alternative which works.

Google doesn't seem to like this kind of configuration, because lots of other Cloudflare users seem to have trouble with Gmail.

@cusco
Copy link

cusco commented May 28, 2024

hey, just set this up, and sending email from gmail, from an account using gmail's smtp, goes with DKIM unsigned.

This means sending to an @hotmail.com account, it arrives in the spam folder.

I just checked its headers after receiving it in hotmail.com address and I see: compauth=fail reason=001;
seems to mean: the sending domain didn't have email authentication records published, or if they did, they had a weaker failure policy (SPF ~all or ? all , or a DMARC policy of p=none )

is there a de facto service smtp server that could be used for this? I never heard of mailjet before

@gdob
Copy link

gdob commented Jun 3, 2024

By the way, I wrote down this alternative in my blog post below.

https://franzramadhan.dev/blog/01-free-own-domain-email-using-cloudflare-mailjet/

@franzramadhan Thanks, this worked great! 👍

@franzramadhan
Copy link

@gdob glad to know that 👍

@gdob
Copy link

gdob commented Jun 13, 2024 via email

@franzramadhan
Copy link

@gdob thanks for mentioning smtp2go, the free plan quota looks better than Mailjet. WIll give it a try

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment