Skip to content

Instantly share code, notes, and snippets.

@irazasyed
Last active November 20, 2024 22:24
Show Gist options
  • Save irazasyed/a5ca450f1b1b8a01e092b74866e9b2f1 to your computer and use it in GitHub Desktop.
Save irazasyed/a5ca450f1b1b8a01e092b74866e9b2f1 to your computer and use it in GitHub Desktop.
Using Gmail SMTP with Cloudflare Email Routing: A Step-by-Step Guide

Using Gmail SMTP with Cloudflare Email Routing: Step-by-Step Guide

Learn how to send emails through Gmail SMTP with Cloudflare Email Routing in this comprehensive guide.

Step 1: Enable 2-Factor Authentication

To proceed with this method, ensure that you have enabled two-factor authentication for your Google account. If you haven't done so already, you can follow the link to set it up → Enable 2FA in your Google account.

Step 2: Create an App Password for Mail

In your Google account settings, create an App Password specifically for Mail. Follow this link to create the App Password → Create an App Password (You will need to copy and use this password later along with your Gmail address in the Google SMTP server settings in the "Add another email address" form).

When creating the App Password, select "Mail" as the app and choose your computer as the device. Click on "Generate" and make sure to copy the generated password. You will need it later in the process.

Step 3: Add Your Cloudflare-Routed Email Address to Gmail

Open Gmail and navigate to Settings → Accounts → Send mail as. In this section, click on "Add another email address" and fill out the form with your name and your Cloudflare-routed email address. Untick the "Treat as an alias" option and click on "Next Step."

Step 4: Fill Out the Next Form

SMTP Server: smtp.gmail.com
Port: 587
Username: Your Gmail address (including @gmail.com)
Password: The App Password you generated in Step 2
Leave TLS enabled
Click on Add Account

You will receive an email from Gmail asking you to confirm ownership by providing a code. Enter the code in the dialog box or click the link provided in the confirmation email to complete the process.

Step 5: Setup SPF Records & DMARC Policy in Cloudflare DNS

SPF Record

  • Type: TXT
  • Name: @
  • TTL: auto
  • Content:
v=spf1 include:_spf.mx.cloudflare.net include:_spf.google.com ~all

DMARC Policy

If you wish to set up a DMARC Policy or already have one, ensure that the policy's p parameter is set to none. Otherwise, your outbound emails may fail to authenticate and get blocked.

You can use Cloudflare's DMARC Management to set up a policy for monitoring outbound emails.

Example TXT Record:

v=DMARC1; p=none; rua=mailto:<your-email-to-report>

That's it!

You have successfully configured Gmail SMTP with Cloudflare Email Routing. Now, when composing a new message in Gmail, you can select your new email address from the list. Additionally, when replying to an email received at your new address, the new address should automatically populate in the From: field.

Credits

This guide is based on the following published resources below.

@franzramadhan
Copy link

Screenshot 2024-01-20 at 21 57 55 Screenshot 2024-01-20 at 21 59 22

@cizordj my workaround is to utilize SMTP relay. So the DKIM signing process is offloaded on them. In my case using the free tier setup in Mailjet is sufficient

@mathieucarbou
Copy link

mathieucarbou commented Feb 8, 2024

Is it supposed to work ? I followed the steps but got a reply saying:

You no longer have access to **********. To send this email, select a different shipping address and try again. To learn more, visit https://support.google.com/mail/answer/22370?hl=en

The only way I was able to unlock me is by adding the email as an alias in my gmail account.

I also get some delivery errors in Cloduflare, a if google was not able to deliver my validation emails to the alternate email addresses I want to add.

SPF status
pass
DMARC status
pass
DKIM status
pass
Rejected reason:
Unknown error: transient error (421): 4.7.28 Gmail has detected an unusual rate of unsolicited mail. To protect4.7.28 our users from spam, mail has been temporarily rate limited. For4.7.28 more information, go to4.7.28 https://support.google.com/mail/?p=UnsolicitedRateLimitError to4.7.28 review our Bulk Email Senders Guidelines. ti8-20020a056871890800b0021853bbe734si1466623oab.140 - gsmtp

@franzramadhan
Copy link

Screenshot 2024-01-20 at 21 57 55 Screenshot 2024-01-20 at 21 59 22
@cizordj my workaround is to utilize SMTP relay. So the DKIM signing process is offloaded on them. In my case using the free tier setup in Mailjet is sufficient

By the way, I wrote down this alternative in my blog post below.

https://franzramadhan.dev/blog/01-free-own-domain-email-using-cloudflare-mailjet/

@cizordj
Copy link

cizordj commented Feb 13, 2024

@franzramadhan I just read your article and it seems promising, I will try that when I have the chance.

@gsusI
Copy link

gsusI commented Feb 24, 2024

Nice one, @cizordj

@yen360
Copy link

yen360 commented Mar 19, 2024

Google is phasing out the app password. This will not work on the newly created google account

@Link0Darck
Copy link

Hello, Have you found the solution to prevent emails from ending up in spam?
Did you also find a way to put the photo on the emails?

@eyalis
Copy link

eyalis commented May 16, 2024

Amazing, I've been trying different ways and this is the only one that works, thank you!

@Link0Darck
Copy link

Hello, Have you found the solution to prevent emails from ending up in spam?
Did you also find a way to put the photo on the emails?

@Le0X8
Copy link

Le0X8 commented May 27, 2024

Is it supposed to work ? I followed the steps but got a reply saying:

You no longer have access to **********. To send this email, select a different shipping address and try again. To learn more, visit https://support.google.com/mail/answer/22370?hl=en

The only way I was able to unlock me is by adding the email as an alias in my gmail account.

I also get some delivery errors in Cloduflare, a if google was not able to deliver my validation emails to the alternate email addresses I want to add.

SPF status
pass
DMARC status
pass
DKIM status
pass
Rejected reason:
Unknown error: transient error (421): 4.7.28 Gmail has detected an unusual rate of unsolicited mail. To protect4.7.28 our users from spam, mail has been temporarily rate limited. For4.7.28 more information, go to4.7.28 https://support.google.com/mail/?p=UnsolicitedRateLimitError to4.7.28 review our Bulk Email Senders Guidelines. ti8-20020a056871890800b0021853bbe734si1466623oab.140 - gsmtp

For some reason, everything worked fine an hour ago, but now I get the same error.

@Link0Darck
Copy link

Is it supposed to work ? I followed the steps but got a reply saying:

You no longer have access to **********. To send this email, select a different shipping address and try again. To learn more, visit https://support.google.com/mail/answer/22370?hl=en

The only way I was able to unlock me is by adding the email as an alias in my gmail account.
I also get some delivery errors in Cloduflare, a if google was not able to deliver my validation emails to the alternate email addresses I want to add.

SPF status
pass
DMARC status
pass
DKIM status
pass
Rejected reason:
Unknown error: transient error (421): 4.7.28 Gmail has detected an unusual rate of unsolicited mail. To protect4.7.28 our users from spam, mail has been temporarily rate limited. For4.7.28 more information, go to4.7.28 https://support.google.com/mail/?p=UnsolicitedRateLimitError to4.7.28 review our Bulk Email Senders Guidelines. ti8-20020a056871890800b0021853bbe734si1466623oab.140 - gsmtp

For some reason, everything worked fine an hour ago, but now I get the same error.

Welcome to the club, that’s what I ask but no answer.

@Le0X8
Copy link

Le0X8 commented May 27, 2024

@Link0Darck I changed my target address to Outlook because they don't reject the mails. I know, Gmail is better but Outlook is an alternative which works.

Google doesn't seem to like this kind of configuration, because lots of other Cloudflare users seem to have trouble with Gmail.

@cusco
Copy link

cusco commented May 28, 2024

hey, just set this up, and sending email from gmail, from an account using gmail's smtp, goes with DKIM unsigned.

This means sending to an @hotmail.com account, it arrives in the spam folder.

I just checked its headers after receiving it in hotmail.com address and I see: compauth=fail reason=001;
seems to mean: the sending domain didn't have email authentication records published, or if they did, they had a weaker failure policy (SPF ~all or ? all , or a DMARC policy of p=none )

is there a de facto service smtp server that could be used for this? I never heard of mailjet before

@gdob
Copy link

gdob commented Jun 3, 2024

By the way, I wrote down this alternative in my blog post below.

https://franzramadhan.dev/blog/01-free-own-domain-email-using-cloudflare-mailjet/

@franzramadhan Thanks, this worked great! 👍

@franzramadhan
Copy link

@gdob glad to know that 👍

@gdob
Copy link

gdob commented Jun 13, 2024 via email

@franzramadhan
Copy link

@gdob thanks for mentioning smtp2go, the free plan quota looks better than Mailjet. WIll give it a try

@SpaceSaver
Copy link

Legend

@scorpioeq
Copy link

Screenshot 2024-01-20 at 21 57 55 Screenshot 2024-01-20 at 21 59 22
@cizordj my workaround is to utilize SMTP relay. So the DKIM signing process is offloaded on them. In my case using the free tier setup in Mailjet is sufficient

By the way, I wrote down this alternative in my blog post below.

https://franzramadhan.dev/blog/01-free-own-domain-email-using-cloudflare-mailjet/

I tried this alternative with Mailjet and it's working in Yahoo and Gmail, but any idea why emails aren't showing up in Outllook anywhere?

@gabeperez
Copy link

This worked great, thank you!

@cusco
Copy link

cusco commented Aug 26, 2024

hey, just set this up, and sending email from gmail, from an account using gmail's smtp, goes with DKIM unsigned.

This means sending to an @hotmail.com account, it arrives in the spam folder.

I just checked its headers after receiving it in hotmail.com address and I see: compauth=fail reason=001; seems to mean: the sending domain didn't have email authentication records published, or if they did, they had a weaker failure policy (SPF ~all or ? all , or a DMARC policy of p=none )

is there a de facto service smtp server that could be used for this? I never heard of mailjet before

Just to say I ended up using gmailify. For a one time payment of 7USD, seems very competent service.

@liby
Copy link

liby commented Aug 29, 2024

Screenshot 2024-01-20 at 21 57 55 Screenshot 2024-01-20 at 21 59 22
@cizordj my workaround is to utilize SMTP relay. So the DKIM signing process is offloaded on them. In my case using the free tier setup in Mailjet is sufficient

By the way, I wrote down this alternative in my blog post below.

franzramadhan.dev/blog/01-free-own-domain-email-using-cloudflare-mailjet

I noticed an action both here and on your blog:

Ensure the Treat as an alias box is unchecked.

Why do this? Are there any drawbacks to enabling it? Or are there any benefits to disabling it?

@migandhi
Copy link

Hi,

DKIM record is required on cloudflare.
I found this problem using mail tester
https://www.mail-tester.com/

I send email from gmail to hotmail , and it goes into junk folder.

I get 9/10 score on mail tester

I want to add DKIM record for my custom domain

How to do this in cloudflare?

Regards.

@scorpioeq
Copy link

Hi,

DKIM record is required on cloudflare. I found this problem using mail tester https://www.mail-tester.com/

I send email from gmail to hotmail , and it goes into junk folder.

I get 9/10 score on mail tester

I want to add DKIM record for my custom domain

How to do this in cloudflare?

Regards.

I'm having the same problem. SMTP relay seems to be the answer, but of the 3 that I tried, only one actually delivers the mail and the other still has emails that end up in spam folder. I'd love to find a way around this problem. It would work with Google Workspace, but there's a cost to that.

@jordiup
Copy link

jordiup commented Sep 16, 2024

Working solution with profile picture

  1. Visit accounts.google.com
  2. Follow the prompts
  3. When you get to "Choose your gmail address" select "use your existing email"
image
  1. now under your original target email address go to smtp settings and press "Add another email address" under "Send mail as"

(enter your new email with your cloudflare domain)

  1. on the second screen REMOVE CLOUDFLARE host instead use "smtp.gmail.com"

  2. for password you need to generate a new app password from

https://myaccount.google.com/apppasswords

  1. voila

image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment