Skip to content

Instantly share code, notes, and snippets.

@darwin

darwin/_readme.md

Last active October 1, 2023 14:10
Show Gist options
  • Save darwin/ee9e7855882b6f6b450fe45e9a5aa0b0 to your computer and use it in GitHub Desktop.
Save darwin/ee9e7855882b6f6b450fe45e9a5aa0b0 to your computer and use it in GitHub Desktop.
Download ZIP
Gmail issue: 535 5.7.8 Username and Password not accepted.
Raw
_readme.md

The problem

I'm using web-based gmail as my primary email client. I want to use anoter SMTP server to send emails using secondary email address which is managed by GSuite.

GMail offers "Send emails from a different address or alias" feature[1].

Historically it has been possible to use smtp.gmail.com with my GSuite credentials to enable the feature and send emails via my secondary email without problems.

Unfortunately this solution is no longer working properly. It suffers from intermittent "535 5.7.8 Username and Password not accepted." issues. The Internet is full of complains[6][7] with messy answers and without proper solution.

First, don't get side-tracked with fiddling with "less secure apps"

Generally there are two ways how to use smtp.gmail.com (speaking about the secondary email google account, GSuite in my case):

Method 1
  1. your account does not have 2FA
  2. you use your real login+password
  3. and you must have enabled "Use less secure apps" under the account security
Method 2
  1. your account does have 2FA enabled
  2. you must generate a new app-specific password
  3. and you use login+generated password[3][4]

This is causing quite some confusion among users. Anyways, I tested both methods and both are subject of this issue.

My theory

(this is my speculation)

Gmail web-interface uses some backend services to send emails. This is probably some google's cloud so it is not one but many machines in the cloud. When you add a new email via "Send emails from a different address or alias" gmail immediatelly performs a test of the connection and then has to store the credentials for later use.

Note that smtp.gmail.com is another independent service running in the cloud, not related to the "Send emails from a different address or alias" feature of gmail. (smtp.gmail.com may be used by any 3rd party app to send emails via google).

Recently (probaly around April 2020) Google likely deployed more security hardening of smtp.gmail.com. Imagine a more strict black list for abusing computers. So smtp.gmail.com might refuse to communicate with a banned IP. The likely root of the problem is that Google's own computers providing "Send emails from a different address or alias" feature of gmail might get banned.

This would exaplain the random behaviour of the issue:

  1. assume Gmail web-interface uses 10 backend computers: C0, C1, C2, ..., C9 to implement the "Send emails from a different address or alias" feature
  2. assume none of them is currently banned by smtp.gmail.com
  3. your web interface is assigned to work with C0.
  4. you are able to setup "Send emails from a different address or alias" with your GSuite login+password, no problem in validating your credentials
  5. later some bad actor using gmail web interface behaves in a way which triggers smtp.gmai.com ban, say it happened to be C0 machine
  6. later when you try to send an email via gmail web interface, it uses C0, and you get "535 5.7.8 Username and Password not accepted." response back [5]
  7. then you go into gmail settings and try to re-enter your password, you will get back "Authentication failed. Please check your username/password and Less Secure Apps...". This leads to a great confusion because your username/password are 100% correct. And you have no idea what "Less Secure Apps" mean, because you already have 2FA enabled, so this option is nowhere to be found. You try to google for some explanation and there is no clear answer. Only partially correct historical pages describing various stages how it worked in the past or confusing pages not related to the issue.
  8. anyways, C0 ban is somehow time-limited. So it is possible that during next 24h or so, it starts working again. Or there is a chance your gmail client starts using a different backend computer, say C1 because of rotation.
  9. so the feature now started working again...
  10. ...until it stops again - because some other backend computer got banned and your gmail web client happened to be using it.

This also explains why some people on the forums claim they solved the issue by enabling 2FA, or doing some captcha woodoo with Less Security Apps setting, or by removing and re-adding the email account in "Send emails from a different address or alias" settings.

It was a pure luck or they managed to trigger reassigning of their backend computer, so they luckily got assigned a non-banned machine.

[1] https://support.google.com/mail/answer/22370?hl=en
[3] https://support.google.com/domains/answer/9437157?hl=en
[4]: note that the option to "Use less secure apps" is not available with 2FA enabled  
[5]: note that technically there is no problem in the login/password, the problem is that C0 is banned and smtp.gmail.com refused to talk to it
[6] https://support.google.com/accounts/thread/4520575?hl=en
[7] https://support.google.com/mail/thread/40210887?hl=en
@darwin
Copy link
Author

darwin commented Dec 26, 2021

This could help:
https://support.google.com/mail/thread/115926864/send-mail-as-functionality-stopped-working?hl=en&msgid=116151113

@kashiftufail
Copy link

Do simple these steps

  1. After sign in your google account click on below your photo icon

     "Manage your Google Account"

  2. then click on "security" tab.

  3. Find "How you sign in to Google"

  4. Then google need to on "2-Step Verification"

  5. After do it by giving your account password. Go to bottom of page and find

    "App passwords"

  6. Click on "select app" in my case i select other and giving name "website".

  7. The password will be generated, this will be your password for
    configuration of smtp rather than your actual account password.

     config.action_mailer.smtp_settings = {
   :address              => "smtp.gmail.com",
   :port                 => 587,
   :user_name            => 'your-email@gmail.com',
   :password             => 'google generated password',
   :authentication       => "plain",
   :enable_starttls_auto => true
 }

This will sure work!

@AngusWheatley
Copy link

There is a problem now where you cannot even enable "Use less secure apps" (I don't know why, more safety I guess). Is there any solution to this?

@MassCodeGit
Copy link

@AngusWheatley we are running into the same issue, any luck on your side?

@Robison-Aranha
Copy link

Robison-Aranha commented Jul 1, 2023
edited

Do simple these steps

  1. After sign in your google account click on below your photo icon 
     "Manage your Google Account"
  2. then click on "security" tab.
  3. Find "How you sign in to Google"
  4. Then google need to on "2-Step Verification"
  5. After do it by giving your account password. Go to bottom of page and find
    "App passwords"
  6. Click on "select app" in my case i select other and giving name "website".
  7. The password will be generated, this will be your password for
    configuration of smtp rather than your actual account password. 
     config.action_mailer.smtp_settings = {
   :address              => "smtp.gmail.com",
   :port                 => 587,
   :user_name            => 'your-email@gmail.com',
   :password             => 'google generated password',
   :authentication       => "plain",
   :enable_starttls_auto => true
 }

This will sure work!

It worked for me!
I created the key in the menu account and instead of using my password I used the generated key to authorize my application!!
Thanks bro!! 👍

This is how I defined my application.yml in spring boot:

  mail:
    host: smtp.gmail.com
    port: 587
    username: ${EMAIL_SENDER_ID}
    password: ${EMAIL_SENDER_PASSWORD}  <- key generated
    properties:
      mail:
        smtp:
          auth: true
          starttls:
            enable: true

@Vincemeister
Copy link

I don't see that section you're referring to below

After do it by giving your account password. Go to bottom of page and find
"App passwords"

Do simple these steps

  1. After sign in your google account click on below your photo icon 
     "Manage your Google Account"
  2. then click on "security" tab.
  3. Find "How you sign in to Google"
  4. Then google need to on "2-Step Verification"
  5. After do it by giving your account password. Go to bottom of page and find
    "App passwords"
  6. Click on "select app" in my case i select other and giving name "website".
  7. The password will be generated, this will be your password for
    configuration of smtp rather than your actual account password. 
     config.action_mailer.smtp_settings = {
   :address              => "smtp.gmail.com",
   :port                 => 587,
   :user_name            => 'your-email@gmail.com',
   :password             => 'google generated password',
   :authentication       => "plain",
   :enable_starttls_auto => true
 }

This will sure work!

It worked for me! I created the key in the menu account and instead of using my password I used the generated key to authorize my application!! Thanks bro!! 👍

This is how I defined my application.yml in spring boot:

  mail:
    host: smtp.gmail.com
    port: 587
    username: ${EMAIL_SENDER_ID}
    password: ${EMAIL_SENDER_PASSWORD}  <- key generated
    properties:
      mail:
        smtp:
          auth: true
          starttls:
            enable: true

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment