Some apps and email clients doesn't meet Gmail security standards , they use less secure technologies to log you into Gmail account , and servers blocks these requests by default. In these cases, you'll get a message related to the security of the email client.

Unable to send mail through

SMTP gmail settings not working

In order to resolve this issue, log in to your Gmail account through a web browser and enable access through less secure apps . Less secure apps can make your account more vulnerable, Google will automatically turn this setting off if it's not being used. However, bypass this security setting with a configuration tweak within your Google Email Account . To help keep your account secure, we recommend that you keep this setting off and use more secure apps.

To enable "less secure" email programs to access Gmail:

  1. Log into your GMAIL account.
  2. Navigate to the 'Less secure apps' page.
  3. Toggle to turn this feature 'ON'.

enable less secure email programs
  1. Wait few minutes for Google to update this setting.
  2. Test your apps again. It should now work properly.

How "more secure apps" help to protect your account?

  1. Which level of access you're giving the client before you connect your Account.
  2. Client access only a relevant part of your Account, like your email or calendar.
  3. Connect your Google Account to the client without exposing your password.
  4. Disconnect your Google Account from the client at any time.

OAuth 2.0

Cannot send messages via Gmail SMTP

Enabling access for "less secure apps" means that the client/app doesn't use OAuth 2.0 . OAuth 2.0 is the industry-standard protocol for authorization. When you sign in with OAuth 2.0, you sign in to Google's system directly. In OAuth 2.0 , you authenticate directly to Gmail with your credentials and authorize an app to do certain things. The third-party app only sees an authorization token provided by Google as proof that you authenticated correctly and agreed to authorize that app.

There are few reasons this is important:

  1. By controlling the login form, Google can limit and monitor attacks attempting to discover passwords via brute-force login attempts.

  2. Controlling the login form also allows Google to protect you against a malicious or incompetent app that might not handle your password in an appropriate way.

  3. You don't have to share a password that, let’s be honest, you probably re-use at every other internet service you have.

  4. By tracking tokens, Google allows you to revoke tokens for compromised devices or applications.
two-factor authentication Gmail SMTP

In practice, We strongly recommend leaving Less Secure apps disabled unless you are also able to turn on two-factor authentication , and in that case Google provides an alternative Per-App Password mechanism to use instead of Less Secure apps anyway.