Google Workspace SMTP Settings for Business Email (2026 Guide)
If you are connecting a CRM, helpdesk, or transactional tool to Google Workspace, the SMTP details are only half the job. Authentication and DNS decide whether those messages land in the inbox.
This guide covers the current Google Workspace SMTP settings, App Password setup, IMAP options, real sending limits, and the SPF/DKIM/DMARC records MailJuke configures when you launch a domain.
Google Workspace SMTP settings (current)
| Setting | Value |
|---|---|
| SMTP server | smtp.gmail.com |
| Port (recommended) | 587 with STARTTLS |
| Port (SSL) | 465 with SSL |
| Username | Full Workspace address (e.g. [email protected]) |
| Password | App Password if 2-Step Verification is on |
| Authentication | Required |
IMAP settings (if your app needs it)
- Host:
imap.gmail.com - Port:
993(SSL) - Username: full email address
Create an App Password the right way
- In Google Admin, confirm 2-Step Verification is allowed for the user.
- Sign in as that user → Google Account → Security → App passwords.
- Generate a mail-specific password and paste it into your integration — never your normal login password.
- Label the App Password with the tool name so you can revoke it later.
If App Passwords are blocked by org policy, use OAuth where the vendor supports it, or ask an admin to allow App Passwords for that OU only.
DNS that must be live before you scale
- SPF: one TXT record that includes
include:_spf.google.com - DKIM: generate the key in Google Admin → Apps → Gmail → Authenticate email, then publish the TXT
- DMARC: start with
v=DMARC1; p=none; rua=mailto:[email protected], then tighten
MailJuke walks through these records when you buy or connect a domain, so you are not guessing at DNS syntax.
Google Workspace sending limits (practical numbers)
Google enforces daily send caps per user. Exact limits depend on your edition and account age, but treat these as planning defaults:
- Stay well under the published daily cap — burst sending looks abusive.
- Spread volume across authenticated users only when each mailbox is a real person or role account you manage.
- Never upload purchased or scraped lists. That violates Google’s policies and MailJuke’s Acceptable Use Policy.
Common SMTP failures (and fixes)
- “Username and Password not accepted” — use an App Password, not the account password.
- Timeouts on port 25 — many hosts block 25; use 587 or 465.
- Messages accepted by SMTP but land in spam — fix SPF/DKIM alignment and DMARC before blaming the app.
Quick launch checklist
- Domain verified in Google Workspace
- SPF + DKIM published and verified
- DMARC monitoring record live
- App Password created for the integration
- Test to Gmail, Outlook, and a catch-all you control
Need Workspace inboxes on your domain without the DNS headache? MailJuke sets up Google Workspace, domains, and authentication in one flow.