Google’s decision to disable "Less Secure Apps" (LSA) access has blocked traditional SMTP authentication methods for many email clients and applications. This change interrupts outgoing email delivery for systems that previously relied on basic username and password authentication. To restore and secure email sending, switch to more robust authentication methods supported by Google’s SMTP Relay service.
Use Google SMTP Relay with OAuth 2.0 Authentication
Step 1: Register your application in Google Cloud Console. Go to the Google Cloud Console, create a new project if needed, and navigate to APIs & Services > Credentials.

Step 2: Click Create Credentials and select OAuth client ID. Choose the application type that fits your environment (for example, Web Application or Other), and note the generated Client ID
and Client Secret
.

Step 3: Enable the Gmail API. In the Cloud Console, search for Gmail API and enable it for your project. This step is required to allow your application to request access tokens for sending mail.

Step 4: Configure OAuth consent screen. Under APIs & Services > OAuth consent screen, set up the required fields, including application name, user support email, and authorized domains. This information will be shown to users during the authentication process.

Step 5: Implement OAuth 2.0 authentication in your application. Use a suitable OAuth 2.0 library for your programming language to obtain an access token. This token authorizes your application to send emails on behalf of the user or domain. The OAuth 2.0 flow typically involves redirecting users to a Google login page, granting permissions, and receiving an authorization code that you exchange for an access token.
Step 6: Update your SMTP client configuration. Set the SMTP server to smtp.gmail.com
, use port 587
(STARTTLS) or 465
(SSL/TLS), and authenticate using the OAuth 2.0 access token instead of a password. Many libraries and frameworks support OAuth 2.0 for SMTP; consult their documentation for specifics.

Step 7: Test email sending. Send a test message to verify that authentication and delivery work as expected. If you encounter authentication errors, double-check the OAuth scopes and ensure the Gmail API is enabled.
Configure SMTP Relay Using Google Workspace SMTP Relay Service
Step 1: Access the Google Admin console. Sign in to admin.google.com with an administrator account for your Google Workspace domain.
Step 2: Set up the SMTP relay service. Navigate to Apps > Google Workspace > Gmail > Routing > SMTP relay service. Click Add Setting to create a new relay configuration. Specify allowed senders (e.g., only addresses in your domain) and configure authentication—preferably restrict by IP address for security.
Step 3: Update your mail application or device. Configure your application to use smtp-relay.gmail.com
as the SMTP server. Use port 587
(STARTTLS) or 465
(SSL/TLS). If you restricted access by IP, ensure your sending device uses a static IP address and is on the allowed list.
Step 4: Test the relay. Send a test email from your application. If the message is rejected, review the SMTP relay settings and verify that your sender address and IP are authorized.
Use App Passwords for Google Accounts with 2-Step Verification
Step 1: Enable 2-Step Verification for your Google Account. Visit Google Account Security and turn on 2-Step Verification if it's not already active.

Step 2: Generate an App Password. In the Security section, locate the Manage passwords option and create a new password for your mail application. Google generates a 16-character password to use in place of your regular account password.

Step 3: Update your SMTP client configuration. Use smtp.gmail.com
as the server, your full Gmail address as the username, and the generated app password for authentication. This allows legacy applications to authenticate securely without LSA enabled.
Step 4: Test email delivery. Send a test message to confirm that the app password works and the message is delivered successfully.
Switching to OAuth 2.0 or the Google SMTP Relay service restores email sending and strengthens security after LSA deprecation. Regularly review your authentication methods and update credentials as needed to maintain reliable mail delivery.
Member discussion