Tailored to your business
Delivered instantly to your WhatsApp
Packed with real numbers — not fluffIf you want WAFlowbot to send email from your own address/domain, you’ll connect an SMTP service. This guide explains:
- How WAFlowbot’s Auto‑detect & Test (“probing”) works and when to rely on it.
- Exactly what to fill in for popular providers (Gmail/Workspace, Microsoft 365, Mailgun, SES, SendGrid, cPanel, and many more).
- How to set up SPF, DKIM, and DMARC (strongly recommended) and where those DNS records live.
- Troubleshooting tips when authentication refuses to cooperate.
How WAFlowbot sends email (and what “probing” does)
WAFlowbot uses the SMTP protocol—the same standard that every email system speaks—to submit your mail to the provider you choose. Most providers expose a hostname like smtp.example.com and ask for a username/password (or an API‑key‑style login that acts like a password over SMTP).
The Auto‑detect & Test button
- When you click Auto‑detect & Test, WAFlowbot:
- Looks at the domain in your From email (e.g.
you@yourdomain.com). - Collects MX records and obvious candidates like
smtp.yourdomain.comandmail.yourdomain.com. - Recognizes common providers (Gmail/Workspace, Microsoft 365, Yahoo, Zoho, etc.) and tries their well‑known endpoints first.
- Attempts a safe SMTP handshake and authentication using the credentials you provided.
- Looks at the domain in your From email (e.g.
- If a working combination is found, we pre‑fill Advanced Settings (Host, Port, Encryption, Username) so you can just Save.
Important: Probing is a convenience—not a guarantee. Some stacks block test connections, enforce API‑key logins, require app passwords, or expect OAuth2. In those cases, probing can’t authenticate and you’ll need to enter the provider’s documented settings (see section 3).
When probing might not update Advanced Settings
- No password (or not the right one). Many providers require app passwords (Gmail/iCloud/Yahoo) or special SMTP credentials (SES). Without them, probing can’t complete auth, so the Advanced panel won’t be auto‑filled.
- API‑key SMTP (SendGrid, Mailjet, Postmark, SparkPost): you must use the exact username format (e.g., SendGrid username is literally
apikey) and the API key as password. - Network/Firewall/Rate limits: hosting firewalls often restrict outbound SMTP. If the connection can’t be established, probing can’t succeed.
Bottom line: If probing fails, jump straight to the provider preset below and enter the settings manually.
2) Quick start in WAFlowbot
- Open Settings → Email and fill:
- From name — how recipients see your name.
- From email — the address you’ll send from (must exist and be authorized by your provider).
- Username — if blank, WAFlowbot uses the From email by default. Some providers require a specific username (see presets).
- Password — your mailbox password, app password, or provider SMTP/API key (see presets).
- (Optional) Enable Show password while testing if you want to visually confirm what you typed.
- Click Auto‑detect & Test. If it succeeds, the Advanced section will be pre‑filled. If not, open Advanced and paste the host/port/encryption from the preset below, then click Test these settings.
- Click Save.
Security tips:
- Turn on 2‑Step Verification wherever possible.
- Prefer 587 + STARTTLS. Use 465 + SSL when the provider recommends it or when 587 is blocked.
- Never share your SMTP password/API key in chat or screenshots.
3) Provider presets & exact settings
Below are the most common providers with the exact values you’ll need. Unless specified otherwise, use Port 587 (TLS/STARTTLS), Username = full email address, and your mailbox/app/API password.
Google Gmail / Google Workspace
- Host:
smtp.gmail.com - Port: 587 (TLS)
- Username: full email (e.g.,
you@yourdomain.com) - Password: App Password (requires 2‑Step Verification) — not your normal Google password
- Notes: Consumer Gmail requires 2‑Step + App Password for SMTP. Workspace may also require the same unless you’re using OAuth2. Make sure the From domain is allowed by your Workspace send‑as settings.
Microsoft 365 (Office 365 / Exchange Online)
- Host:
smtp.office365.com - Port: 587 (TLS)
- Username: full email
- Password: mailbox password
- Notes: Admins can disable SMTP AUTH; ensure it’s enabled for your mailbox. Modern auth is preferred for clients; SMTP AUTH still works if explicitly enabled.
Yahoo Mail
- Host:
smtp.mail.yahoo.com - Port: 465 (SSL) or 587 (TLS)
- Username: full email
- Password: App Password
iCloud Mail
- Host:
smtp.mail.me.com - Port: 587 (TLS)
- Username: full iCloud email (e.g.,
name@icloud.com) - Password: App‑specific password
Zoho Mail
- Host:
smtp.zoho.com(EU:smtp.zoho.eu) - Port: 587 (TLS)
- Username: full email
- Password: mailbox password or app password if required by your org settings
cPanel‑style hosting (many shared hosts)
- Host: usually
mail.yourdomain.com - Port: 465 (SSL) or 587 (TLS)
- Username: full email (the mailbox you created in cPanel)
- Password: mailbox password
- Notes: If 587 is blocked, 465/SSL is a solid fallback. Ensure the mailbox actually exists on the server.
Fastmail
- Host:
smtp.fastmail.com - Port: 465 (SSL) or 587 (TLS)
- Username: full email
- Password: app password (recommended) or mailbox password per account policy
Proton Mail (via Proton Mail Bridge)
- Host:
127.0.0.1(or the host shown by Proton Bridge) - Port: shown in Proton Bridge
- Username/Password: provided by Proton Bridge
- Notes: You must run Proton Mail Bridge on the same machine; this won’t work from hosted servers.
Mailgun
- Host:
smtp.mailgun.org(EU:smtp.eu.mailgun.org) - Port: 587 (TLS) or 465 (SSL)
- Username: your domain’s SMTP login (often
postmaster@yourdomain.com) - Password: the SMTP password shown in your Mailgun domain settings
- Notes: Ensure your sending domain is verified and DNS (SPF/DKIM) is set up in Mailgun.
Amazon SES
- Host:
email-smtp.<region>.amazonaws.com(e.g.,email-smtp.us-east-1.amazonaws.com) - Port: 587 (TLS) or 465 (SSL)
- Username/Password: SES SMTP credentials (generated in SES) — not your IAM access key/secret
- Notes: Move your account out of sandbox to mail arbitrary recipients; verify domains/addresses.
SendGrid
- Host:
smtp.sendgrid.net - Port: 587 (TLS)
- Username:
apikey(literally) - Password: your SendGrid API key
- Notes: Use a verified domain (SPF/DKIM) for best deliverability.
Mailjet
- Host:
in-v3.mailjet.com - Port: 587 (TLS) or 465 (SSL)
- Username: Public API Key
- Password: Private API Key
Postmark
- Host:
smtp.postmarkapp.com - Port: 587 (TLS) or 465 (SSL)
- Username: Server Token
- Password: Server Token (same string)
- Notes: Verify sender signature or domain in Postmark.
SparkPost (MessageBird)
- Host:
smtp.sparkpostmail.com - Port: 587 (TLS)
- Username:
SMTP_Injection - Password: SparkPost API key (with SMTP permission)
Mandrill (Mailchimp Transactional)
- Host:
smtp.mandrillapp.com - Port: 587 (TLS) or 465 (SSL)
- Username: your Mandrill username (or any string per legacy docs)
- Password: your Mandrill API key
Brevo (Sendinblue)
- Host:
smtp-relay.sendinblue.com - Port: 587 (TLS)
- Username: your Brevo API key
- Password: your Brevo API key (same key)
A2 Hosting
- Host:
mail.yourdomain.tld - Port: 465 (SSL) or 587 (TLS)
- Username: full email mailbox
- Password: mailbox password
DreamHost
- Host:
smtp.dreamhost.comormail.yourdomain.tld - Port: 465 (SSL) or 587 (TLS)
- Username: full email
- Password: mailbox password
HostGator
- Host:
mail.yourdomain.tld - Port: 465 (SSL) or 587 (TLS)
- Username: full email
- Password: mailbox password
GoDaddy (cPanel email — not Microsoft 365)
- Host:
mail.yourdomain.tld - Port: 465 (SSL) or 587 (TLS)
- Username: full email
- Password: mailbox password
IONOS (1&1)
- Host:
smtp.ionos.com(orsmtp.ionos.co.uk) - Port: 587 (TLS)
- Username: full email
- Password: mailbox password
Namecheap Private Email
- Host:
mail.privateemail.com - Port: 587 (TLS) or 465 (SSL)
- Username: full email
- Password: mailbox password
Rackspace Email
- Host:
smtp.emailsrvr.com - Port: 587 (TLS)
- Username: full email
- Password: mailbox password
4) SPF, DKIM, and DMARC (deliverability essentials)
Even if mail sends, it may still hit spam if your domain isn’t authorized properly. Add these DNS records wherever your domain’s DNS is hosted (registrar or DNS provider like Cloudflare/Route53):
SPF (Sender Policy Framework)
- Type: TXT at your root domain (e.g.,
@) - Purpose: Lists the servers/services allowed to send on your behalf.
- Rule: Only one SPF record per domain; if you use multiple services, merge into one record.
- Example (Mailgun + SendGrid + your own server):v=spf1 include:mailgun.org include:sendgrid.net a mx -all
- Keep under the 10 DNS‑lookup limit; many providers document “flattened” SPF if you need it.
DKIM (DomainKeys Identified Mail)
- Type: CNAME or TXT (provider‑specific), usually on a selector subdomain like
s1._domainkey.yourdomain.com. - Purpose: Cryptographic signature that proves your provider is authorized to sign as your domain.
- Action: Generate DKIM in your provider’s dashboard and publish the exact record they give you.
DMARC (Domain‑based Message Authentication, Reporting & Conformance)
- Type: TXT at
_dmarc.yourdomain.com - Purpose: Tells receivers how to handle mail that fails SPF/DKIM and where to send reports.
- Starter record (monitoring):v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com; fo=1
- Stronger policy (once you’re confident):v=DMARC1; p=quarantine; pct=100; rua=mailto:dmarc@yourdomain.com; adkim=s; aspf=sUse
p=rejectfor maximum enforcement when you’re fully aligned.
Where do these records go?
- In the DNS for the domain you’re sending from (the part after the
@). If you’re sending fromnotifications@yourdomain.com, put DNS at whoever hostsyourdomain.comDNS (registrar or DNS service). - If you use third‑party SMTP (Mailgun/SES/SendGrid/etc.), follow their exact DNS instructions inside their dashboard. They’ll give you copy‑paste records you add to your DNS.
5) Troubleshooting authentication & sending
“Auth failed / 535 5.7.x”
- Wrong username format (must be full email or provider‑specific string like
apikey). - Using a normal password where an app password or SMTP credential/API key is required.
- SMTP AUTH disabled (Microsoft 365) — enable for the mailbox.
“Connection failed / timeout”
- Hosting firewalls blocking outbound SMTP. Try 587 (TLS) first; then 465 (SSL). If both fail, ask your host to allow outbound SMTP or use a provider’s HTTP API instead.
Gmail/Workspace won’t accept my password
- You probably need an App Password. Turn on 2‑Step Verification in your Google Account → Security → App passwords → create one for “Mail”. Use that 16‑char app password in WAFlowbot.
Verified but going to spam
- Add/verify SPF + DKIM for the sending domain.
- Publish a DMARC policy (start with
p=noneand watch reports). - Warm up new domains and avoid sending cold/unsolicited blasts.
cPanel servers
- If 587 fails due to TLS/SNI quirks, try 465/SSL with host
mail.yourdomain.com.
6) Security & best practices
- Prefer providers that support app passwords or API‑key SMTP (keys can be rotated).
- Store secrets only inside WAFlowbot; avoid sharing them in tickets or chat.
- Review provider dashboards for bounces/complaints and keep lists clean.
- Align From and Return‑Path where possible, and keep SPF/DKIM/DMARC aligned for best trust.
7) Quick reference table
| Provider | Host | Port | TLS/SSL | Username | Password format |
|---|---|---|---|---|---|
| Gmail / Workspace | smtp.gmail.com | 587 | TLS | full email | App Password |
| Microsoft 365 | smtp.office365.com | 587 | TLS | full email | mailbox password |
| Yahoo | smtp.mail.yahoo.com | 465/587 | SSL/TLS | full email | App Password |
| iCloud | smtp.mail.me.com | 587 | TLS | full iCloud email | App‑specific password |
| Zoho | smtp.zoho.com | 587 | TLS | full email | mailbox/app password |
| cPanel | mail.yourdomain.tld | 465/587 | SSL/TLS | full email | mailbox password |
| Fastmail | smtp.fastmail.com | 465/587 | SSL/TLS | full email | app/mailbox password |
| Proton (Bridge) | (Bridge host) | (Bridge port) | TLS | Bridge user | Bridge password |
| Mailgun | smtp.mailgun.org | 587/465 | TLS/SSL | mailgun SMTP user | SMTP password |
| Amazon SES | email-smtp..amazonaws.com | 587/465 | TLS/SSL | SES SMTP user | SES SMTP password |
| SendGrid | smtp.sendgrid.net | 587 | TLS | apikey | API key |
| Mailjet | in-v3.mailjet.com | 587/465 | TLS/SSL | Public API key | Private API key |
| Postmark | smtp.postmarkapp.com | 587/465 | TLS/SSL | Server Token | Server Token |
| SparkPost | smtp.sparkpostmail.com | 587 | TLS | SMTP_Injection | API key |
| Mandrill | smtp.mandrillapp.com | 587/465 | TLS/SSL | username/any | API key |
| Brevo | smtp-relay.sendinblue.com | 587 | TLS | API key | API key |
| A2 Hosting | mail.yourdomain.tld | 465/587 | SSL/TLS | full email | mailbox password |
| DreamHost | smtp.dreamhost.com | 465/587 | SSL/TLS | full email | mailbox password |
| HostGator | mail.yourdomain.tld | 465/587 | SSL/TLS | full email | mailbox password |
| GoDaddy (cPanel) | mail.yourdomain.tld | 465/587 | SSL/TLS | full email | mailbox password |
| IONOS | smtp.ionos.com | 587 | TLS | full email | mailbox password |
| Namecheap PE | mail.privateemail.com | 465/587 | SSL/TLS | full email | mailbox password |
| Rackspace | smtp.emailsrvr.com | 587 | TLS | full email | mailbox password |
8) Final checklist
If you get stuck, copy the exact error from the test panel and double‑check the preset here. Most failures come down to the wrong credential type (regular password vs app/API password) or SMTP AUTH disabled at the provider.