Cloudflare Email Routing is a powerful tool that allows you to create professional email addresses for your custom domain and forward them to your personal inbox. However, while receiving emails is straightforward, sending emails from that custom address usually requires a paid service like Google Workspace.
By leveraging Gmail's SMTP (Simple Mail Transfer Protocol) server, you can bypass these costs. This guide will walk you through the technical steps required to authenticate your Gmail account as an outbound server for your Cloudflare-managed domain, ensuring your professional emails are delivered securely and reliably.
Following these steps will provide you with a full "send and receive" setup using a professional domain identity, all managed through the familiar Gmail interface and Cloudflare's robust DNS infrastructure.
I. Enable Two-Factor Authentication
Before Gmail allows external applications or custom SMTP configurations to access your account, you must secure it. Google requires Two-Step Verification to be active to handle sensitive authentication tasks.
If you have not already enabled this, visit your Google Account Security settings and follow the prompts. This step is mandatory because it unlocks the "App Passwords" feature, which is necessary for the next phase of the configuration.
II. Generate a Google App Password
Standard Google passwords are not compatible with direct SMTP configuration for security reasons. Instead, you must generate a unique, 16-digit App Password specifically for this mail connection.
- Navigate to the App Passwords section of your Google Account.
- In the "Select app" dropdown, choose Mail.
- In the "Select device" dropdown, choose your current computer or "Other" and provide a descriptive name like "Cloudflare SMTP".
- Click Generate and copy the 16-character code that appears in the yellow bar. You will need this for Step IV.
III. Configure the Custom Address in Gmail
Now, you must inform Gmail that you intend to send mail from your Cloudflare-routed address. This is done within the internal Gmail settings.
- Open Gmail and go to Settings > See all settings > Accounts and Import.
- In the Send mail as section, click Add another email address.
- In the pop-up window, enter your display name and your Cloudflare-routed email address (e.g.,
hello@yourdomain.com). - Important: Untick the box labeled "Treat as an alias". This ensures the recipient sees your custom domain rather than your personal Gmail address.
- Click Next Step.
IV. Enter SMTP Server Credentials
This step bridges your custom domain and Google's mail servers. Fill out the configuration form exactly as follows:
- SMTP Server:
smtp.gmail.com - Port:
587 - Username: Your full Gmail address (including
@gmail.com). - Password: The 16-digit App Password you generated in Step II.
- Connection: Ensure Secured connection using TLS is selected.
Click Add Account. Google will send a verification code to your custom email address. Since Cloudflare is already routing that mail to your Gmail inbox, check your messages, copy the code, and enter it into the verification box to complete the link.
V. Update DNS Records for Deliverability
To prevent your outbound emails from being flagged as spam, you must update your DNS records in the Cloudflare dashboard. This tells receiving servers that Gmail is authorized to send mail on your domain's behalf.
SPF (Sender Policy Framework) Record
Create or update a TXT record at the root (@) of your domain:
v=spf1 include:_spf.mx.cloudflare.net include:_spf.google.com ~allNote: This record includes both Cloudflare and Google to ensure both routing and sending are authenticated.
DMARC Policy
To ensure high deliverability, set up a basic DMARC policy. Create a TXT record with the name _dmarc:
v=DMARC1; p=none; rua=mailto:your-email-address@domain.comSetting the policy to p=none is recommended during the initial setup to monitor email traffic without blocking legitimate messages while you verify the configuration.