Where is my SMTP password?

Sending email is a vital function for personal and business communications. To send email directly using your own domain, you need an SMTP server that allows your system to relay messages to recipients. Most SMTP servers require authentication using a username and SMTP password in order to prevent unauthorized use.

Where is my SMTP password?

If you don’t remember or have lost track of your SMTP password, this article outlines steps you can take to recover or reset it. We’ll also provide tips on properly managing SMTP credentials to avoid losing this critical information.

Here’s what we’ll cover:

  • What is an SMTP server and why do you need a password
  • Locating your SMTP server settings
  • Resetting your SMTP password
  • Best practices for managing SMTP passwords

What is an SMTP Server?

An SMTP server acts as the “post office” for your email. It takes in messages you want to send out from your email client or app and handles routing them to the correct recipients over the internet.

Most large email providers like Gmail have their own SMTP servers as part of providing your account. However, if you have a custom domain for business email or on a website, you likely need a 3rd party SMTP service provider.

Some popular ESPs (email service providers) that offer SMTP server access include:

  • Mailgun
  • SendGrid
  • Amazon SES
  • Mailchimp

Nearly all commercial ESPs require authentication in the form of a username and password, i.e. your SMTP credentials, to access their SMTP servers. This prevents spammers or other parties from using their servers to send unchecked amounts of email.

So if you own your own domain, you’ll need access to an SMTP server specifically provided for your domain along with an SMTP password to send emails from addresses using that domain.

Locating Your SMTP Settings

If you don’t recall setting up an SMTP server directly, chances are a web host, domain registrar, website builder, CRM, or other service configured it for you behind the scenes when you purchased your domain or set up email.

Here are a few places to check for existing SMTP settings tied to your domain or email:

Email Client Apps

If you use an email program like Outlook or an app on your mobile device, check the sending server settings:

  • Outlook: File > Account Settings > Account > More Settings > Outgoing Server
  • iOS Mail app: Settings > Passwords & Accounts > (select account) > Account > Outgoing Mail Server

Look for a server address containing “smtp” along with fields for username and password. This will confirm an SMTP server is already configured and provide the credentials.

Web Hosting Control Panel

Those with shared hosting accounts can check their web host’s control panel or customer portal:

  • cPanel: Email Accounts section > click email address > Set SMTP Password
  • Plesk: Email Accounts > (select email) > SMTP/POP Password

The details or reset option may be listed under the email account settings.

Domain Registrar

Companies that sell domains often include basic email services which can incorporate an SMTP server, like Namecheap or GoDaddy.

Check their support site or customer account for email configuration info.

Website Builders / CRMs

Services like Wix, Squarespace, or Zoho provide SMTP setup as part of creating branded emails for your site or business. Consult their respective support documentation for details.

Bulk Email Service Providers

ESPs that offer dedicated IP addresses and mass email delivery, like SendGrid or Mailgun, will clearly indicate the server details and credentials provided, often labeled as API keys which act as the SMTP password.

Check their control panel or account settings section for SMTP credentials.

Show Image

Now that you know where to check for existing SMTP server settings tied to your domain, if you find details indicating an SMTP username and password, then you have what you need to configure email apps and services to send mail.

And if SMTP credentials are present but don’t seem to work, you may need to reset the password as explained in the next section.

Resetting Your SMTP Password

If you have a third-party SMTP service but the password no longer allowing access or is otherwise invalid, use their provided password reset function via your customer account panel or support site.

Most major ESPs including Amazon SES, SendGrid, Mailgun, Mailchimp, and more require logging into your account dashboard and provide an option to generate a new password.

For example, to change your SMTP password in SendGrid:

  1. Log into your SendGrid account
  2. Go to Settings > API Keys
  3. Click ‘Create API Key’ to generate new password

Consult your email service provider’s documentation for specifics on regenerating the SMTP credential if necessary.

Without access to the associated account dashboard, you may need to open a support ticket requesting they manually reset your SMTP password which allows sending outbound messages from your domain.

Best Practices for Managing SMTP Passwords

Given the crucial nature of securing email delivery plus dependency on a functional SMTP password, here are some tips on properly managing this authentication info:

Don’t Lose the Password

  • Store SMTP passwords in a password manager app like LastPass or 1Password for safekeeping.
  • Maintain a protected document with login details for reference if ever necessary.

Generate App Passwords

Rather than allowing direct access to the SMTP account using the main password, some providers generate application-specific passwords.

These are custom, limited-privilege passwords that can be revoked individually. For instance, you can have unique SMTP passwords for Outlook, Mac Mail, and an email marketing platform which limits exposure if any credentials are compromised.

Set Reminders to Change Password

Treat the SMTP password with the same consideration as other highly privileged credentials. Set biannual or quarterly reminders to regenerate the SMTP password as general security practice, especially when multiple systems rely on it to prevent wide exposure.

Remove Access for External Parties

If you grant an external vendor, developer, or agency access to send email from your domain, manually revoke permissions when their project concludes. Rotate SMTP passwords on a regular basis or whenever third-parties are removed to ensure unauthorized use does not persist.

Keeping your SMTP server access exclusive and confidential maintains sending reliability while restricting abuse without your knowledge.

Key Takeaways

  • An SMTP server relays outbound email from apps and domains to recipient inboxes using username and password authentication
  • Check email client settings, web host/CRM control panels, domain registrar tools, or SMTP provider dashboards to locate existing SMTP account details
  • Reset non-working or compromised SMTP passwords via your email service provider’s administration console or by contacting technical support
  • Use password managers, dedicated app passwords, routine generation, and limited third-party access to properly control SMTP credentials

Utilizing these tips will help you keep your SMTP server access secure, stay in control of vital email delivery, and prevent unexpected service disruptions due to expired credentials.

Frequently Asked Questions About SMTP Passwords

Still have questions about managing your SMTP account security? Here are answers to some commonly asked questions:

  1. Why do I need an SMTP username and password?
    SMTP credentials are required so the server can identify valid users, prevent unauthorized mail relaying, and mitigate abuse of their mail transmission infrastructure. It’s a necessary authentication step to ensure legitimate access.
  2. What happens if someone else gets my SMTP password?
    An exposed SMTP password risks allowing others to send spam or phishing emails from your domain which can hurt deliverability or get blacklisted. Immediately change the password if suspecting it became compromised to prevent abuse.
  3. Can I use the same SMTP password everywhere?
    You can reuse the main SMTP password but it’s best to have unique passwords where possible. For example, use specific App Passwords in email clients so that compromising one system won’t affect all. Rotate passwords routinely too.
  4. How do I find my SMTP server host name?
    The SMTP host name is indicated in your email client/app settings. But check your domain registrar control panel, web hosting provider, or ESP dashboard where the full outgoing/SMTP mail server details are configured.
  5. What is the default SMTP port number?
    Port 587 and 465 are standard ports used to connect to SMTP servers. Your provider should indicate which specific port to use in the SMTP connection settings.
  6. Can I use Gmail’s SMTP server?
    You can use Gmail’s server but they restrict daily sending limits which can prevent delivering large volumes, so better to have a dedicated ESP SMTP server connection for custom domains with higher quotas.
  7. Why is my SMTP password not working?
    If suddenly failing but was previously fine, try resetting the password via your ESP account dashboard or support ticket. If new passwords continually don’t work, there may be a larger service configuration issue or disabled account needing provider attention.
  8. How often should I change my SMTP password?
    Industry best practice is to change SMTP passwords at minimum every 6-12 months. Additionally rotate when any staff/vendors with access depart or if noticing suspicious sending patterns suggesting a compromise.
  9. What special characters can my SMTP password contain?
    SMTP providers typically allow most special characters like ! @ # $ % ^ & * ( ) _ + – = { } : ; etc except double quotes which can cause auth issues. Check your provider’s specific password requirements.
  10. Can I use 2FA authentication for SMTP access?
    Yes, providers like SendGrid, Mailgun, Amazon SES and others allow setting up 2-factor authentication (2FA) using mobile apps or hardware keys as an extra layer of account security beyond just the SMTP password.


Accessing an SMTP server to directly send email from your domain while preventing abuse requires properly managing username and password credentials. By knowing where to check for existing SMTP access tied to your email accounts, the ability to reset non-working passwords, and adhering to best practices around SMTP security as outlined here, you can maintain smooth and secure mail delivery through your chosen service providers. Reach out to your specific email hosting company for any further assistance managing SMTP access or configurations details unique to their platform.

Leave a Comment