How to send emails securely using Gmail and NodeJS

Sending emails is a common feature that is present in many applications. This feature is used to notify user about news, like a newsletter, about your product status when it's facing to an issue, recovery password and so on.

To send emails you will need an application to create the emails and call the SMTP server to send, which is what we will do here using NodeJS and an SMTP server, which we will not do here.

But don’t worry, we have a great and powerful solution to use as your SMTP server. Stay with me and let’s go together!

Step 1: The SMTP server

From SendGrid we have:

If you’re thinking now, “Okay, we need an SMTP server. But how does this relate to Gmail? If it’s in the title of the article, it should be mentioned in the content, right?”

I have to say that you are right! We need and will talk about Gmail here.

Step 2: How Gmail can help us?

One of the most popular webmail clients with 1.8 million users is Gmail. As you may already know, this is Google’s webmail client and for handling emails it has its own SMTP server.

Every SMTP server has an address that is used to send emails. In addition to the address you (common and recommended) will need authentication and with Gmail it is no different.

It has an address that you can connect to and authenticate with your Gmail account. What you need to connect with the Gmail SMTP server is listed below.

  • Address: smtp.gmail.com
  • Requires SSL: Yes
  • Requires TLS: Yes (if available)
  • Requires Authentication: Yes
  • Port for SSL: 465
  • Port for TLS/STARTTLS: 587

I know it is a considerable amount of information, especially if you have never had contact with SMTP. But, again, don't worry.

In the next step we'll handle with this in a really simples way.

Step 3: Let's connect with the SMTP server using Nodemailer

In this article we'll use the Nodemailer to handle SMTP in NodeJS. From official Nodemailer website we have:

Let’s setup Node with Nodemailer. By following the steps, you will achieve it:

3.1 Creating the project

Go to your workspace folder, create a folder to this project and init the project using npmlike is showed below:

cd ~/projects/ # go to the projects folder
mkdir node-sending-emails # created a folder to this project
cd node-sending-emails # move to the created folder
npm init -y # initializer the project with default config

3.2 Installing the nodemailer

Now that you already created the project you can install the dependencies using npm. See how:

npm install nodemailer #installs the nodemailer package

Great! The nodemailer is now available. Let's connect to the SMTP server.

3.3 Connecting with the Gmail

Nodemailer is really simple to use. To send an email we need to a transporter object. This object encapsulates the operations of checking connection and sending email.

Se wee basically need to create a transport with the configurations of the SMTP server that we'll use. As you can see below:

const nodemailer = require('nodemailer');const transporter = nodemailer.createTransport({
host: 'smtp.gmail.com',
port: 587,
auth: {
user: 'youremail@gmail.com',
pass: 'yourpassword',
},
});
transporter.verify().then(console.log).catch(console.error);

The above code uses nodemailer to create the transporter with the informations that we already know about the Gmail SMTP server.

After create transporter we call the verify() method to try to connect with the server and show the connection info when the execution gets success, and error when the execution gets fail.

3.4 Running the script

Awesome!! We can finally connect with the server. Once we execute this code we got to the glory! So let's run it and check the results.

Image 1 — Result from execution

Ok… It's not so good. We got an error :/

Again… don't worry. It's was expected. Gmail has some layers of security, so you can't just connect and send a million of emails. Before it you need to set up few things in your Gmail account to make it work.

If you look at the account you used in the example, you will find that something a security alert is shown as in the image below.

Image 2 — Security alert from Gmail

This is an email sent by Google that notifies me of a login attempt made with my password, which was us. When we try to connect to Gmail using a third party application (created by us) it blocks because it considers that application to be insecure.

In the next step, we resolve this. Let’s move on!

Step 4: Configure Gmail account to accept less secure apps

Our application is classified as insecure by Gmail. To bypass it we can configure our account to allow insecure apps to connect with our account. When this configuration is enabled all apps with username and password can connect to our account in Gmail and send emails.

To enable it you need to go to https://myaccount.google.com/ and select your Google Account. Then go to Security in the left sidebar and search by "Less secure app access". You'll see something looks like

Image 3 — Enabling less secure apps in Gmail

Turn on and run the code again. It should work fine and you'll see a true in your terminal.

Really awesome! We're now connected to the Gmail. But no email was sent, right?

Yes. We only verified the connection with the verify() method. Let's get to know a new method and send a email.

4.1 Definitely sending emails

The transporter object has a method called sendMail() that is responsible to send emails effectively. This method receives an object with some parameters. The mainly parameters are: from, to, subject, text and html.

That are email sender, list of receivers separated by a comma (,), the email subject, the email content in text plain and the email content in HTML (if you desire) respectively.

And we have a trick to send emails with Gmail in Nodemailer. Actually we don't need to go through all the SMTP settings. We only need two configurations to set a transporter to connect with Gmail. See the complete example below.

Note that in the createTransport we only pass an attribute called service where we define it asgmail and the auth with our credentials.

In the sendMail() we pass all data about email. That's all. Try to running this example again and see the result. If it works well, you'll get something as showed below in your terminal.

{
info: {
accepted: [ 'receiver@gmail.com' ],
rejected: [],
envelopeTime: 871,
messageTime: 651,
messageSize: 747,
response: '250 2.0.0 OK 1615152446 m6sm5222884qtx.3 - gsmtp',
envelope: { from: 'fromemail@gmail.com', to: [Array] },
messageId: '<95e9c9a0-9c20-fcda-1873-7f16aec2b293@gmail.com>'
}
}

And in the receiver.

Image 4 — Gmail inbox with the receive email

And in the sender.

Image 5 — Gmail outbox with the sent email

Step 5: Keep your Gmail account and your application secure

Our application is working fine, right? I don't know. Use less secure apps is so weird to me. There is a way to improve it and make this access to Gmail more secure. We can do this using App Password.

App Password is a feature that allow to generate a password by each app. These feature can be useful once that you won't provide the your own password but a password for that app.

5.1 How to make it happen?

Go to https://myaccount.google.com/ and in the left sidebar click in Security, find "Signing in to Google", click in 2-Step Verification and enable it.

After enable 2-Step Verification you'll can see another option that is App Passwords. Click in this option and you'll see a page like the one shown below in the image.

Image 6 — App passwords

To create a new app password click "Select app" combobox, select Other, define a name and click in Generate. A dialog box will appear with the password. See below.

Image 7 — Generated new app password

Replace the password you entered in the code with the generated app password and you're done. Now you can disable the option "less secure apps" and manage your app passwords.

Summary

Sending emails is a powerful feature and not difficult to implement. We saw in this article how to implement it simply, quickly and safely.

With the concepts of this article you able to handle with emails using not only Gmail but others providers like Outlook and own providers that exists. Be creative, create great applications and share with us.

Please clap 👏👏 and share this post if it was useful to you. Thanks for reading. See ya!

You may be interested in

References

Fullstack developer with expertise in web and mobile development with Flutter, Firebase, Ionic, PHP, C#, JS and Python. Now I’m trying to learn Erlang/Elixir :D

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store