Gmail Shows Authentication Warning for Custom Domain Emails via POP3 Forwarding from Netlify Functions

ZoeStar42 · June 7, 2025, 11:32pm

I have a weird problem with my email setup. When I send emails from my Netlify function using my custom domain, Gmail shows an authentication warning but only in certain cases.

My current setup:

Using nodemailer for sending emails
Custom domain SMTP server
All DNS records are set up (SPF, DKIM, DMARC)

The strange part:
When I send emails directly to Gmail addresses, everything works fine. But when emails go to my custom domain first and then get forwarded to Gmail through POP3, Gmail displays the authentication warning.

Here’s my email sending code:

const deliverMessage = async (config) => {
   try {
       const mailTransporter = nodemailer.createTransporter({
           host: 'mail.hostingservice.net',
           port: 465,
           secure: true,
           auth: {
               user: process.env.MAIL_USER,
               pass: process.env.MAIL_PASS
           }
       });

       const messageConfig = {
           from: `MyCompany Support <${process.env.MAIL_USER}>`,
           to: config.recipient,
           subject: config.title,
           html: config.content,
       };

       if (config.attachment) {
           messageConfig.attachments = [{
               filename: config.attachment.name,
               content: config.attachment.data
           }];
       }

       await mailTransporter.sendMail(messageConfig);
   } catch (err) {
       console.log("Mail delivery failed:", err);
       throw err;
   }
}

exports.handler = deliverMessage;

What I’ve tried:

Double checked all DNS authentication records
Verified SMTP settings multiple times
Tested different email clients

Is this a known issue with POP3 forwarding? Does anyone know how to fix this authentication warning when emails are forwarded through POP3 to Gmail?

AdventurousHiker17 · June 18, 2025, 11:12pm

yup, i think gmail’s just struggling with those forwarding headers. pop3 forwards can mess up the original auth, making it tough for gmail to verify who it’s from. maybe check if your host offers a better forwarding option that keeps the headers intact?

HappyDancer99 · June 16, 2025, 9:45pm

I ran into something similar when working with custom domain emails through serverless functions. The issue you’re experiencing is actually pretty common - POP3 forwarding essentially strips away the authentication context that Gmail expects to see. When the email bounces through that extra hop, Gmail treats it as potentially suspicious because the authentication trail gets broken.

What worked for me was adding a custom Return-Path header in the nodemailer configuration and making sure the envelope sender matches your authenticated domain. You can try adding envelope: { from: process.env.MAIL_USER } to your messageConfig object. Also worth checking if your hosting service has any specific requirements for the From header format - some providers are picky about how the display name and address are structured when authenticating through their SMTP servers.

JackHero77 · June 16, 2025, 2:14pm

This happens because POP3 forwarding breaks the authentication chain that Gmail relies on to verify message authenticity. When your email gets forwarded through POP3, the receiving server essentially becomes a relay, which alters the message headers and invalidates the original DKIM signatures you’ve set up.

I had the same issue with my business setup and switching to IMAP forwarding helped significantly. However, the real solution was implementing proper email routing at the DNS level using MX records instead of relying on POP3 forwarding. You might also want to check if your hosting provider supports SRS (Sender Rewriting Scheme) which preserves authentication through forwards.

Another approach is setting up Gmail to fetch emails directly via IMAP rather than having them forwarded, which maintains the original authentication headers.