Python SMTP authentication fails with Gmail app password despite 2FA setup

I’m having trouble connecting to Gmail through Python’s SMTP library even though I have an app-specific password configured. The error message says I need to log in through a web browser first.

My Setup

I have 2FA enabled on my Gmail account and created an app password specifically for this Python script. This same approach worked perfectly with my test account, but now with the production account it keeps rejecting the authentication.

The Issue

Google keeps blocking my login attempts and shows this error about using a web browser. I thought app passwords were supposed to bypass the need for less secure app settings when 2FA is active.

Sample Code

Here’s what I’m using to send emails:

def email_sender(recipient, email_subject, content):
    username = "[email protected]"
    app_password = "GeneratedAppPassword123"
    mail_server = "smtp.gmail.com"
    server_port = 587

    message = MIMEMultipart("alternative")
    message["Subject"] = email_subject
    message["From"] = username
    message["To"] = recipient
    message.attach(MIMEText(content, "html"))
    
    connection = smtplib.SMTP(mail_server, server_port)
    connection.connect(mail_server, server_port)
    connection.ehlo()
    connection.starttls()
    connection.ehlo()
    connection.login(username, app_password)
    connection.sendmail(username, recipient, message.as_string())
    connection.quit()

Domain Settings

I noticed my working account shows “less secure apps setting not available with 2FA” while the problematic one shows “setting managed by domain administrator”. Both accounts have 2FA enabled and required by domain policy.

What domain admin setting might be blocking this? I want to avoid using OAuth libraries if possible.

Google Workspace domains usually have stricter policies that override what you set on your individual account. The difference between your working test and production accounts is probably that one’s a personal Gmail while the other’s managed through a business domain. When domain admins control security policies, they can completely disable app passwords even if you have 2FA enabled. I ran into this exact issue when we migrated from personal Gmail to our corporate domain - same code just stopped working overnight. The domain policy basically overrides any individual authentication method you try to set up. Your auth credentials and SMTP config look right, but those domain restrictions are blocking the connection. You’ll probably need to ask your admin for a policy exception or see if they’ve approved alternative auth methods for automated systems. Sometimes admins create specific service accounts with different permissions for these situations.

The domain administrator restriction is your problem. When you see ‘setting managed by domain administrator’ instead of the usual less secure apps message, your Google Workspace admin has blocked app passwords for the whole organization. Pretty common security policy in business setups. I hit this exact issue last year with a client’s workspace account. Even with 2FA enabled and what looked like valid app passwords, the domain policy was quietly blocking SMTP authentication. Had to contact the workspace admin to either whitelist the specific app or temporarily enable app passwords for that account. Your code looks fine - it’s not a technical issue. Talk to your domain admin about the current app password policy. They’ll probably need to tweak the security settings in Google Admin console under Security > API controls > App access control.

yeah, domain admin restrictions are def your problem. had the same issue with our company’s gmail too - workspace admins can disable app passwords even with 2FA on. maybe ask your admin to whitelist this or look for an oauth exception? usually they make exceptions for legit biz stuff.

This topic was automatically closed 4 days after the last reply. New replies are no longer allowed.