Connection settings
- Host
- smtp.mailgun.org
- Port
- 587
- Security
- STARTTLS
Mailgun provides SMTP relay at smtp.mailgun.org (US region) or smtp.eu.mailgun.org (EU region) on port 587 with STARTTLS. The most common mistake is using the Mailgun private API key as the SMTP password — Mailgun separates REST API credentials from per-domain SMTP credentials.
Recommended settings
- Host:
smtp.mailgun.org(US) orsmtp.eu.mailgun.org(EU) - Port: 587 (STARTTLS) or 465 (implicit TLS)
- Username: your domain's SMTP user (e.g.
[email protected]) - Password: the SMTP password for that user (shown once on creation/reset)
- Auth method: Auto, PLAIN, or LOGIN
- From address: must be on a verified domain
Finding your SMTP credentials
Mailgun issues SMTP credentials per sending domain, separate from the account-level API key:
- Log in to the Mailgun control panel.
- Navigate to Sending → Domain settings → select your domain.
- Go to the "SMTP credentials" tab.
- You will see the default
[email protected]user (or another you created). - Click "Reset password" to get a new SMTP password — copy it immediately, it is shown only once.
The username is the full SMTP user address (e.g. [email protected]). The password is the SMTP-specific password — not your Mailgun account password and not the private API key from the API Keys page.
Testing with SMTP Tester
- Host:
smtp.mailgun.org(orsmtp.eu.mailgun.orgfor EU domains). - Port 587, security STARTTLS.
- Username: your SMTP user (e.g.
[email protected]). - Password: the SMTP password you copied from the control panel.
- From: an address on the verified domain (e.g.
[email protected]). - To: any recipient (sandbox domains restrict recipients — see below).
- Click Run. A
235 Acceptedconfirms authentication.
A 250 Great success after DATA means Mailgun accepted the message.
Common errors
535 "Authentication failed" / "Invalid login"
The most frequent Mailgun SMTP error on forums. Causes:
- Using the API key as the password: the private API key (starts with
key-) is for the REST API only. SMTP requires the per-domain SMTP password. - Using the wrong domain's SMTP user: if you have multiple domains (e.g.
mg.example.comandmg.other.com), each has its own SMTP users. Using the credentials from one domain against another will fail. - Password was reset and old one is in use: after resetting the SMTP password, update all applications and configs that reference it.
- Region mismatch: US-region domains authenticate against
smtp.mailgun.org; EU-region domains usesmtp.eu.mailgun.org. Cross-region auth will fail.
550 "Sandbox subdomains are for test purposes only"
If you are using Mailgun's default sandbox domain (e.g. sandboxXXXX.mailgun.org), you can only send to verified recipients listed in the control panel under "Authorized Recipients." Add the To address there or switch to a custom verified domain.
550 "Domain not found" / "Sender not authorized"
The From address is on a domain not verified in your Mailgun account. Verify the domain by adding the required DNS records (SPF, DKIM, MX) in the Mailgun Sending → Domain settings page.
Connection timeout
- Verify you are using the correct regional endpoint.
- Port 587 is standard; try 465 if your network blocks 587.
- Mailgun does not listen on port 25 for submission.
US vs EU regions
Mailgun separates infrastructure by region for data residency compliance:
| Region | SMTP host | API base URL |
|---|---|---|
| US | smtp.mailgun.org |
api.mailgun.net |
| EU | smtp.eu.mailgun.org |
api.eu.mailgun.net |
Domains created in one region cannot authenticate against the other. Check your domain's region in the Mailgun dashboard (Sending → Domain settings → the region badge).
Domain verification
Before Mailgun relays mail for a domain, you must verify ownership by adding DNS records:
- SPF: a TXT record authorizing Mailgun's IPs to send on behalf of your domain.
- DKIM: two TXT (or CNAME) records for Mailgun's DKIM signing keys.
- MX (optional): only needed if you want Mailgun to receive inbound mail.
Until DNS verification completes, sends may fail or be queued. The Mailgun dashboard shows a green checkmark once each record is detected.
Mailgun sending limits
Limits depend on your plan:
- Flex (pay-as-you-go): no fixed monthly limit, but new accounts start with a low daily cap that increases as reputation builds.
- Foundation / Scale / Custom: monthly volume limits per plan.
- Burst rate: Mailgun handles high throughput but may queue messages if your sending rate exceeds your account's reputation-based limit.
If you hit a rate limit, Mailgun returns 452 Too many recipients or queues the message silently. Check Logs in the dashboard for delivery status.
Multiple SMTP users
You can create additional SMTP users for a domain beyond the default postmaster@:
- Go to Sending → Domain settings → SMTP credentials.
- Click "New SMTP User."
- Choose a local part and set a password.
Each user can have its own password, allowing you to give different applications different credentials and revoke them independently.
Security notes
- Never use the private API key (
key-...) as an SMTP password. It will not work and pasting it in unexpected places risks exposure. - Rotate SMTP passwords if you suspect compromise — reset in the dashboard.
- SMTP Tester redacts credentials from the live transcript.
- Enable webhooks for bounces and complaints in Mailgun to protect your sender reputation.
- Use a subdomain for sending (e.g.
mg.yourdomain.com) to isolate mail reputation from your root domain.