βοΈSMTP
Send emails from your own SMTP server (Gmail, Outlook, SendGrid, Mailgun, AWS SES, or any corporate mail relay) directly from a Dapta flow. Step-by-step guide to set up the credential and wire the nod
π§ Send emails from your own SMTP server β keep your sender, your domain, your deliverability.
This is the right node when you want emails to be sent from your own address and tracked on your own outbound infrastructure β instead of going through Dapta's shared sender.
π What you'll learn in this document:
Step 1: Add your SMTP credential
Step 2: Add the SMTP node to a flow
Step 3: Configure parameters and run
π Step 1: Add your SMTP credential
Credentials are stored at the workspace level, so once you add one, every flow in the same workspace can reuse it.
Open the user menu at the bottom of the left sidebar (your avatar / workspace plan) and click Credentials. You'll land at /settings/oauth.
Click the + on the SMTP Server tile. The Connect your email popup opens.
Fill the form in three short sections:
Scroll down to review SECURITY and ADVANCED. The defaults are already correct for the vast majority of providers β you only need to touch these if your IT team gave you specific instructions.
Click Save credential. The new credential appears under the SMTP Server tile.
Field reference
Identity
Name to identify this connection
β
Internal label, e.g. Marketing β SendGrid.
Server
Server address
β
The hostname of your SMTP server.
Server
Port
β
587 (STARTTLS) or 465 (TLS). Port 25 is blocked.
Access
Username
β
Same login you use to read mail. For SendGrid the username is the literal apikey.
Access
Password
β
For Gmail or Microsoft 365 use an App Password, not your account password.
Security
Encrypted from the start (port 465)
β
Tick when the provider uses implicit TLS.
Security
Require encrypted connection (port 587)
β
Default. STARTTLS upgrade required.
Security
Send without encryption
β
Discouraged. Only legacy corporate relays.
Security
Accept unverified certificates
β
Self-signed or hostname-mismatched certs. Off by default.
Security
Minimum security level
β
TLS 1.2 (default) or TLS 1.3.
Advanced
Client identifier
β
Custom EHLO/HELO. Leave blank unless IT asks.
Common providers β quick settings
Gmail / Google Workspace
smtp.gmail.com
587
STARTTLS
Username = your address. Password = App Password. 2FA required to generate one.
Microsoft 365 / Outlook
smtp.office365.com
587
STARTTLS
App Password or SMTP-AUTH-enabled mailbox. Microsoft is deprecating basic auth β modern tenants will need OAuth (coming in a later release).
SendGrid
smtp.sendgrid.net
587
STARTTLS
Username = apikey. Password = your SendGrid API key.
Mailgun
smtp.mailgun.org
587
STARTTLS
Domain-specific SMTP credentials from the Mailgun dashboard.
AWS SES
email-smtp.<region>.amazonaws.com
587
STARTTLS
SMTP credentials generated from the SES console (not your IAM keys).
πͺ Step 2: Add the SMTP node to a flow
Open Flow Studio and create a new flow (or open an existing one). Press βK / Ctrl+K or click Browse Nodes and type smtp.
Pick Send SMTP Email. The node drops onto the canvas.
In the right panel:
Pick the credential you just created from the Credential dropdown.
If you forgot to create one, choose + Add new credential from the dropdown β the popup opens inline and the credential is auto-selected once you save.
Fill the rest of the parameters (see reference below).
Click Save. Run the flow to send a test message.
Variables. Any text field in the node accepts {{trigger.body.fieldName}} references and other variables from upstream nodes β useful for personalising the subject or the body.
π Parameter reference
Credential
β
dropdown
The SMTP credential to use. Workspace-scoped.
To
β
string
One or more recipients, comma-separated. Supports Name <addr@example.com>.
From
β
string
Override the From address. Must match an address the SMTP server allows.
CC
β
string
Same syntax as To.
BCC
β
string
Same syntax as To. Hidden in delivered headers.
Reply-To
β
string
Single address.
Subject
β
string
RFC limit: 998 characters.
Body format
β
text / html
Picks which body field is sent.
Body
conditional
string
Used when Body format = text. Also used as HTML fallback if html_body is empty.
HTML body
conditional
string
Used when Body format = html.
Priority
β
low / normal / high
Sets the X-Priority header.
Custom headers
β
list of key/value
Up to 50 entries. Newlines and reserved headers are rejected (see below).
Attachments
β
URL / Base64 / Buffer
URL attachments are fetched with DNS pinning and a 2xx-only redirect policy.
On error
β
stop / continue
Default for new nodes is stop β fail fast instead of swallowing send errors.
Reserved headers β not allowed
The following header names are blocked because they would let a malicious flow override security-critical fields or break the envelope: from, sender, to, cc, bcc, reply-to, return-path, message-id, in-reply-to, references, date, content-type, content-transfer-encoding, mime-version, dkim-signature, received, authentication-results, x-original-to, delivered-to, __proto__, constructor, prototype (case-insensitive). Use the dedicated parameters for From / To / Reply-To.
π‘ Use cases
Welcome emails after a CRM contact is created.
Lead-confirmation emails after a voice agent qualifies a prospect.
Daily digest emails fired by a Cron trigger that summarises the previous day's activity.
Internal alerts to your ops team when a flow lands on a fallback branch.
Customer-facing notifications that need to come from your own domain for deliverability and brand trust.
π Troubleshooting
EAUTH / authentication failure
Wrong password, or normal password being used where an App Password is required.
Generate an App Password in your Google/Microsoft account and paste it into the credential.
ECONNECTION / ETIMEDOUT
Wrong host or port, firewall blocking outbound SMTP.
Confirm host & port from the providers table. Verify outbound 587/465 is open from the runner.
Self-signed certificate / Hostname mismatch
The server certificate isn't trusted by default.
Re-issue the cert with a proper CA, or tick Accept unverified certificates (security trade-off).
Port 25 is not allowed
Credential uses port 25.
Switch to 587 or 465. Port 25 is blocked at credential load.
Header value contains forbidden characters
A \r or \n slipped into a header / subject / address.
Strip newlines from the input variable before passing it to the node.
Reserved header is not allowed
You added a custom header that's on the denylist.
Use the dedicated parameter (e.g. set From instead of a From: header).
Email lands in spam
Missing SPF / DKIM / DMARC on your domain.
Configure DNS records at your domain registrar. The node itself signs nothing on your behalf.
Pool warm-up takes a few seconds on first send
Cold transport pool.
Expected. Subsequent sends within the workspace reuse the pooled connection.
π Security & limits
Credentials are encrypted at rest with AES-256.
Passwords are never echoed in logs, errors, metrics, or workflow history.
Connections are pooled per workspace Γ credential Γ password-fingerprint β credentials cannot leak across workspaces.
TLS 1.2+ is enforced. Port 25 is banned. Outbound is allowed only to public IPs (SSRF guard: RFC1918, link-local, AWS IMDS, GCP metadata, etc. are blocked).
Attachment URLs are fetched with DNS pinning,
maxRedirects: 0, and a 2xx-only status check.Body / HTML body cap: 10 MB UTF-8. Subject cap: 998 chars. Custom headers: 50 entries max.
βΉοΈ Known limitations
OAuth (XOAUTH2) for Gmail / Microsoft 365 is not yet supported β use App Passwords for now. OAuth support is on the roadmap.
Bounce / DSN handling is not surfaced β a 5xx response is recorded but hard bounces do not automatically notify the flow author.
No per-workspace outbound rate-limit gate. Be mindful of your provider's daily limit (Gmail 500/day, SES sandbox 200/day, SendGrid varies).
Last updated