Email (SMTP, Resend, SendGrid)
Connect any SMTP provider so Flow CMS can send invites, password resets and notifications — with exact settings for Resend, SendGrid and Mailgun.
Flow CMS sends its transactional email — teammate invites, password resets, content notifications and digests — through any SMTP provider you connect. There is no built-in mail service and no markup: bring Resend, SendGrid, Mailgun, Postmark, Amazon SES, Google Workspace, or your own mail host.
Configuration lives in Settings → Email: host, port, username, password and a From address, plus a Send test button that delivers a real test email so you know the connection works before anyone needs an invite.
The SMTP password is a credential. It is entered only on the Email settings
screen, encrypted at rest with your instance's SECRETS_ENCRYPTION_KEY, and
never returned to the browser.
Provider quick reference
| Provider | Host | Port | Username | Password |
|---|---|---|---|---|
| Resend | smtp.resend.com |
465 (or 587) | resend |
your Resend API key |
| SendGrid | smtp.sendgrid.net |
587 | apikey (the literal string) |
your SendGrid API key |
| Mailgun | smtp.mailgun.org |
587 | SMTP user from your domain page | SMTP password |
| Postmark | smtp.postmarkapp.com |
587 | server API token | server API token |
| Amazon SES | email-smtp.<region>.amazonaws.com |
587 | SMTP credentials from SES | SMTP credentials from SES |
| Google Workspace | smtp.gmail.com |
587 | your address | an app password |
Resend, step by step
- In Resend, add and verify your domain (Domains → Add domain) and create an API key.
- Add the DNS records Resend shows you (SPF + DKIM) and wait for the domain to verify.
- In Flow CMS Settings → Email: host
smtp.resend.com, port465, usernameresend, password = the API key, From = an address on the verified domain (e.g.[email protected]). - Save, then Send test.
SendGrid, step by step
- In SendGrid, complete Sender Authentication (authenticate the domain — SPF + DKIM DNS records) and create an API key with Mail Send permission.
- In Flow CMS Settings → Email: host
smtp.sendgrid.net, port587, usernameapikey(exactly that string, not your account name), password = the API key, From = an address on the authenticated domain. - Save, then Send test.
The From address matters as much as the credentials. Providers reject or
spam-folder mail from unverified domains — verify the domain first, then use a
From on that domain. [email protected]-style sandbox senders are fine for
a first test but not for production.
Self-hosting notes
- SMTP works on every edition, including Community — email is core, not a feature key.
- Outbound port 587/465 must be open from wherever the backend runs. Some hosts block port 25 entirely; that is fine, since submission ports are what the providers use.
- Credentials live in the database encrypted with
SECRETS_ENCRYPTION_KEY— which is one more reason to back that key up.
Troubleshooting
| Symptom | Usual cause | Fix |
|---|---|---|
| Authentication failed | Wrong username convention | SendGrid wants the literal apikey; Resend wants resend; both take the API key as the password |
| From address rejected | Domain not verified with the provider | Complete domain verification (SPF/DKIM), use a From on that domain |
| Test lands in spam | Missing SPF/DKIM, or a free-mail From | Verify the domain; avoid @gmail.com Froms through third-party SMTP |
| Connection timeout | Port blocked by the host/firewall | Try 587 ↔ 465, confirm outbound rules on your platform |
| Works locally, fails in prod | Different env / secrets not set | Re-enter credentials on the production instance; check SECRETS_ENCRYPTION_KEY is set |
Once the test passes, the invite, reset, published and digest templates are customizable on the same settings screen. The help center has the editor-facing walkthrough.