This document describes the options for sending mail from a virtual machine instance and provides general recommendations on how to set up your instances to send email.
Using standard email ports
Google Compute Engine does not allow outbound connections on ports 25, 465, and 587. By default, these outbound SMTP ports are blocked because of the large amount of abuse these ports are susceptible to. In addition, having a trusted third-party provider such as SendGrid, Mailgun, or Mailjet relieves Compute Engine and you from maintaining IP reputation with your receivers.
While sending email from blocked ports is not allowed, your instances can still receive email.
Choosing an email service to use
Although standard email ports are blocked, you can choose a non-standard port to send email through. You can also take advantage of the mail services offered by Compute Engine partners.
SendGrid, Mailgun, and Mailjet are Compute Engine's third-party partners that offer a free tier for Compute Engine customers to set up and send email through their servers. If you don't have a G Suite account, use these third-party partners to take advantage of features like click tracking, analytics, APIs, and other features to meet your email needs.
Alternatively, if you are familiar with G Suite and are already paying for a G Suite account that supports email, you can set up a relay service to send email through G Suite. Note that Gmail and G Suite enforce limits for email activity. For details, see G Suite email sending limits.
If you don't have a G Suite account or don't want to use G Suite or a third-party mail provider, you can set up your own email server on an instance using a non-standard port. You can choose any ephemeral port that isn't blocked by Compute Engine.
- To use SendGrid, Mailgun, or Mailjet: Follow the instructions for Sending Email using SendGrid, Sending Email using Mailgun, or Sending Email using Mailjet.
- To use a G Suite domain: Follow the instructions for SMTP relay service settings on the G Suite documentation. Note that SMTP relaying through G Suite is only allowed through ports 465 or 587. Port 25 is not supported through G Suite.
If you want to use your own email server on a custom port, use the documentation specific to your email service to configure a custom email port.
Sending mail through corporate mail servers
In some cases, you might have a corporate mail server that is already running an email service for you. If you need to send mail through a corporate mail server but are blocked by the port restrictions described at the top of this page, you can use a VPN to bypass these restrictions. This method requires running a VPN client on your Compute Engine cluster, and a VPN server on your corporate network router. This setup would allow your instance to appear "inside" your corporate firewall, and allow unrestricted access to your corporate mail server.
There are security implications for this configuration, and you should ensure that your Compute Engine instance access to only the services it requires, and nothing more.