How to Setup Gmail SMTP on Gophish

How to Setup Gmail SMTP on Gophish


Gophish is an open-source platform designed to make email phishing simulations easier and more accessible. It provides organisations as well as security professionals the ability to test and evaluate the effectiveness of their email security measures and identify potential vulnerabilities in their networks. By configuring Google’s Simple Mail Transfer Protocol (SMTP) with Gophish, you can easily create and send convincing phishing campaigns to your team to assess the effectiveness of your network’s security protocols and policies. In this tutorial, we’ll show you how to set up Gmail SMTP on Gophish and provide you with valuable tips and tricks that will make your phishing simulations more effective than ever.

What you need

  • Gophish cloud instance
  • Gmail account

Setting up Gmail as a sending profile in Gophish

  1. On the Gmail account you’re using to launch the campaign, enable 2-step verification.
  2. To send emails from a third-party service provider, you need to generate an app password on the Gmail account. You can do this here. Copy the password and safe keep.
  3. Launch the Gophish instance. On the home page, select Sending Profile on the left panel. 
  4. On the right panel, click the edit icon for the Google Mail option.
  5. On the popup menu, input the Gmail address in the SMTP From field. In the Host field, input In the Username field, input the Gmail address and in the Password field, input the app password generated in step 2.
  6. Click the Send Test Mail button at the bottom of the menu to send a test email. 
  7. You’re all set to create and send phishing campaigns from a Gmail account. 


Setting up SMTP on Gophish is a quick and easy process to get started with Gophish. Phishing is a real threat to organizations, about 90% of data breaches are linked to phishing attacks. By creating and sending phishing simulations with Gophish, you can identify vulnerabilities in your network, educate your employees on the importance of cybersecurity awareness, and better protect your company’s sensitive data.