SMTP Error 235: Authentication Successful

infoSuccess Response

SMTP code 235 is the server's confirmation that the AUTH command succeeded. After receiving 235, the client is authorized to send mail through the server as a relay. This response follows the completion of an authentication mechanism such as PLAIN, LOGIN, CRAM-MD5, or XOAUTH2. The authentication step is required on submission ports (587) and is what distinguishes authenticated relaying from open relaying. If you do not receive 235 after AUTH, the credentials are wrong, the mechanism is not supported, or the account is locked.

Common Causes

Valid credentials provided via AUTH command

high

The client supplied a correct username and password (or OAuth token) using a supported authentication mechanism. The server verified the credentials against its user database and granted relay access.

XOAUTH2 token accepted by provider

medium

Modern mail providers like Gmail and Microsoft 365 use XOAUTH2 for authentication. A valid OAuth2 access token was presented and the server confirmed the identity. This is increasingly common as providers deprecate plain password authentication.

Client certificate authentication succeeded

low

Some enterprise mail servers accept TLS client certificates as an authentication method. The server verified the client certificate during the TLS handshake and returned 235 to confirm the identity.

How to Fix It

Test authentication manually

Connect to the submission port and attempt AUTH LOGIN or AUTH PLAIN with base64-encoded credentials to verify the server accepts them.

openssl s_client -connect mail.example.com:587 -starttls smtp

Verify supported AUTH mechanisms

Send EHLO and look for the AUTH line in the server's capabilities response. The server will list supported mechanisms (PLAIN, LOGIN, CRAM-MD5, XOAUTH2). Your client must use one that the server supports.

Check for app-specific password requirements

Providers like Gmail, Yahoo, and iCloud require app-specific passwords when two-factor authentication is enabled. Using the account's regular password will fail even if the password is correct.

Verify TLS is active before AUTH

Most servers require STARTTLS before accepting AUTH commands. Sending AUTH over an unencrypted connection will be rejected with a 530 or 538 error. Always upgrade to TLS first.

Related Error Codes

250

Requested Action Completed

The SMTP command was successfully processed. Used for EHLO responses, MAIL FROM, RCPT TO, and DATA completion.

535

Authentication Failed

The SMTP authentication credentials were rejected. The username, password, or token is incorrect.

504

Command Parameter Not Implemented

The command is recognized but a specific parameter or extension used is not implemented.

Frequently Asked Questions

All SMTP Error Codes

235

SMTP Error 235: Authentication Successful

infoSuccess Response

Common Causes

Valid credentials provided via AUTH command

high

XOAUTH2 token accepted by provider

medium

Client certificate authentication succeeded

low

Some enterprise mail servers accept TLS client certificates as an authentication method. The server verified the client certificate during the TLS handshake and returned 235 to confirm the identity.

How to Fix It

Test authentication manually

Connect to the submission port and attempt AUTH LOGIN or AUTH PLAIN with base64-encoded credentials to verify the server accepts them.

openssl s_client -connect mail.example.com:587 -starttls smtp

Verify supported AUTH mechanisms

Check for app-specific password requirements

Providers like Gmail, Yahoo, and iCloud require app-specific passwords when two-factor authentication is enabled. Using the account's regular password will fail even if the password is correct.

Verify TLS is active before AUTH

Most servers require STARTTLS before accepting AUTH commands. Sending AUTH over an unencrypted connection will be rejected with a 530 or 538 error. Always upgrade to TLS first.

Related Error Codes

250

Requested Action Completed

The SMTP command was successfully processed. Used for EHLO responses, MAIL FROM, RCPT TO, and DATA completion.

535

Authentication Failed

The SMTP authentication credentials were rejected. The username, password, or token is incorrect.

504

Command Parameter Not Implemented

The command is recognized but a specific parameter or extension used is not implemented.

SMTP Error 235: Authentication Successful

Common Causes

Valid credentials provided via AUTH command

XOAUTH2 token accepted by provider

Client certificate authentication succeeded

How to Fix It

Test authentication manually

Verify supported AUTH mechanisms

Check for app-specific password requirements

Verify TLS is active before AUTH

Related Error Codes

Requested Action Completed

Authentication Failed

Command Parameter Not Implemented

Frequently Asked Questions

What does SMTP error 235 mean?

What causes SMTP error 235?

How do I fix SMTP error 235?

SMTP Error 235: Authentication Successful

Common Causes

Valid credentials provided via AUTH command

XOAUTH2 token accepted by provider

Client certificate authentication succeeded

How to Fix It

Test authentication manually

Verify supported AUTH mechanisms

Check for app-specific password requirements

Verify TLS is active before AUTH

Related Error Codes

Requested Action Completed

Authentication Failed

Command Parameter Not Implemented

Frequently Asked Questions

What does SMTP error 235 mean?

What causes SMTP error 235?

How do I fix SMTP error 235?