SMTP Setup Issues

  • What’s your URL? multiple
  • What version of Ghost are you using? 5.63.0


  • How was Ghost installed and configured? DigitalOcean one click then added multiple instances of Ghost Ghost | DigitalOcean Marketplace 1-Click App
  • What Node version, database, OS & browser are you using? NA
  • What errors or information do you see in the console? see below
  • What steps could someone else take to reproduce the issue you’re having?

Switching from Mailgun to Sendgrid to see if the “on behalf of” issue is Mailgun centric.

Sending invite produces this error using setup below.

Error sending email! Error sending email: Failed to send email. Reason: 140228782155712:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:332: . Please check your email settings and resend the invitation.
  "mail": {
    "transport": "SMTP",
    "options": {
      "service": "Sendgrid",
      "host": "",
      "port": "587",
      "secure": true,
      "auth": {
        "user": "apikey",
        "pass": "mykey"

{"name":"Log","hostname":"ghost","pid":9744,"level":50,"version":"5.63.0","req":{"meta":{"requestId":"a1c1ceb2-0b3a-4e28-9abc-6e30f4d080a4","userId":"1"},"url":"/invites/","method":"POST","originalUrl":"/ghost/api/admin/invites/","params":{},"headers":{"x-forwarded-for":"","x-forwarded-proto":"https","x-real-ip":"","host":"","connection":"close","content-length":"86","sec-ch-ua":"\"Chromium\";v=\"116\", \"Not)A;Brand\";v=\"24\", \"Google Chrome\";v=\"116\"","dnt":"1","sec-ch-ua-mobile":"?0","app-pragma":"no-cache","user-agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/ Safari/537.36","content-type":"application/json","accept":"application/json, text/javascript, */*; q=0.01","x-requested-with":"XMLHttpRequest","x-ghost-version":"5.63","sec-ch-ua-platform":"\"Windows\"","origin":"","sec-fetch-site":"same-origin","sec-fetch-mode":"cors","sec-fetch-dest":"empty","referer":"","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9","sec-gpc":"1","cookie":"**REDACTED**"},"query":{}},"res":{"_headers":{"x-powered-by":"Express","content-version":"v5.63","vary":"Accept-Version, Origin, Accept-Encoding","cache-control":"no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0","access-control-allow-origin":"","content-type":"application/json; charset=utf-8","content-length":"410","etag":"W/\"19a-ztMvardY+mIJiFkyws32axhsIek\""},"statusCode":500,"responseTime":"679ms"},"err":{"id":"b0d8e1d0-54ed-11ee-9cd8-67ec269777fe","domain":"","code":null,"name":"EmailError","statusCode":500,"level":"normal","message":"Error sending email: Failed to send email. Reason: Sending failed. Please check your email settings and resend the invitation.","help":"\"Please see for instructions on configuring email.\"","stack":"Error: Sending failed\n    at createMailError (/var/www/cbdinfo/versions/5.63.0/core/server/services/mail/GhostMailer.js:68:12)\n    at DirectMailer.<anonymous> (/var/www/cbdinfo/versions/5.63.0/node_modules/nodemailer-direct-transport/lib/direct-transport.js:157:41)\n    at DirectMailer.<anonymous> (/var/www/cbdinfo/versions/5.63.0/node_modules/nodemailer-direct-transport/lib/direct-transport.js:228:30)\n    at /var/www/cbdinfo/versions/5.63.0/node_modules/nodemailer-direct-transport/lib/direct-transport.js:350:28\n    at callback (/var/www/cbdinfo/versions/5.63.0/node_modules/smtp-connection/lib/smtp-connection.js:374:14)\n    at /var/www/cbdinfo/versions/5.63.0/node_modules/smtp-connection/lib/smtp-connection.js:389:24\n    at SMTPConnection._actionSMTPStream (/var/www/cbdinfo/versions/5.63.0/node_modules/smtp-connection/lib/smtp-connection.js:1358:16)\n    at SMTPConnection.<anonymous> (/var/www/cbdinfo/versions/5.63.0/node_modules/smtp-connection/lib/smtp-connection.js:854:18)\n    at SMTPConnection._processResponse (/var/www/cbdinfo/versions/5.63.0/node_modules/smtp-connection/lib/smtp-connection.js:669:16)\n    at SMTPConnection._onData (/var/www/cbdinfo/versions/5.63.0/node_modules/smtp-connection/lib/smtp-connection.js:493:10)\n    at TLSSocket.emit (node:events:513:28)\n    at addChunk (node:internal/streams/readable:315:12)\n    at readableAddChunk (node:internal/streams/readable:289:9)\n    at TLSSocket.Readable.push (node:internal/streams/readable:228:10)\n    at TLSWrap.onStreamRead (node:internal/stream_base_commons:190:23)","hideStack":false},"msg":"Error sending email: Failed to send email. Reason: Sending failed. Please check your email settings and resend the invitation.","time":"2023-09-17T00:03:54.612Z","v":0}

I have tried various edits from other threads i.e. true/false, ports, etc Initially use what worked for Mailgun.

      "secure": false,
      "requireTLS": true,

Any suggestions would be appreciated.

I ran your JSON log through a JSON formatter to read it more easily.

It has references in there to I’m not sure if that’s because you anonymized the logs, or because part of your configuration still references If, so that could be part of the issue.

Ghost currently calculates the the domain used for sending based on the domain name of the blog. There are related issues and PRs about possibly changing behavior here. See for example: mail__from environment variable ignored or overridden · Issue #18047 · TryGhost/Ghost · GitHub

So, it could be trying to send an email from and Send Grid is rightly not allowing you to send on behalf of that domain.

Your logs also make reference to Perhaps that’s your actual domain.

Using dig, I can check the TXT record for that domain, which shows that it has an SPF record which only authorizes sending on behalf of that domain by Outlook and not other services.

“On Behalf Of”

I expect that mail clients like Gmail will continue to show the “on behalf of” text until your third-party provider is completely authorized to send on behalf of your domain.

I’m sorry, this part of email can be a pain. I recommend reviewing the documentation at Mailgun or SendGrid to follow all the steps they recommend for smooth sailing when you send mail out through them.

@markstos Thanks for the reply and effort!
You are correct, is a effort to anonymize the post looks like I missed one occurrence.
The domain is setup per Sendgrid and works fine with other systems namely Discourse.

Gmail clients are not showing on behalf of.

Thanks for the Github link. Looking at that now

Looks like you were on to something useful.
Any idea why it was closed as “Not Planned” by @daniellockyer ??

Different email systems will be more or less strict about how they authenticate if the sending domain is an authorized sender for that domain.

Whether you use SendGrid or Mailgun, I recommend you check out their documentation for at least setting up an SPF record for your domain:

There answer was in the comment he left just before that-- the issue is considered a dupe of another issue that’s already open:

If you have a Github account, you can subscribe to updates to that issue if you’d like, but you may continue to experience deliverability problems records until you update your DNS with an SPF record to authorize SendGrid or Mailgun on your behalf.

Ghost also has a resource page on email deliverability that covers the topic in more detail:

I saw that but most issues there are closed and #12802 was opened in 2021

As for SPF… It is set up for the actual sending domain which is, per Mailgun instructions, a subdomain of apex domain. In this case as with all my Ghost/Mailgun instances,

I would like to get Sendgrid working correctly with at least one Ghost instance.

I suspect Ghost email would work great if Mailgun sending domain was set up as apex domain. Think I will try that.

Then you need to setup up DNS records for SendGrind as well. mail2 subdomain correctly has an SPF record authorizing MailGun, but not SendGrid.

See SendGrid’s docs about this:

That is not necessary. I use Ghost with Mailgun myself and followed Mailgun’s advice to use a subdomain for sending and that has been working fine for me.

Can I message you with an email addy to as contributor to one of your instances?

Are you asking if you be added as a contributor on one of my Ghost instances? I’m sorry, that option is not available.

no worries
any way, thanks

Here’s Mailgun’s page about “On Behalf Of”:

Thanks for that @markstos
I have been going back and forth a bit with Mailgun around the premise of that article. The mailgun position is that “on Behalf of” is ok. It may be true that deliverability is not impacted but the user experience certainly is.

From: on behalf of Example Domain Company

Is not so good

From: Example Domain Company

Much preferred, at least to me. :wink:

So I was able to get the desired header behavior at gmail and non gmail inboxes on Ghost instances at and for both newsletter send and staff invite emails.
The bad news is Ghost apparently uses a different send process for signup/subscribe. Inputting a support address yield garbage headers again. My guess is this is due the issues @markstos cited above.
More bad news is the buggy or at least quirkiness setting up newsletter api and smtp config. I will document that in a subsequent Bug post.

Here is what worked for me to get emails into gmail and outlook / exchange inboxes with simple clean “From” address.

Ghost instance using www
Use apex for newsletter
Mailgun domain:
Ghost respects blog url for setting From address in some or most? transactional mail.
SMTP Mailgun domain:

Ghost instance using blog. subdomain
Similar to above (no www)
Mailgun domain:
SMTP Mailgun domain:

I think some PRs will need accepting to address the “hoop jumping requirements” above as well as the header issue for subscription/signup emails as they are not pretty, yet. :wink:

Perhaps an admin or mod could retitle and or move/split. This thread is more about Mailgun and email setup than Sendgrid config.

Ghost has separate email configuration for transactional email and bulk mail. See the docs for configuring Ghost to send transactional emails:

Thanks @markstos but does not seem germaine :slight_smile:

The fundamental problem is how non-GhostPro installs handle email which is somewhat paradoxical given Ghost mantra.

Like I said earlier, you are on to a corrective path in mail__from environment variable ignored or overridden · Issue #18047 · TryGhost/Ghost · GitHub

Others are doing similar but changes seem to move at snails pace.