The SMTP authentication credentials (username and/or password) you provided are incorrect or have expired. The server rejected your login attempt. Update your credentials immediately.
What Does Error 5.7.8 Mean?
Enhanced status code 5.7.8 means the username and/or password provided during SMTP AUTH were rejected by the server. This is a straightforward credential issue - the login attempt failed. This commonly occurs when sending through a relay server or SMTP submission service.
Common causes include expired passwords, password rotation by IT administrators, disabled accounts, or using OAuth tokens that have expired. Many organizations now require app-specific passwords or OAuth2 for SMTP authentication rather than regular account passwords.
Common Causes
- Password has been changed or expired
- Username is incorrect or account does not exist
- Account has been disabled or suspended
- Using regular password instead of required app-specific password
- OAuth2 token has expired and needs to be refreshed
How to Fix Error 5.7.8
- Verify your SMTP username and password are correct
- Check if the password was changed or expired
- Generate a new app-specific password if required (Gmail, Microsoft)
- Refresh your OAuth2 token if using OAuth authentication
- Contact your email service provider for credential issues
Frequently Asked Questions
Error 535 5.7.8 means the SMTP server rejected the login credentials you provided for authentication. Your username, password, or both are incorrect, or the authentication method being used is not permitted for your account. This is the most common SMTP authentication error, frequently seen with Gmail, Microsoft 365, and other major providers when configuring email clients, applications, or scripts to send mail through their SMTP servers.
Gmail returns 5.7.8 even with the correct password if your account has two-factor authentication (2FA) enabled and you are using your regular password instead of an App Password. Google no longer supports "Less Secure Apps" access, so regular passwords cannot be used for SMTP authentication. You must generate a 16-character App Password in your Google Account security settings (under "App Passwords") and use that instead of your normal password.
Microsoft has disabled Basic Authentication (SMTP AUTH) by default for all tenants. You need to either re-enable SMTP AUTH for specific mailboxes that require it (via Exchange Admin Center or PowerShell) or switch to OAuth 2.0 authentication. For applications, use the Microsoft Identity Platform to obtain OAuth tokens. If SMTP AUTH is enabled but still failing, verify the username is the full email address, the password is current, and you are connecting to smtp.office365.com on port 587 with STARTTLS.
An App Password is a one-time generated 16-character code that replaces your regular password for applications that do not support modern authentication (OAuth 2.0) or two-factor authentication prompts. In Gmail, go to your Google Account > Security > 2-Step Verification > App Passwords, select "Mail" and your device, then click Generate. Copy the 16-character code (without spaces) and enter it as your password in your email client or application's SMTP settings.