Back

A Beginner's Guide to Sending Emails with Node.js

OpenReplay Team OpenReplay Team

Nov 11, 2025 · 3 min read

A Beginner's Guide to Sending Emails with Node.js

Email functionality is essential for modern web applications. Whether you’re building user authentication with password resets, sending order confirmations, or triggering system notifications, your Node.js backend needs reliable email capabilities. This guide walks you through setting up Nodemailer with Gmail, explores alternative solutions like EmailJS and Mailtrap, and covers security best practices for production-ready backend email setup.

Key Takeaways

  • Nodemailer is the most popular Node.js email library with zero dependencies
  • Gmail App Passwords provide a quick setup for beginners while OAuth2 offers better security for production
  • Mailtrap helps test email functionality without sending real emails
  • Dedicated email API services provide better deliverability and analytics for production applications

Why Nodemailer is the Go-To Solution

Nodemailer is the most popular Node.js email library with zero dependencies. It supports SMTP, OAuth2, HTML emails, attachments, and multiple transport methods. Its simplicity and flexibility make it ideal for beginners while remaining powerful enough for production applications.

Setting Up Your First Email with Node.js and Gmail

Step 1: Install Nodemailer

Create a new Node.js project and install Nodemailer:

mkdir email-app && cd email-app
npm init -y
npm install nodemailer dotenv

Step 2: Configure Gmail with App Password

For Gmail OAuth2 alternatives, use an App Password (recommended for beginners):

  1. Enable 2-factor authentication in your Google account
  2. Generate an App Password at myaccount.google.com/apppasswords
  3. Create a .env file:
GMAIL_USER=your-email@gmail.com
GMAIL_APP_PASSWORD=your-16-char-password

Step 3: Write Your Email Sending Code

Create an index.js file with this working example:

require('dotenv').config();
const nodemailer = require('nodemailer');

// Create transporter with Gmail SMTP
const transporter = nodemailer.createTransport({
  service: 'gmail',
  auth: {
    user: process.env.GMAIL_USER,
    pass: process.env.GMAIL_APP_PASSWORD
  }
});

// Email options
const mailOptions = {
  from: process.env.GMAIL_USER,
  to: 'recipient@example.com',
  subject: 'Test Email from Node.js',
  text: 'This email was sent using Nodemailer!',
  html: '<h1>Hello!</h1><p>This email was sent using <b>Nodemailer</b>!</p>'
};

// Send email
transporter.sendMail(mailOptions, (error, info) => {
  if (error) {
    console.error('Error:', error);
  } else {
    console.log('Email sent:', info.response);
  }
});

Authentication Best Practices

Never hardcode credentials in your source code. Always use environment variables through the dotenv package. For production environments, consider:

  • OAuth2: More secure than passwords but requires additional setup with Google Cloud Platform
  • App Passwords: Quick solution for Gmail when 2FA is enabled
  • Email API services: Often provide better deliverability and simpler authentication

Alternative Email Solutions for Node.js

Mailtrap for Development Testing

Mailtrap provides a fake SMTP server that captures emails without sending them to real recipients. Perfect for testing:

const transporter = nodemailer.createTransport({
  host: 'sandbox.smtp.mailtrap.io',
  port: 2525,
  auth: {
    user: 'your-mailtrap-user',
    pass: 'your-mailtrap-password'
  }
});

EmailJS for Lightweight Applications

EmailJS offers a simpler alternative to Nodemailer for basic email needs:

npm install emailjs
import { SMTPClient } from 'emailjs';

const client = new SMTPClient({
  user: process.env.EMAIL_USER,
  password: process.env.EMAIL_PASS,
  host: 'smtp.gmail.com',
  ssl: true
});

client.send({
  text: 'Test message',
  from: 'sender@example.com',
  to: 'recipient@example.com',
  subject: 'Test Email'
}, (err, message) => {
  console.log(err || message);
});

Production-Ready API Services

For production applications, consider dedicated email API providers:

  • SendGrid: Robust API with detailed analytics
  • AWS SES: Cost-effective for high volumes
  • Mailgun: Developer-friendly with good documentation
  • Postmark: Focused on transactional email delivery

These services offer better deliverability, built-in analytics, and handle the complexity of email infrastructure.

Security and Maintenance Tips

  1. Use environment variables for all credentials
  2. Enable 2FA on email accounts used for sending
  3. Implement rate limiting to prevent abuse
  4. Keep Nodemailer updated with npm update nodemailer
  5. Validate email addresses before sending to reduce bounces
  6. Monitor delivery rates and handle failures gracefully
  7. Use OAuth2 for Gmail in production environments when possible

Conclusion

Setting up email functionality in Node.js is straightforward with Nodemailer. Start with Gmail and an app password for quick prototypes, use Mailtrap for testing, and consider dedicated email services for production. The key is choosing the right solution for your needs while maintaining security through proper credential management and keeping your dependencies updated. Whether you use SMTP, Gmail OAuth2, or an email API, Node.js provides the flexibility to integrate email into any backend architecture.

FAQs

Yes, you can use any SMTP server or email service provider. Popular alternatives include Outlook, Yahoo Mail, or dedicated services like SendGrid, Mailgun, and AWS SES. Each has its own SMTP settings and authentication requirements.

Common causes include missing SPF and DKIM records, sending from free email providers, poor sender reputation, or suspicious content. Using dedicated email services with proper domain authentication typically improves deliverability rates significantly.

Gmail limits sending to 500 recipients per day for regular accounts and 2000 for Google Workspace accounts. For higher volumes, switch to dedicated email services like SendGrid or AWS SES which handle millions of emails daily.

Environment variables are safer than hardcoding but not completely secure. For production, use secret management services like AWS Secrets Manager, HashiCorp Vault, or your platform's built-in secret storage to protect sensitive credentials.

Gain Debugging Superpowers

Unleash the power of session replay to reproduce bugs, track slowdowns and uncover frustrations in your app. Get complete visibility into your frontend with OpenReplay — the most advanced open-source session replay tool for developers. Check our GitHub repo and join the thousands of developers in our community.

OpenReplay

More articles from OpenReplay Blog