Securely Send Mail from Code with Python

Share This!


Securely send mail from code: Sending mail with Python is very easy. just a few lines of code. But what that password that you are writing in your source code?

Let’s talk about sending emails with Python first.

Send mail in 4 Lines of Code with Python

I cover this in my free course on Monitoring Online Store Prices. You can sign-up and see how to send mail along with topics like web scrapping and CSV. Here is the simple code:

with smtplib.SMTP("",587) as smtp:
    smtp.login(USER, PASS)
    smtp.sendmail(from_address, to_address, message_text)

Note that I have not used ehlo()— read as “Hello”. This is optional here as it is sent anyway in the background. Your code would work without it but include if you get errors. See my free course for the working example.

Above will not send a subject. If you want to send Subjet too, create a string with this syntax where xxx is your subject line yyy is your mail body – Subject:xxx\n\nyyy

subject_and_message = f"Subject:{subject}\n\n{body}"
smtp.sendmail(from_address, to_address, subject_and_message)

Wait! This code will not work until you turn on this setting in Google account

Turn on Less Secure Apps

Note that for this code to work, you would need to turn on Less Secure Apps in Google Account settings. More on this later. Let’s talk about the security loopholes here.

Security Loophole – Password in your code!

The biggest loophole in this code is that USER and PASS need to be stored in the code somewhere. This obviously is a huge security loophole.

You can remove it from the code by:

  • Save it in a separate file and add to .gitignore so that it is not saved in the code repository
  • Better yet, create an environment variable on the machine where the code is running and in the source code, just read this.
import os

# Print all variables as key-value pairs

# Returns value of variable PASS. Raises KeyError if not found

# Returns value of variable PASS. Returns None if not found

# Returns value of variable PASS. Returns DEFAULT if not found

This should take care of the loophole one.

Now about to Less secure apps. Without turning it on, Google will not allow you to send mail programmatically without it and turning it on will “make it easier for hackers to get into your account.”

So what is the best way to secure your account? The answer is two-factor authentication. So you would need your password AND a second temporary password, like a code from SMS, to log into your account.

The problem is that if you can’t use two-factor authentication programmatically.

Does it sound like catch-22? Actually, Google has an answer:

Meet App Passwords

Securely send mail from code is possible with App Passwords.

These are special 16 character passwords, generated by Google to be used by apps only. These will bypass two-factor authentication, but cannot be used to login to your Google account directly.

Go to to create one and use that for your programming needs!

Do not forget to download the free guide on Transponse Tables in Word and signing up for my free course on monitor prices with python.

Do you want to learn Web Scraping in ONE HOUR?

Sign-up now for our Free Course!

More To Explore

Ready To

Say bye to the boring courses that put you to sleep immediately.

Learn how to monitor online store prices, save data to CSV file, and even send mail alerts—all of this in less than 1 hour!

Enter your details to receive your invite for FREE.


Get Free Material Now

Learn how we helped so may people Learn Python and land a job!