OAuth Sending

Send from your own inbox. No passwords stored.

Connect Google Workspace and Microsoft 365 directly via OAuth. Tokens are encrypted at rest with AES-256-GCM. Sending goes through Gmail API and Microsoft Graph — your infrastructure, your deliverability.

Start free trial →See self-hosting →

See it in action

Add sending identity
GoogleMicrosoftSMTP
G
Gmail / Google Workspace
O
Outlook / Microsoft 365
Z
Zoho Mail
[email protected]AES-256-GCM

How it works

01

OAuth — no passwords

Google and Microsoft accounts connect via the standard OAuth 2.0 flow. No SMTP passwords are requested or stored. The OAuth access token is encrypted at rest using AES-256-GCM before being written to the database. The encryption key is stored separately from the token — a compromised database record alone is not sufficient to access your inbox.

1. Authorise
2. Token received
3. AES-256-GCM encrypted
4. Stored in DB
02

Sends via Gmail API and Microsoft Graph

ForgeSend dispatches email via the Gmail API for Google accounts and Microsoft Graph for Microsoft 365 accounts. Both APIs route through Google's and Microsoft's own delivery infrastructure — not a third-party relay. Your sending reputation is tied to your own domain, not a shared IP pool. Unsubscribes and bounces are handled natively.

Send job
GO
Delivered
no third-party relay
03

SMTP fully supported

For any inbox not on Google or Microsoft — Zoho, Yahoo, cPanel, or any custom host — ForgeSend supports full SMTP and IMAP configuration. Auto-fill presets for common providers. Test connection before saving. App password support for providers that require it. SMTP inboxes join the rotation pool immediately on connection.

G
O
Z
Y
C
+
SMTP auto-fill presets
04

Self-hosted credential sovereignty

On self-hosted deployments, inbox credentials never leave your own infrastructure. OAuth tokens and SMTP app passwords are encrypted and stored in your own PostgreSQL database on your own VPS. No third party — including ForgeSend — has access to your credentials. This is not possible with any other cold email platform.

Your VPSYour DB (tokens)Gmail API
no ForgeSend server in chain
0
Bit AES-GCM encryption on all stored tokens
0
Inbox types supported — Gmail, Outlook, SMTP
0
Passwords stored in plaintext

Common questions

Does ForgeSend store my Google or Microsoft password?

No. OAuth means you authorise ForgeSend to access your inbox without sharing your password. Only an encrypted access token is stored.

What encryption is used for stored tokens?

AES-256-GCM. The encryption key is stored separately from the encrypted token in the database.

Does OAuth work for self-hosted deployments?

Yes. You configure your own Google OAuth app and Microsoft Azure app. Tokens are stored encrypted in your own database.

What SMTP providers are supported?

Any SMTP provider. ForgeSend includes auto-fill presets for Gmail, Outlook/M365, Zoho, Yahoo, and cPanel/Fasthosts.

Related features

Inbox Rotation
Spread send volume across all connected inboxes automatically.
Inbox Health
DNS checks, token health, and capacity verified before every send.
Self-Hosting
Run ForgeSend on your own VPS — your credentials never leave your server.

Your inbox. Your credentials. Your rules.

Connect Gmail, Outlook, or SMTP — tokens encrypted, infrastructure yours.

Start free trial →See self-hosting →