← All docs

Send mail from @sponicgardens.com via Gmail

Compose and reply from [email protected] (or any alias) inside your normal Gmail — replies route back through Cloudflare Email Routing into the same inbox.

2026-05-03 Dev task ~5 min per alias Touches: Gmail · Resend SMTP · CF Email Routing

Superseded for new setups

This doc uses Resend SMTP. As of 2026-05-22 we switched outbound relay to Brevo because Resend’s idempotency handling breaks Gmail retries (550 There is another request in progress with the same idempotency key). New team members should follow the New member email setup guide which uses Brevo SMTP. This doc is kept for reference and for existing setups that still use Resend.

Prerequisite (Resend — legacy)

The sponicgardens.com domain must already be verified on Resend (DKIM + SPF records live on the wingsiebird Cloudflare zone). Check status in the Resend dashboard → Domains → sponicgardens.com; it should read "Verified" before you start.

For the broader architecture (CF Email Routing rules, Resend setup, DNS records, how to add new aliases), see Email system — architecture & current state.

How the round-trip works

Outbound: Gmail compose (From: [email protected]) → Resend SMTP (smtp.resend.com:587) → recipient Inbound: recipient hits Reply → To: [email protected] → Cloudflare Email Routing (catch-all on sponicgardens.com) → [email protected] (your real inbox) → (optional) Gmail filter re-forwards to sonia245g, etc.

Both legs are already wired at the infrastructure layer. This doc only covers the per-Gmail-account "Send mail as" step.

One-time setup per alias

1. Grab the Resend SMTP credentials

Resend exposes a single SMTP endpoint that any verified-domain address can send through. From Bitwarden (folder devops-sponic):

Item: Resend — Sponic Gardens Email (id 87184c25-8884-497c-94d2-b41600586a6e)
Use the API Key (Sending Only) custom field — the sending-only key is safer to paste into a Gmail box than the full-access key. The full-access key is fine if that's what you already have handy.

export BW_PASSWORD=$(security find-generic-password -a "[email protected]" -s "bitwarden-cli" -w)
SESSION=$(/opt/homebrew/bin/bw unlock --passwordenv BW_PASSWORD --raw 2>/dev/null)
/opt/homebrew/bin/bw get item 87184c25-8884-497c-94d2-b41600586a6e --session "$SESSION" \
  | jq -r '.fields[]|select(.name=="API Key (Sending Only)").value'

2. Add "Send mail as" in Gmail

In the Gmail account that receives mail for this alias (today: [email protected]):

Open Settings → Accounts and Import.
Under Send mail as, click Add another email address.
Fill in:
- Name: the display name you want recipients to see (e.g. "Rahul Lio").
- Email address: the alias, e.g. [email protected].
- Leave Treat as an alias checked.

Click Next Step. Gmail asks for SMTP credentials. Enter:

SMTP Server	`smtp.resend.com`
Port	`587`
Username	`resend` (literal string, not your email)
Password	your Resend API key (from step 1)
Secured connection	TLS (STARTTLS) — the default on port 587

Click Add Account. Gmail sends a verification code to the alias.

3. Confirm the verification code

Cloudflare Email Routing forwards the code from [email protected] back to [email protected] — usually within seconds. Open the message, click the confirmation link or copy the code into the still-open Gmail dialog. Done.

4. Make it the default for this alias (optional)

Back in Settings → Accounts, you can:

Click make default next to the alias if you want every new compose to default to it.
Or leave the personal address as default and select the alias per-message via the From dropdown in the compose window.
Set "When replying to a message: Reply from the same address the message was sent to" — this is what makes replies to [email protected] automatically come from [email protected].

Send a test message

Compose a new mail in Gmail. In the From dropdown, pick the alias.
Send to a different mailbox you can check (not the same Gmail — see the gotcha below).
Confirm the recipient sees From: Rahul Lio <[email protected]>.
Hit reply on the recipient side. The reply should land back in [email protected] within a minute.

Gmail self-loop dedup — don't test by sending to yourself

If you send from [email protected] (via the alias) to any address that ultimately routes back to [email protected], Gmail silently suppresses the inbox copy — the message only shows up in Sent. Looks like forwarding broke; it didn't. Always test with a non-Gmail external recipient (or a different Gmail account).

Repeat for additional aliases

One Send mail as entry per alias. Re-run steps 2–3 for each one:

Same SMTP host / port / username / password every time — only the address and display name differ. The verification email always lands in the same Gmail inbox because the catch-all on sponicgardens.com forwards everything to [email protected].

If a collaborator wants to send from their own Gmail

The same flow works in any Gmail account. Add the collaborator's address as a destination in Cloudflare Email Routing first (they'll get a CF verification email), wire a forwarding rule to them, then they repeat the Send mail as setup in their Gmail using the same Resend SMTP creds.

Limits and caveats

Resend free tier: 3,000 emails/month, 100/day. Plenty for personal correspondence; bump the plan if a real send-blast lands in scope.
From address must be on a Resend-verified domain. If you try to send from [email protected] (the deprecated single-s domain) after verification is moved to sponicgardens.com, Resend will reject the message at SMTP time.
One sending identity per Gmail "Send mail as" entry. Aliases don't auto-fan out; each one needs its own entry.
Replies require the inbound chain to be intact. If you remove the sponicgardens.com catch-all in Cloudflare, replies disappear silently — outbound still works, but you'll never see the answers.
Display name shows what you set in Gmail, not what's on the Resend account. Pick something the recipient will recognize.

Troubleshooting

Symptom	Likely cause / fix
Verification email never arrives	Catch-all on `sponicgardens.com` isn't routing — check Cloudflare → Email Routing → Routes for the zone, confirm catch-all is enabled and points at `[email protected]`. Also confirm MX records resolve to `route1/2/3.mx.cloudflare.net` (`dig MX sponicgardens.com`).
Gmail says "Authentication failed" on Add Account	Wrong SMTP creds. Username is the literal string `resend` — not your email. Password is the API key, no `Bearer` prefix.
Sent message bounces with "550 from address not authorized"	Resend domain not verified. Check the Resend dashboard; the domain must be green/verified before sends are accepted.
Reply from external recipient never arrives	The To-address didn't match a routing rule. Catch-all should cover it; if you only have specific-address rules, add the alias.
You sent a test from your own Gmail and saw nothing	Gmail self-loop dedup — see the warning above. Test from a different account or a non-Gmail mailbox.

Doc owner: Rahul. Last updated 2026-05-03. Related infra: Cloudflare Email Routing on the wingsiebird account, Resend domain sponicgardens.com (id 36395b8c-d435-4f8a-8049-7fa828607a12).