How to fix “TLS Negotiation failed” error when using Gmail

Starting in April 2020, Gmail started enabling TLS by default to increase email security. If you are using a non-Gmail account in Gmail using the Send mail as feature, chances are high that you would’ve faced issues recently while sending mails. And if you manage your work email account through Gmail, you know how frustrating it is to not able to send emails.

If you try to send an email, it appears as if the email is sent, but in a few moments, it would bounce and you’ll get a non-delivery report (NDR) from Mail Delivery Subsystem <mailer-daemon@googlemail.com>:

Quick-fix for “TLS Negotiation failed” error while using Gmail’s ‘Send mail as’ feature

After browsing this issue in several forums, I could see that this error occurs due to two reasons: Self-signed certificates and SSL certificates which do not match with the mail server name. You can resolve the issue by changing the Simple Mail Transfer Protocol (SMTP) Server:

• Click the gear icon in the top-right of your Gmail account’s desktop site and select Settings.
• Go to the Accounts and Import tab and scroll down to Send email as section. Click edit info next to the email alias you are facing issues with.
• If you want to edit your name, you can do it in the Name text-box. Click Next Step » button.
• In the SMTP Server text-box, enter the correct outgoing mail SMTP server name (aka hostname). If you manage your own SMTP server, get an SSL certificate signed by a recognized Certificate Authority (CA) and enter it.
• If you got the email alias from a hosting provider like me, change from your old mail server subdomain mail.utilitylog.com to canonical SMTP outgoing server name smtp.dreamhost.com.
• Enter your email alias and your email password in the Username & Password fields. Also, make sure that the correct Port is selected. In my case, it is 465.
• Also, choose Secured connection, using SSL. Click Save Changes. You should now see the updated SMTP settings under your email alias in the Send mail as section.

Generally, smtp.yourhostingprovider.com should work. However, you can contact your email hosting provider and get the correct mail outgoing SMTP server name. You can also try to find these settings by going to your hosting panel and looking for mail exchanger (MX) records. Or you can find your mail SMTP server name using these commands:

Windows

1. Open Command Prompt and type nslookup, then hit Enter.
2. Type set type=MX and hit Enter.
3. Type the domain name utilitylog.com and hit Enter. You will get the SMTP hostname(s).

Mac or Linux

1. Open Terminal and enter nslookup -q=MX domain name
2. You will get the SMTP hostname(s).

If the above commands return more than one hostname, make sure you’re using the correct hostname that’s on the server’s certificate.

If this still doesn’t work, you can enable a non-secure connection for a brief time until you get the correct information from your email service provider. Note that this isn’t recommended and your emails won’t be protected. To do so:

• Choose Port 25 and then select the Unsecured connection option that appears. Click Save Changes.

In the case of G Suite, here is a guide for you. The above steps might change depending on your use-case. However, contacting your email hosting provider and looking for the issue in your provider’s support pages would be the right way to resolve this issue.