# Configure a custom email account Sending emails using the **Send Email** action node, as well as the login & pin-code emails, use the built-in Appfarm Mailgun Account by default. The sender domain of this email is an Appfarm-domain, whereas the Display Name will default to your Solution name. However, some customers prefer these emails to be sent with their own domain as email address. This is supported by setting up either a Mailgun account, Amazon SES account or SendGrid account. ## Mailgun Here's a short step-by-step guide for setting up your custom email account using Mailgun as email provider. ### On mailgun.com and your domain Go to `https://mailgun.com`, set up an account (if you do this on behalf of someone else, they should set up the Mailgun account) 1. Click “Sending” 2. Click “Add new domain”. Here you name the domain you want to use. For instance mg.mydomain.com (Mailgun recommends using “mg.” before the domain, read why on mailgun.com). You have to choose a region, this may have something to do with where the mail is sent from. 3. Save and see that you can find your new domain under “Domains”. Click on the domain. Here you see an overview of what you need to do in order to get it up and running 4. Go to your domain and add the DNS records from your domain in Mailgun. You have to add the types TXT and MX to be able to send emails. 5. Go back to Mailgun, find your domain under “Domains”. This should now have a green checkmark. 6. Go to the dashboard and click “API keys”. You need the private API key to set up email settings in Appfarm. You also need the email domain (name found in “Domains”). ### In Appfarm Create 1. Add the private API key as a Secret (**Permissions** > **Secrets**) 2. Go to **Environment Config**. **The following has to be done in each environment**. 3. Select Email provider **Mailgun**. 4. Email domain: “Name” from Domains on mail gun 5. Default Sender Address: This is what the sender in your email will look like. For instance default sender address can be: Human Resources . Mydomain.com is the Email domain. 6. Mailgun API key: Choose the Secret you added in step 1. 7. Mailgun API key (deprecated): Add the private API key (necessary per may 2021, this dependency will be removed) 8. Mailgun region: This has to correspond with what you choose for your domain when you added it on mailgun.com ## Amazon SES Here's a short step-by-step guide for setting up your custom email account using Amazon SES as email provider. ### On aws.amazon.com/ses/ and your domain Sign up on [`https://aws.amazon.com/ses/`](https://aws.amazon.com/ses/) 1. Navigate to SES (Simple Email Service) 2. Navigate to Configuration -> Verified Identities 3. Click "Create identity". You will need the Access Key ID and Secret Access Key 4. Set up your domain with "DKIM". Follow the instructions. This also requires setting up CNAME entries. ### In Appfarm Create 1. Add the Secret Access Key as a Secret (**Permissions** > **Secrets**) 2. Go to **Environment Config**. **The following has to be done in each environment**. 3. Select Email provider **Amazon SES**. 4. Default Sender Address: This is what the sender in your email will look like. For instance, default sender address can be: Human Resources . Mydomain.com is the Email domain. 5. AWS Access Key ID: Enter the Access Key ID (found in AWS) 6. AWS Secret Access Key: Choose the Secret you added in step 1. 7. AWS region: This has to correspond with what you chose for your domain when you added it on AWS. Example: us-east-1. ## SendGrid This guide assumes you have created a SendGrid account and configured your sender identity. ### In SendGrid 1. In your [SendGrid](https://sendgrid.com/) account, go to **Settings** > **API Keys**. 2. Click **Create API Key**. 3. Configure the API key. It must be configured with access to **Mail Send**. 4. Once the API key is created, record the value as it will not be shown again. ### In Appfarm Create 1. In your Appfarm Solution, add the SendGrid API key as a [Secret](/reference/security/secrets.md) (**Permissions** > **Secrets**). 2. Go to **Environment Config**. (The following has to be done in each [environment](/getting-started/key-concepts.md#environment) you wish to use SendGrid). 3. For **Email provider** select **SendGrid**. 4. For **SendGrid API Key** select the Secret you added in step 1. 5. For **Default Sender Address** enter an email address that matches your sender identity configuration in SendGrid. This value will be used as the sender (from name and address) in emails sent via Appfarm . It can be either an email only (for example, `human.resources@example.com`) or a combined from name and email address within angled brackets (for example, `Human Resources `). ## Microsoft 365 Appfarm supports sending email through your Microsoft 365 account using either the **Microsoft Graph API** or **SMTP with OAuth 2.0**. Both methods require an app registration in Microsoft Entra ID (Azure AD). The Graph API is the recommended approach — it is simpler to configure and does not require an Exchange Online license for the sending mailbox. There are two transport methods to choose from: | Method | Protocol | Entra ID permission type | Exchange Online license required | | --------------------------- | ---------------------------------- | ----------------------------------------- | -------------------------------- | | **Graph API** (recommended) | HTTPS via Microsoft Graph | Application permission (`Mail.Send`) | No | | **SMTP** | SMTP AUTH via `smtp.office365.com` | Application permission (`SMTP.SendAsApp`) | Yes, on the sending mailbox | ### Microsoft Graph API (recommended) **In Microsoft Entra ID** 1. Go to the [Azure portal](https://portal.azure.com) and navigate to **Microsoft Entra ID** > **App registrations**. 2. Click **New registration**. * Give it a name (e.g. "Appfarm Email"). * Set **Supported account types** to *Accounts in this organizational directory only*. * No redirect URI is needed. 3. After creation, note the **Application (client) ID** and **Directory (tenant) ID** from the Overview page. 4. Go to **Certificates & secrets** > **Client secrets** > **New client secret**. Record the secret value — it will only be shown once. 5. Go to **API permissions** > **Add a permission** > **Microsoft Graph** > **Application permissions**. * Add `Mail.Send`. 6. Click **Grant admin consent** for your organization. **In Appfarm Create** 1. Add the Client Secret as a Secret (**Permissions** > **Secrets**). 2. Go to **Environment Config**. The following must be done in each environment. 3. For **Email Provider**, select **Microsoft 365**. 4. For **Microsoft 365 Client ID**, enter the Application (client) ID from step 3 above. 5. For **Microsoft 365 Client Secret**, select the Secret you added in step 1. 6. For **Microsoft 365 Tenant ID**, enter the Directory (tenant) ID from step 3 above. 7. Check **Use Microsoft Graph API**. 8. For **Default Sender Address**, enter the sender address. This must be a valid mailbox or shared mailbox in your Microsoft 365 tenant. The format can be either a plain email (`noreply@example.com`) or a display name with email (`Human Resources `). ### SMTP **In Microsoft Entra ID** 1. Follow steps 1–4 from the Graph API section above to create an app registration and obtain the Client ID, Tenant ID, and Client Secret. 2. Go to **API permissions** > **Add a permission** > **APIs my organization uses** > search for **Office 365 Exchange Online** > **Application permissions**. * Add `SMTP.SendAsApp`. 3. Click **Grant admin consent** for your organization. 4. Register a service principal for the app and grant it permission to send as the desired mailbox. This requires Exchange Online PowerShell: ``` # Connect to Exchange Online Connect-ExchangeOnline -Organization # Register the service principal New-ServicePrincipal -AppId -ObjectId # Grant send-as permission on the mailbox Add-RecipientPermission -Identity -Trustee -AccessRights SendAs ``` {% hint style="info" %} **Good to know** `` must be copied from the **Enterprise Applications** blade in Entra, not from the App Registrations Overview page. The two pages display different Object IDs, and using the wrong one causes silent authentication failures when Appfarm attempts to send mail. {% endhint %} See [Microsoft's documentation on SMTP AUTH with OAuth](https://learn.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth) for full details. **In Appfarm Create** 1. Add the Client Secret as a Secret (**Permissions** > **Secrets**). 2. Go to **Environment Config**. The following must be done in each environment. 3. For **Email Provider**, select **Microsoft 365**. 4. For **Microsoft 365 Client ID**, enter the Application (client) ID. 5. For **Microsoft 365 Client Secret**, select the Secret you added in step 1. 6. For **Microsoft 365 Tenant ID**, enter the Directory (tenant) ID. 7. Leave **Use Microsoft Graph API** unchecked. 8. For **Default Sender Address**, enter the sender address. This must match a licensed Exchange Online mailbox that the service principal has permission to send as. Format: `Human Resources ` or `hr@example.com`. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.appfarm.io/how-to/integrations/configure-mailgun-account.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.