Sending emails is a critical feature for most Laravel applications. Whether it’s account verification, password reset, or notifications, email delivery must work reliably.
However, many developers face the following error when configuring AWS SES with Laravel:
SMTP Error 535: Authentication Credentials Invalid
This article explains why this error occurs, what it actually means, and how to fix it permanently in Laravel.
Understanding the Error
The full error usually looks like this:
Failed to authenticate on SMTP server using authenticators LOGIN, PLAIN.
Expected response code 235 but got 535.
Authentication Credentials Invalid.
What does this mean?
- Laravel successfully connects to the SMTP server
- The SMTP server rejects the username or password
- Authentication fails before sending any email
This is not a Laravel bug.
This is almost always a configuration issue with AWS SES SMTP credentials.
Why This Error Happens (Most Common Reasons)
1. Using IAM Access Keys Instead of SMTP Credentials
AWS SES does not accept normal IAM Access Key & Secret Key directly for SMTP authentication.
Many developers mistakenly copy:
AWS_ACCESS_KEY_IDAWS_SECRET_ACCESS_KEY
and paste them into:
MAIL_USERNAME
MAIL_PASSWORD
❌ This will always fail with a 535 error.
2. Wrong AWS SES Region
AWS SES is region-specific.
If your SES is created in:
ap-south-1→ you must useemail-smtp.ap-south-1.amazonaws.com
Using the wrong region host causes authentication failure.
3. Special Characters in SMTP Password
SES SMTP passwords often contain:
+/=
If the password is not wrapped in quotes, Laravel may parse it incorrectly.
4. Laravel Config Cache Still Using Old Values
Laravel caches configuration aggressively.
Even after fixing .env, Laravel may still use old credentials.
Correct Way to Configure AWS SES SMTP in Laravel
Step 1: Generate AWS SES SMTP Credentials
Do not use IAM access keys.
- Go to AWS Console
- Open Simple Email Service (SES)
- Navigate to SMTP Settings
- Click Create SMTP Credentials
- AWS will generate:
- SMTP Username
- SMTP Password
Save them securely.
Step 2: Update Laravel .env File
MAIL_MAILER=smtp
MAIL_HOST=email-smtp.ap-south-1.amazonaws.com
MAIL_PORT=587
MAIL_USERNAME=YOUR_SES_SMTP_USERNAME
MAIL_PASSWORD="YOUR_SES_SMTP_PASSWORD"
MAIL_ENCRYPTION=tls
MAIL_FROM_ADDRESS=contact@yourdomain.com
MAIL_FROM_NAME="Your Website Name"
Important Notes
- Always wrap
MAIL_PASSWORDin double quotes - Ensure
MAIL_HOSTmatches your SES region - No extra spaces before or after values
Step 3: Clear Laravel Cache (Very Important)
Run these commands on your server:
php artisan config:clear
php artisan cache:clear
php artisan config:cache
php artisan route:clear
If you are using queues:
php artisan queue:restart
Verifying Email or Domain in AWS SES
AWS SES requires verification.
You must verify either:
- The sender email address
OR - The entire domain
If not verified:
- Emails will fail later with different errors (not 535)
- In sandbox mode, you can send emails only to verified addresses
Common Mistakes to Avoid
- Using IAM keys instead of SMTP credentials
- Forgetting to clear Laravel config cache
- Using wrong SES region hostname
- Leaving
APP_DEBUG=truein production - Exposing SMTP credentials in public error pages
Production Security Best Practice
Always disable debug mode in production:
APP_ENV=production
APP_DEBUG=false
This prevents:
- Credential leaks
- Stack trace exposure
- Security risks
Final Checklist
Before testing again, confirm:
- SMTP credentials are generated from AWS SES
- Correct region SMTP host is used
.envpassword is quoted- Laravel cache is cleared
- Sender email/domain is verified in SES
Conclusion
The SMTP 535 Authentication Error in Laravel is not a framework issue.
It’s a credential mismatch caused by incorrect AWS SES configuration.
Once you:
- Use proper SES SMTP credentials
- Match the correct region
- Clear Laravel cache
the issue is resolved permanently.