Office365 SMTP: 535 5.7.139 Authentication unsuccessful, SmtpClientAuthentication is disabled for the Tenant.

This blog post is about the following error encountered when trying to send email via Chilkat.MailMan.SendEmail (using the SMTP protocol).

  smtp_port: 587
  smtp_user: ****
    login_method: XOAUTH2
      username: ****
        SmtpCmdSent: {PasswordOrCredentials}
        SmtpCmdResp: 535 5.7.139 Authentication unsuccessful, SmtpClientAuthentication is disabled for the Tenant.
           Visit for more information. [****.PROD.OUTLOOK.COM 2023-07-03T11:15:43.462Z ****]
    Failed to login using XOAUTH2 method
  ConnectionType: SSL/TLS

It means you need to enable SMTP Auth for specific mailboxes. See

The web page at states the following:

Virtually all modern email clients that connect to Exchange Online mailboxes in Office 365 or Microsoft 365 (for example, Outlook, Outlook on the web, iOS Mail, Outlook for iOS and Android, etc.) don’t use SMTP AUTH to send email messages.

I don’t know if “Virtually all modern email clients” is accurate. An application that supports sending email would need to communicate with all mail servers, and the non-“SMTP AUTH” methods for Office 365/Exchange Server/Outlook are specific to Microsoft.

For example, if an application is to send email via Exchange Online NOT using SMTP AUTH, it would utilize other methods or protocols provided by Exchange Online, such as Exchange Web Services (EWS), Microsoft Graph API, or MAPI over HTTP, to establish a secure connection and send emails.

You can use Chilkat’s HTTP or REST clases to send email via the Microsoft Graph API. There are examples for it at If you choose (and I would not recommend it), you can delve into the very complicated EWS API at . Chilkat does not implement MAPI and has no plans for it.

In summary, if you wish to send email via Exchange Server, I would recommend either SMTP AUTH or Microsoft Graph. In both cases, the security of the communications channel is the same: TLS. And in both cases, the authentication method is the same: OAuth2.

Tags :