Gmail (both public and business) has a number of security-mitigating default settings that must be modified if it is to be used with external mail applications, such as server email alerts.


Enable Less Secure Apps

https://support.google.com/accounts/answer/6010255?hl=en

When accessing Gmail through a web browser, Google will examine metadata about your session (if you've logged in from the IP address before, for example) to determine if the login is possibly malicious, and then choose to present the user with additional security questions or measures. As these measures are impossible for non-browser logins, this protection must be explicitly disabled.

Create an "App Password" (if using MFA)

https://support.google.com/accounts/answer/185833?hl=en

If your Google account is using multi-factor authentication (MFA) via something like SMS text messages or the Google Authenticator app, you need to create an "app password" for all non-web uses of your Gmail account.


Enable IMAP (optional)

https://support.google.com/mail/answer/7126229?hl=en

If the server is to try and retrieve any mail via IMAP, rather than just sending via SMTP, you'll also need to enable IMAP in your Gmail settings. This is not required when you are only looking to send alerts.


Other considerations

https://support.google.com/a/answer/176600?hl=en