diff --git a/.gitattributes b/.gitattributes
index 5a52419..fdfc04b 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -1,3 +1,4 @@
 secrets/**/*.secret filter=git-crypt diff=git-crypt
+secrets/matrix-email-config.nix filter=git-crypt diff=git-crypt
 secrets/wireguard.nix filter=git-crypt diff=git-crypt
 home/secrets/*.secret filter=git-crypt diff=git-crypt
diff --git a/hosts/poseidon/default.nix b/hosts/poseidon/default.nix
index c0c6e31..61463f7 100644
--- a/hosts/poseidon/default.nix
+++ b/hosts/poseidon/default.nix
@@ -94,6 +94,7 @@ in
     matrix = {
       enable = true;
       registration_shared_secret = secrets.matrix-registration-shared-secret;
+      emailConfig = secrets.matrixEmailConfig;
     };
 
     monitoring = {
diff --git a/secrets/default.nix b/secrets/default.nix
index a76b282..6a0a042 100644
--- a/secrets/default.nix
+++ b/secrets/default.nix
@@ -18,5 +18,7 @@ with lib;
     borg-backup = import ./borg-backup { inherit lib; };
 
     wireguard = pkgs.callPackage ./wireguard.nix { };
+
+    matrixEmailConfig = import ./matrix-email-config.nix;
   };
 }
diff --git a/secrets/matrix-email-config.nix b/secrets/matrix-email-config.nix
new file mode 100644
index 0000000..ef7eed8
Binary files /dev/null and b/secrets/matrix-email-config.nix differ
diff --git a/services/matrix.nix b/services/matrix.nix
index aaa696f..228cabf 100644
--- a/services/matrix.nix
+++ b/services/matrix.nix
@@ -28,6 +28,31 @@ in {
       example = "deadbeef";
       description = "Shared secret to register users";
     };
+
+    emailConfig = mkOption {
+      type = types.submodule {
+        options = {
+          smtpHost = mkOption {
+            type = types.str;
+            default = "localhost";
+          };
+          smtpPort = mkOption {
+            type = types.port;
+            default = 587;
+          };
+          smtpUser = mkOption {
+            type = types.str;
+          };
+          smtpPass = mkOption {
+            type = types.str;
+          };
+          notifFrom = mkOption {
+            type = types.str;
+            example = "Your Friendly %(app)s homeserver <noreply@example.com>";
+          };
+        };
+      };
+    };
   };
 
   config = lib.mkIf cfg.enable {
@@ -69,6 +94,40 @@ in {
       extraConfig = ''
         experimental_features: { spaces_enabled: true }
         use_presence: false
+
+        email:
+          # The hostname of the outgoing SMTP server to use. Defaults to 'localhost'.
+          #
+          smtp_host: "${cfg.emailConfig.smtpHost}"
+
+          # The port on the mail server for outgoing SMTP. Defaults to 25.
+          #
+          smtp_port: ${toString cfg.emailConfig.smtpPort}
+
+          # Username/password for authentication to the SMTP server. By default, no
+          # authentication is attempted.
+          #
+          smtp_user: "${cfg.emailConfig.smtpUser}"
+          smtp_pass: "${cfg.emailConfig.smtpPass}"
+
+          # Uncomment the following to require TLS transport security for SMTP.
+          # By default, Synapse will connect over plain text, and will then switch to
+          # TLS via STARTTLS *if the SMTP server supports it*. If this option is set,
+          # Synapse will refuse to connect unless the server supports STARTTLS.
+          #
+          require_transport_security: true
+
+          # notif_from defines the "From" address to use when sending emails.
+          # It must be set if email sending is enabled.
+          #
+          # The placeholder '%(app)s' will be replaced by the application name,
+          # which is normally 'app_name' (below), but may be overridden by the
+          # Matrix client application.
+          #
+          # Note that the placeholder must be written '%(app)s', including the
+          # trailing 's'.
+          #
+          notif_from: "${cfg.emailConfig.notifFrom}"
       '';
 
       logConfig = ''