SMTP Sandbox

SMTP Sandbox captures all outgoing emails from your application without delivering them to real recipients. Point your app's SMTP config at Mail.td and inspect every email in the Pro Dashboard or via the REST API.

How it works

Your Application                Mail.td                     You
     |                            |                          |
     |-- SMTP AUTH PLAIN -------->|                          |
     |<-------- 235 OK ----------|                          |
     |                            |                          |
     |-- MAIL FROM / RCPT TO --->|                          |
     |-- DATA (email body) ----->|                          |
     |                            |-- SPF / DKIM / DMARC -->|
     |<-------- 250 OK ----------|                          |
     |                            |-- Store in Sandbox ----->|
     |                            |-- WebSocket push ------->|
     |                            |-- Webhook POST --------->|

1. Your app connects to smtp.mail.td:587 and authenticates with AUTH PLAIN using a Pro API token as the password.
2. Your app sends emails to any recipient address — the sandbox accepts all recipients.
3. Mail.td performs SPF, DKIM, and DMARC verification on each incoming email and stores the results.
4. Emails are captured and stored in your sandbox inbox. They are never forwarded to the actual recipient.
5. You inspect captured emails in the Pro Dashboard, query them via REST API, or receive webhook notifications.

Why use a sandbox?

• No accidental emails — Test registration flows, password resets, and transactional emails without reaching real users.
• Email authentication — Verify that your SPF, DKIM, and DMARC configuration is correct before going to production.
• CI/CD integration — Assert email content in automated tests via the REST API.
• Zero code changes — Only swap SMTP credentials between dev and production; your application code stays the same.
• Full inspection — View HTML rendering, plain text, headers, attachments, authentication results, and raw .eml source.

Prerequisites

• A Pro account with an active subscription.
• At least one API token created in the Pro Dashboard.

Quick start

1. Create an API token in Pro Dashboard → API Tokens.
2. Configure your app's SMTP:

Setting	Value
Host	smtp.mail.td
Port	587
Auth	PLAIN
Username	anything (e.g. sandbox)
Password	your API token (td_...)

3. Send a test email from your app. It will appear in Pro Dashboard → SMTP Sandbox.

TIP

The sandbox account is created automatically on first SMTP connection. No manual setup needed.

Supported ports

Port	Protocol	Notes
587	SMTP Submission	Recommended — works on all networks
25	Standard SMTP	Blocked by some cloud providers (AWS, GCP, Azure)
465	Implicit TLS (SMTPS)	Encrypted from the start, no STARTTLS needed
2525	Alternative	Fallback when 587 and 25 are blocked

Email authentication

The sandbox automatically verifies SPF, DKIM, and DMARC for every received email:

• SPF — Checks if the sending IP is authorized by the sender's domain.
• DKIM — Validates the cryptographic signature in the email headers (RSA-SHA256 and Ed25519).
• DMARC — Evaluates alignment between the From: domain and SPF/DKIM results.

Results are available in the email detail via the REST API (auth_results field) and in the raw .eml source as an Authentication-Results header.

What happens to captured emails?

• Emails are stored for 7 days, then automatically deleted.
• Each sandbox has a 100 MB storage quota.
• You can purge all emails or delete individual messages at any time.
• Emails are visible via the Pro Dashboard and the Sandbox API.

Next steps

• SMTP Setup Guide — Code examples for Node.js, Python, Go, PHP, Ruby, and Java.
• Sandbox API Reference — Query, inspect, and delete captured emails programmatically.