API @mail.sb

Send email from your mail.sb mailbox via HTTP API.

Endpoints

Endpoint	SMTP relay	Sender domain
`POST /send`	mail.mail.sb (STARTTLS 587)	Any mail.sb domain
`POST /CNF_send`	smtp-mail.outlook.com (STARTTLS 587)	c.nf
`POST /CMR_send`	smtp-mail.outlook.com (STARTTLS 587)	c.mr

All three share the same request/response format below.

POST /send

Send an email. Authenticates as the sender via SMTP. The sender must be a mailbox on a mail.sb domain.

Request

Accepts application/json (recommended) or application/x-www-form-urlencoded.

Field	Type		Description
`sender_name`	string	required	Display name of the sender
`sender_address`	email	required	Your mail.sb email address (used as SMTP login)
`password`	string	required	Your mailbox password
`recipient_name`	string	required	Recipient display name
`recipient_address`	email	required	Recipient email address
`mail_subject`	string	required	Email subject line
`mail_body`	string	required	Email body — HTML tags allowed (see guidelines below)
`html`	boolean	optional	Force HTML mode. Auto-detected if body contains `<` tags.

HTML body guidelines

Send body-only HTML, not a full document. The API auto-strips <!DOCTYPE>, <html>, <head>, and <body> wrappers if present, but you get the best results by not sending them.

Send inline-styled HTML fragments: <h1 style="color:#333">Hello</h1>
Allowed tags: <p> <a> <br> <strong> <em> <b> <i> <u> <ul> <ol> <li> <h1>-<h6> <div> <span> <table> <tr> <td> <th> <blockquote> <pre> <code> <img> <hr> <sub> <sup> <small> <del> <ins>
A text/plain alternative is auto-generated for email clients that prefer plaintext
Do not include <style> blocks — their CSS rules leak into the plaintext alternative as visible text
Do not include <script>, <iframe>, <form>, <object>, <embed> — stripped for security
Do not wrap in <!DOCTYPE><html><head>...<body> — auto-stripped, but can cause rendering issues in some clients if remnants remain

Example: OTP email body

// Good — body-only, inline styles, no document shell
"mail_body": "<div style='max-width:480px;margin:0 auto;font-family:Arial,sans-serif'>
  <h2 style='color:#0060fe'>Verification Code</h2>
  <p>Your code is:</p>
  <div style='background:#f4f8fb;padding:20px;text-align:center;
    font-size:32px;letter-spacing:8px;font-weight:bold;border-radius:8px'>
    123456
  </div>
  <p style='color:#999;margin-top:12px'>Expires in 10 minutes.</p>
</div>"

// Bad — full document, <style> block, <title> leaks into plaintext
"mail_body": "<!DOCTYPE html><html><head>
  <title>OTP</title>
  <style>.code{font-size:32px}</style>
</head><body>
  <p class='code'>123456</p>
</body></html>"

Response

Always application/json.

HTTP	Meaning	Example
200	Sent	`{"success": true, "message": "Email sent successfully."}`
400	Bad request (missing/invalid fields)	`{"success": false, "message": "sender_name, sender_address, and password are required."}`
403	Sender domain not allowed	`{"success": false, "message": "sender_address must be a mailbox on a mail.sb domain."}`
405	Wrong HTTP method	`{"success": false, "message": "Only POST requests are allowed."}`
422	SMTP error (auth failed, recipient rejected, etc.)	`{"success": false, "message": "SMTP error: Could not authenticate."}`
500	Internal error	`{"success": false, "message": "Internal error."}`

cURL example

curl -X POST https://api.mail.sb/send \
  -H "Content-Type: application/json" \
  -d '{
    "sender_name": "Your Name",
    "sender_address": "[email protected]",
    "password": "your_password",
    "recipient_name": "Recipient",
    "recipient_address": "[email protected]",
    "mail_subject": "Hello",
    "mail_body": "<h1>Hi!</h1><p>This is an HTML email.</p>"
  }'

PHP example

<?php
$ch = curl_init('https://api.mail.sb/send');
curl_setopt_array($ch, [
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_POST           => true,
    CURLOPT_HTTPHEADER     => ['Content-Type: application/json'],
    CURLOPT_POSTFIELDS     => json_encode([
        'sender_name'       => 'Your Name',
        'sender_address'    => '[email protected]',
        'password'          => 'your_password',
        'recipient_name'    => 'Recipient',
        'recipient_address' => '[email protected]',
        'mail_subject'      => 'Hello',
        'mail_body'         => '<h1>Hi!</h1><p>HTML works.</p>',
    ]),
]);
$response = json_decode(curl_exec($ch), true);
curl_close($ch);

if ($response['success']) {
    echo 'Sent!';
} else {
    echo 'Error: ' . $response['message'];
}

JavaScript (fetch) example

// Works from browser or Node.js
const res = await fetch('https://api.mail.sb/send', {
  method: 'POST',
  headers: { 'Content-Type': 'application/json' },
  body: JSON.stringify({
    sender_name:       'Your Name',
    sender_address:    '[email protected]',
    password:          'your_password',
    recipient_name:    'Recipient',
    recipient_address: '[email protected]',
    mail_subject:      'Hello',
    mail_body:         '<h1>Hi!</h1><p>HTML email.</p>',
  }),
});
const data = await res.json();
console.log(data.success ? 'Sent!' : `Error: ${data.message}`);

Try it

Your password is sent directly to the SMTP server and is never stored.