SparkPost SMTP test — SMTP_Injection username and API key

SparkPost provides SMTP injection at smtp.sparkpostmail.com on port 587 with STARTTLS (or port 2525 as a fallback). The SMTP username is the fixed string SMTP_Injection and the password is a SparkPost API key that has the "Send via SMTP" permission enabled.

Recommended settings

• Host: smtp.sparkpostmail.com (US) or smtp.eu.sparkpostmail.com (EU)
• Port: 587 (STARTTLS) or 2525 (STARTTLS fallback)
• Username: SMTP_Injection (exact string, case-sensitive)
• Password: a SparkPost API key with "Send via SMTP" permission
• Auth method: Auto, PLAIN, or LOGIN
• From address: must use a verified sending domain

Creating an API key with SMTP permission

1. Log in to the SparkPost dashboard.
2. Go to Configuration → API Keys.
3. Click "Create API Key."
4. Enable the "Send via SMTP" permission (this is separate from the "Transmissions: Read/Write" REST API permission).
5. Copy the key immediately — SparkPost shows it only once.

If the key does not have "Send via SMTP" enabled, authentication will fail over SMTP even though the key works for the REST API.

Testing with SMTP Tester

1. Host: smtp.sparkpostmail.com, port 587, security STARTTLS.
2. Username: SMTP_Injection. Password: your API key.
3. From: an address on a verified sending domain.
4. To: any recipient.
5. Click Run. A 235 2.7.0 Authenticated confirms login.

A 250 OK after DATA means SparkPost accepted the message for delivery.

Common errors

535 "Authentication failed" / "Invalid credentials"

• Wrong username: must be SMTP_Injection exactly (capital S, capital I). Not your email, not your account name.
• Wrong password: must be a SparkPost API key, not your account login password.
• Key missing SMTP permission: the API key must have "Send via SMTP" enabled in its permissions. Edit the key in Configuration → API Keys if needed.
• Subaccount key: if you are using a subaccount, the API key must be created within that subaccount, not the master account.
• EU vs US endpoint: EU accounts use smtp.eu.sparkpostmail.com. US keys will not authenticate against the EU endpoint and vice versa.

550 "Sender domain not verified"

The From address uses a domain not configured as a sending domain in SparkPost. Go to Configuration → Sending Domains and add + verify your domain (DKIM + bounce domain DNS records).

421 "Try again later" / rate limit

SparkPost is throttling injection. Sending rate depends on your plan and account warm-up status. Retry after a brief pause or reduce injection rate.

Connection timeout on port 587

If port 587 is blocked by your network, try port 2525 — SparkPost supports it as an alternative STARTTLS endpoint.

US vs EU regions

SparkPost separates infrastructure by region:

API keys and sending domains are region-specific. An API key from the US account will not authenticate against the EU SMTP endpoint.

Sending domain verification

SparkPost requires verified sending domains before relaying mail:

• DKIM: add the TXT record SparkPost provides for DKIM signing.
• Bounce domain: CNAME record for bounce handling (improves deliverability).
• Compliance verification: SparkPost may review new domains before enabling sending.

Until the domain is verified and compliance-approved, sends will fail after AUTH with a domain error.

X-MSYS-API header

SparkPost supports an X-MSYS-API header in the email that controls delivery options (open/click tracking, metadata, campaign ID, IP pool). This is optional — without it, SparkPost applies account defaults.

Sending limits

Limits depend on your plan:

• Free tier: 500 emails per month (15K first month for testing).
• Paid plans: volume-based, up to billions per month.
• Burst rate varies by account reputation and warm-up stage.

Security notes

• API keys with SMTP permission can send email through your account. Store them securely and rotate if compromised.
• Revoke unused keys in Configuration → API Keys.
• SMTP Tester redacts credentials from the live transcript.
• Use a dedicated sending domain (subdomain) to isolate mail reputation.