Next.js Email Sandbox: Capture, Inspect & Test Transactional Email
Maildog is the next.js email sandbox that captures every message your app sends — from API routes, Route Handlers, and Server Actions — into a safe inbox you can inspect. Point Nodemailer at mail.maildog.io, and never leak a magic link to a real customer from a preview deploy again.
Testing email in Next.js is genuinely hard
Email is one of the hardest things to test in a Next.js application, and the App Router makes it trickier, not easier.
You send mail from everywhere now
A signup flow might fire an email from a Route Handler (app/api/send/route.ts), a Server Action triggered by a form, or a server component mutation. There's no single "mailer" to mock, and the code runs server-side where you can't just console.log an inbox.
There's no inbox in dev
When you're building a NextAuth verification email, a magic link, a password reset, or an order receipt, you need to see the rendered HTML, check the links, and confirm the headers. Locally you're flying blind.
Env vars sprawl across Vercel
You juggle SMTP_HOST, SMTP_USER, and SMTP_PASS across .env.local, Vercel Preview, and Production environments. One misconfigured preview deploy and your test traffic hits a live provider.
Preview deploys email real people
The nightmare scenario: a Vercel preview branch is wired to production email credentials, a QA run seeds the database with real-looking addresses, and your app blasts magic links and receipts to actual users. It's embarrassing and, under GDPR, risky.
A dedicated sandbox inbox for every Next.js project
Maildog gives every Next.js project a dedicated sandbox inbox with real SMTP credentials. You swap your SMTP host and credentials for the ones Maildog provides, and every email your Next.js app sends is captured instead of delivered.
Create a sandbox inbox. Open its Integration tab in the Maildog panel to get a unique SMTP username and password scoped to that inbox.
Point your mailer at mail.maildog.io. Use port 2525 (STARTTLS). Your existing Nodemailer, NextAuth EmailProvider, or any SMTP transport works unchanged — only the connection details differ.
Send from anywhere. Route Handlers, Server Actions, cron jobs, and webhooks all flow through the same transport. Maildog intercepts every send.
Inspect the result. Read the rendered HTML and plain-text body, view raw headers, confirm the magic link resolves, and validate SPF, DKIM, and DMARC before anything reaches production.
Key features
Email sandbox for Next.js
A dedicated capture inbox that swallows every message from your Next.js app. Test signup flows, receipts, and notifications without a single real send — perfect for next dev, CI, and Vercel preview deployments.
Drop-in fake SMTP server
Maildog speaks standard SMTP, so it's a true fake SMTP server for your stack. Nodemailer, NextAuth's EmailProvider, Resend's SMTP transport, or any SMTP library works by changing only host, port, user, and pass.
Email inspection & debugging
View the rendered HTML, the plain-text alternative, raw source, and full headers for every captured message. Click magic links and verification URLs to confirm they resolve before shipping.
SPF, DKIM & DMARC validation
Maildog validates authentication on captured mail so you know how mailbox providers will treat your production sends. Catch missing DKIM signatures or a misaligned DMARC policy before they hurt deliverability.
Transactional email API
Beyond SMTP, Maildog offers a developer-friendly transactional email API and deliverability testing, so the same platform you sandbox in dev grows with you into staging and production.
Inbound & SMTP testing
Need to test webhooks that receive mail, or verify your SMTP configuration end to end? Maildog covers inbound email testing and SMTP testing alongside outbound capture.
Next.js Route Handler with Nodemailer
A complete, working example for the Next.js App Router (13 / 14 / 15). It sends an email from a Route Handler through the Maildog sandbox using Nodemailer.
npm install nodemailer
npm install -D @types/nodemailer# Maildog sandbox SMTP — from your inbox's Integration tab
SMTP_HOST=mail.maildog.io
SMTP_PORT=2525
SMTP_SECURE=false # false for 2525/587 (STARTTLS); true only for 465
SMTP_USER=your-sandbox-username
SMTP_PASS=your-sandbox-password
MAIL_FROM="MyApp <hello@maildog.io>"import { NextResponse } from "next/server";
import nodemailer from "nodemailer";
// Reuse a single transport across invocations.
const transporter = nodemailer.createTransport({
host: process.env.SMTP_HOST, // mail.maildog.io
port: Number(process.env.SMTP_PORT), // 2525
secure: process.env.SMTP_SECURE === "true", // false for STARTTLS on 2525/587
auth: {
user: process.env.SMTP_USER,
pass: process.env.SMTP_PASS,
},
});
export async function POST(req: Request) {
const { to, name } = await req.json();
try {
const info = await transporter.sendMail({
from: process.env.MAIL_FROM,
to,
subject: "Welcome to MyApp 🎉",
text: `Hi ${name}, thanks for signing up!`,
html: `<h1>Hi ${name} 👋</h1><p>Thanks for signing up for MyApp.</p>`,
});
return NextResponse.json({ ok: true, messageId: info.messageId });
} catch (err) {
console.error("Email send failed:", err);
return NextResponse.json({ ok: false }, { status: 500 });
}
}await fetch("/api/send", {
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({ to: "test@example.com", name: "Ada" }),
});
// The email never reaches test@example.com. It lands in your
// Maildog sandbox inbox, where you can inspect the HTML and headers.
// Server Actions work the same way: move the sendMail call into a
// function with "use server" and call it from a form action.Why developers choose Maildog
Faster debugging
See exactly what your app sent — HTML, text, headers, and links — within seconds. No more guessing why a magic link 404s in production.
Safe email testing
Preview and development environments capture mail in a sandbox, so a Vercel preview deploy can never email a real customer.
Better deliverability
Built-in SPF/DKIM/DMARC validation surfaces authentication problems before they reach inboxes, protecting your sender reputation.
Improved workflow
One platform from next dev to production: sandbox in development, validate in CI, then graduate to the Maildog transactional email API for live sends — without rewriting your mailer.
Maildog vs the alternatives for Next.js + Vercel
How Maildog compares for a Next.js and Vercel workflow.
| Capability | Maildog | Mailtrap | Local Mailpit |
|---|---|---|---|
| Works on Vercel preview & production (cloud) | |||
| Drop-in SMTP for Nodemailer / NextAuth | mail.maildog.io:2525 | localhost only | |
| Inspect HTML, text & raw headers | |||
| SPF / DKIM / DMARC validation | Partial / paid | ||
| Inbound email testing | Limited | ||
| Same platform for production sending (API) | Separate product | ||
| Setup effort | Env vars only | Low | Run a container |
Frequently asked questions
What is a Next.js email sandbox?
A Next.js email sandbox is a fake SMTP inbox that captures the emails your Next.js application sends instead of delivering them to real recipients. You point Nodemailer (or any SMTP transport) at the sandbox's host and credentials, and every message — from Route Handlers, Server Actions, or cron jobs — lands in a safe inbox where you can inspect the HTML, links, and headers.
How do I connect Next.js to the Maildog sandbox?
Set your SMTP environment variables to the Maildog sandbox details: host mail.maildog.io, port 2525 (STARTTLS), and the unique username and password shown on your inbox's Integration tab. Use secure: false for port 2525 or 587. Your existing Nodemailer transport then sends straight into the sandbox.
Which port should I use — 2525, 587, or 465?
Use port 2525 for the primary sandbox connection with STARTTLS and secure: false. Port 587 also works with STARTTLS and secure: false. Only use port 465 for implicit TLS, and in that case set secure: true.
Can I test NextAuth email verification and magic links?
Yes. Point NextAuth's EmailProvider SMTP server settings at mail.maildog.io:2525 with your sandbox credentials. Every verification email and magic link is captured in the sandbox, where you can click the link to confirm it resolves correctly before going live — without emailing real users.
Will this stop my Vercel preview deploys from emailing real users?
Yes. Configure your Vercel Preview and Development environments to use the Maildog sandbox SMTP credentials, while Production uses your real provider. Because previews send into the sandbox, no test email ever reaches an actual recipient.
Does Maildog work with Server Actions and Route Handlers?
Yes. Maildog captures any outbound SMTP send regardless of where it originates — Route Handlers (app/api/.../route.ts), Server Actions marked "use server", middleware-triggered jobs, or webhook handlers. It's transport-level, so your application code doesn't need to change.
Can I validate SPF, DKIM, and DMARC for my emails?
Yes. Maildog validates SPF, DKIM, and DMARC on captured messages so you can confirm your authentication setup before production. This helps protect deliverability and keeps your transactional emails out of the spam folder.
Is there a free Next.js email sandbox to start with?
Yes. You can create a free sandbox inbox in the Maildog panel, grab the SMTP credentials from its Integration tab, and start capturing email from your Next.js app in minutes — no credit card required to begin testing.
Keep exploring
Stop emailing real users from Next.js
Spin up a free sandbox inbox and capture your first Next.js email in minutes.
Get your free sandbox inbox