Introduction to using the K5 SMTP Relay Service

The K5 SMTP relay service allows the sending of emails via the REST API for easy integration with your application, or directly via a SMTP server from a client that supports either STARTTLS or SSL/TLS. For a comparison between STARTTLS, SSL/TLS and SMTP  protocols, please see See also the FJ IaaS Features Handbook for the latest on service constraints and limitations.

The K5 SMTP relay service utilises the Nifty SMTP service in Japan and requires you to authenticate against and obtain a security token from the K5 Japan East (jp-east-1) region. This will require you to enable the Japan-East-1 region for your contract, if not already enabled, and also create a project within this region, for which the account you are using in the scripts has full administrator permissions to.

You should ensure your scripts for obtaining a token (e.g. refer to the following endpoints, and include the ID of the project in Japan region:



NOTE: The mail service endpoints for other regions have been withdrawn and are no longer supported.

Using the API Service

Before you can use the K5 SMTP relay service , it is necessary to first identify the email address/domain you want to use and then validate/prove ownership of that email address/domain. This blog will provide a walk through of the process for both a single email address and full domain.

Sending an Email via the API from a Single Email Address

The following command can be used to start the ownership validation of a single email address (in the below example I am using my Fujitsu email address


This will result in an email being automatically sent to the email address you specified. Scroll down this email, ignoring the Japanese text (unless you can speak Japanese) and click the link under ‘Verify registered email address’:


This link will take you to the Nifty Cloud Portal in Japan. If you can see a screen as below, then you have successfully validated your email address and the web page can be closed:



In the below command,  I am using the validated email address as my source address and as my target address:

This results in an email being relayed to my target mailbox, as if from my validated source email address:


Sending an Email via the API from any email address associated with your domain

The following command can be used to start the ownership validation of your domain name (in the below example I am using my  Godaddy registered public facing domain


This results in a verification token that must be added as a TXT record to the DNS record for the Domain.  For the purposes of this blog, I am using the K5 DNS as configured in my previous blog , and have redirected Godaddy to use the K5 Nameservers. (I did try and get this to work with the Godaddy DNS servers, but I was unable to add a TXT record with a Domain Name\Name in the required format, without it being truncated).

I used the following command to create a TXT record with my Domain Name Space for with a Name\Domain Name in the format “_niftycloudess.<DOMAINNAME>” and the verification token from above, in place of <INSERT YOUR TOKEN HERE>


The following command can then be used to verify the domain validation is now successful.:



The following command can now be used to send an email from any address in my validates domain (even if no actual mailbox exists):

Notes, that %40 must be used instead of the “@” sign. In the above example, I have succesfully sent my and email from


SMTP Relay Service

Sending an Email via the SMTP Relay Service

In addition to the API, emails can also be sent directly via the Nifty SMTP relay service, using a supported client. Note this service requires the use of either STARTTLS or SSL/TLS  protocols to ensure all emails are encrypted and  does not support the sending of emails via standard SMTP.

1. To enable this service within your K5 domain, you must first create /request a SMTP username and password using the API:


2. The username and password assigned can be later obtained again using the following command. Note there is only one account per K5 project and neither the username or password can be amended:

3. The username and password can then be used in conjunction with the SMTP Service details below, to configure your support client:

SMTP client Server:

Port: TCP 587 (STARTTLS) or TCP 465 (SSL TLS)

4. For the purpose of validating the connection, you can use a email client such as Mozilla Thunderbird. As Thunderbird requires a valid email account for both sending and receiving emails, you must first configure the client to use an email address such as a Google Mail (GMAIL) email account. You can then edit the outgoing server details to specify the K5 details above, ensuring your Security Groups/Firewalls allow outgoing TCP587 or TCP465 (and DNS).

Within ‘Options | Account Settings’ click ‘Manage Identities | Edit ‘ and update your email address and other details to reference the email address previously verified.


Then select ‘Outgoing Server | Edit ‘ and update the SMTP server details.


And that is it!! When you first send an email, you will prompted for the SMTP user password. At this point you have the option to store the password, so that you do not have to re-enter it each time you send an email.