When creating the API key, I selected:

  • Send via SMTP

  • Transmissions: Read/Write


Transmissions: Read-only is not enough.

From Getting 403 Error when sending an email with Sparkpost:

One likely cause for that 403 error is your API key does not include the permission for “Transmission”.


Before SparkPost will send emails, you need to configure a domain…


The SparkPost domain name must match the domain on the from address e.g. If you configure, then your from address must be ( will fail).

Log into the SparkPost Configuration, Domains section:

  • Configure Sending Domains

    The page says, “Using a subdomain is recommended e.g.”, but a subdomain will not work if you want the recipient to reply (see above for “The SparkPost domain name must match the domain on the from address”).


For our most recent customer we setup a Sending domain on the organisational domain (e.g. with a TXT/DKIM record, but no CNAME record. We configured a separate Bounce Domain as

  • Create a separate bounce subdomain using bounce as the sub-domain. The SparkPost site will walk you through the steps e.g. create a CNAME for and set the value to


user          SMTP_Injection
password      <sparkpost-api-key>
port          587
security      STARTTLS


Subaccounts look like a nice idea, but they require the Premier plan.

I received this email from SparkPost support in October 2022:

You are currently on the 50K starter plan, which does not include subaccounts. Subaccounts are only available on the 100K Premier and up plans.

Please see the following page for a comparison between the Starter and Premier plans:

You will need to upgrade to a Premier plan if you wish to use subaccounts.