[slig]

OP's service, as far as I understand, is a MITM proxy. The send emails using your credentials, not theirs.

[WhatsName]

So it can still act as a proxy for stolen Gmail, Outlook credentials or brute forcing passwords?

[goldenerfish]

Yeah, that's a good point. But I think, why would someone use this to send spam through an API? He'd need to add the SMTP server in our interface and that's just an extra step instead of writing a script that connects directly to e.g. Google's SMTP server.