JavaScript sends email from a server, never straight from the browser. There is no way for client-side code to open an SMTP connection, and putting email credentials in a page would hand them to anyone who opens the dev tools. So the real question is which server-side path to use: SMTP through a library like Nodemailer, or an HTTP request to an email API. This post shows both.
Why can't the browser send email?
Email delivery runs over SMTP, a TCP protocol. Browsers do not expose raw TCP sockets to JavaScript, so there is no client-side way to talk to a mail server. Even if there were, the SMTP credentials or API key would sit in code that anyone can read. The browser collects the form input and posts it to your backend; the backend sends the email. That separation is the whole pattern.
How do you send from a Node backend with SMTP?
Nodemailer is the standard library for SMTP in Node. You configure a transport once, then call sendMail:
import nodemailer from "nodemailer";
const transporter = nodemailer.createTransport({
host: "smtp.example.com",
port: 587,
secure: false,
auth: {
user: process.env.SMTP_USER,
pass: process.env.SMTP_PASS,
},
});
await transporter.sendMail({
from: "you@yourdomain.com",
to: "recipient@example.org",
subject: "Your receipt",
text: "Thanks for your order.",
html: "<p>Thanks for your order.</p>",
});This works well on a long-running server. The full walkthrough, including attachments and local testing, is in sending emails with Nodemailer.
How do you send with an HTTP email API?
The other path is an HTTP request. Your backend calls an email API with fetch, which avoids running a mail server and behaves the same whether you are on a traditional host or a serverless function:
const res = await fetch("https://api.bird.com/v1/emails", {
method: "POST",
headers: {
Authorization: `Bearer ${process.env.BIRD_API_KEY}`,
"Content-Type": "application/json",
},
body: JSON.stringify({
from: "you@yourdomain.com",
to: "delivered@bird.dev",
subject: "Hello from JavaScript",
html: "<p>It works.</p>",
}),
});
if (!res.ok) {
throw new Error(`Send failed: ${res.status}`);
}The key still lives on the server, in an environment variable, never shipped to the client.
Send it with Bird
The Bird Node SDK wraps that same HTTP call so you skip the manual fetch and get typed results:
import { BirdClient } from "@messagebird/sdk";
const bird = new BirdClient({ apiKey: process.env.BIRD_API_KEY! });
const { data, error } = await bird.email
.send({
from: "you@yourdomain.com",
to: ["delivered@bird.dev"],
subject: "Hello from Node",
html: "<p>It works.</p>",
})
.safe();The delivered@bird.dev sandbox address always accepts mail, so the first run confirms your setup. If you build your email bodies as React components, pair this with React Email, which renders the component to the HTML you pass in html.
FAQ
Can client-side JavaScript send email?
No. Browsers cannot open SMTP connections, and any credentials in client code are exposed. The browser sends form data to your backend, and the backend sends the email.
Should I use Nodemailer or an HTTP API?
Nodemailer is a good fit on a long-running server where you control SMTP. An HTTP API is simpler when you want to avoid operating a mail server, and it is the reliable choice on serverless platforms where SMTP sockets are unavailable.
Where do I keep the API key?
In a server-side environment variable, read at runtime. It must never appear in front-end code or in a public repository.
JavaScript on its own does not deliver mail; a server does. To go deeper on the API path, the email product overview and the sending email guide cover the pieces.