I need a secure way to use SMTP tokens on a webserver so that, if a token gets leaked, the potential damage is limited as much as possible.

My main requirement:
The token should only be usable to send emails to a specific set of recipients. I want to be able to define (and limit) allowed recipients (by full email address, or by recipient hostname) when generating or issuing the SMTP token.

Key points:

The SMTP token must not be valid for sending to all addresses; it should work only for the recipient addresses or domains I specify.

If the token is exposed, it must not allow sending emails to others, to reduce the risk of abuse or spam.

I don’t want “all or nothing” tokens; the access needs to be tightly scoped per recipient.

If possible, enforce these limits at the mail server / provider level, not just in the sending client.

Why this matters:

If someone steals the token, they should not be able to send spam or phishing attacks to people outside my allowed list.

This prevents major abuse and protects my system and reputation.

Concrete Request:
Please explain how to set up such restricted SMTP tokens, or provide a solution so tokens can be generated and limited for use only with specified recipient addresses or domains.