Admin Settings
Email Setting
Email Setting configures Amazon SES or SMTP sender credentials, verified sender identity, reply handling, templates, and delivery health.
What this page is for
Email Setting configures Amazon SES or SMTP sender credentials, verified sender identity, reply handling, templates, and delivery health.
Who should use it
Owner, communications admin, platform admin
Where to find it
/admin/email-settings
Before you start
- Choose Amazon SES or SMTP according to the provider actually used by the gym.
- For Amazon SES, collect AWS region, access key id/secret access key reference, optional session token, verified sender/domain identity, configuration set name where used, MAIL FROM/reply-to policy, and sandbox/live sending status.
- In AWS SES, open the region the gym will send from, verify the sender domain or email under Verified identities, create or choose the SES configuration set if used, and confirm whether the SES account is still in sandbox. If delivery/bounce callbacks are required, create an SNS topic/subscription for SES notifications and copy the topic ARN into SquareOS provider metadata as snsTopicArn; set requireSnsSignature when SquareOS must verify the SNS signature directly.
- For SMTP, collect TLS relay host, port, username, password/secret reference, from address, and reply-to address from the mail provider. Current worker SMTP transport expects a TLS relay endpoint such as port 465.
- For SMTP callbacks, use the provider adapter or mail gateway callback token supplied by platform/admin. Store the shared value as webhookVerifyToken, webhookToken, or callbackToken in SquareOS provider metadata, then point the adapter callback to POST /engagement/email/smtp/webhook.
- In SquareOS Channel Account, choose Email, provider Amazon SES or SMTP, set Account name, External account id for domain/region/server reference, credential/token reference, webhook/callback token where used, and Safe/fake provider mode only for testing. Provider config must include SES region/configuration set or SMTP host/port/secure flag according to the selected provider.
- SES provider fields in the Email channel drawer are SES region, SES access key ID, SES secret access key / secret reference, Configuration set name, SNS topic ARN, Require SNS signature verification, Email webhook verify token, Account name, External account id, and Safe/fake provider mode.
- SMTP provider fields in the Email channel drawer are SMTP host, SMTP port, Use TLS relay, SMTP username, SMTP password / secret reference, Email webhook verify token, Account name, External account id, and Safe/fake provider mode.
- Email send buttons need a healthy provider account, sender identity, and template when templates are required.
- Invoice/email actions should use verified sender domains so customer emails do not fail or land in spam.
- Create sender account with the verified from address. The sender value should be the real email address customers will see.
- Current backend contract: email account, sender, template, queueing, opt-out/quiet-hours policy, delivery attempts, dead letters, SES v2 SendEmail dispatch, SMTP TLS relay dispatch, and email status callback reconciliation exist. If Safe/fake provider mode is enabled, the worker records a simulated provider id. If fake mode is off, SES sends to the regional SendEmail API with AWS Signature V4 and SMTP sends through the configured TLS relay.
- Email callback contract: SES callbacks post to POST /engagement/email/ses/webhook and can use AWS SNS notification envelopes whose Message contains the SES event JSON or direct SES event payloads. SquareOS maps mail.messageId to the saved provider message id, maps delivery to DELIVERED, bounce/complaint/reject/rendering failure to FAILED, and queued/delivery delay style events to SENT. When requireSnsSignature or snsTopicArn is configured, the SNS signature and topic ARN are verified before any delivery row is changed.
- SMTP callback contract: certified SMTP adapters post to POST /engagement/email/smtp/webhook with providerMessageId/message id, event/status, optional timestamp, and optional error text. The token can be supplied as ?token= or x-webhook-token and must match configured provider metadata when a token is configured.
- Email callbacks update DeliveryAttempt, Message, and CampaignDeliveryLog rows by brand, channel Email, and provider message id. Production certification still requires one real SES delivery plus SNS bounce/status callback and one real SMTP adapter callback for each configured account before invoice/payment-link email is called certified.
Daily workflow
- Save provider account, create sender identity, verify domain/sender, and send internal test email.
- Create templates for invoice, payment link, trial, renewal, and campaign email.
- For SES, send an internal test email, capture the SES provider message id, then trigger or wait for a Delivery/Bounce/Complaint SNS notification and confirm webhook status becomes VERIFIED.
- For SMTP, send an internal test email through the TLS relay, then confirm the certified adapter callback updates the matching delivery attempt and message.
- Monitor bounces, complaints, dead letters, and delivery health.
Watch out
- Do not use a personal Gmail-style sender for official invoices or payment links unless the provider/domain policy explicitly allows it.
Related help
- Use the left menu to open related pages in Admin Settings.
- Use Ask Docs for questions that are already covered in this public documentation.