# Email Service Capabilities A complete breakdown of what the Lilith email service can do today. --- ## Core Email Infrastructure ### Email Sending The service handles all outbound email through a unified pipeline: | Method | Use Case | Latency | |--------|----------|---------| | Immediate Send | Security alerts, password resets | <2 seconds | | Queued Send | Order confirmations, notifications | 5-30 seconds | | Scheduled Send | Digests, campaigns | At scheduled time | **Technical Details**: - Nodemailer transport with connection pooling - Automatic retry (3 attempts with exponential backoff) - Dead letter queue for permanently failed emails - Rate limiting per recipient and globally ### Template Rendering All emails use Handlebars templates with a consistent base layout: ```handlebars {{!-- templates/users/welcome.hbs --}}

Welcome to Lilith, {{name}}

Your journey begins here.

Verify your email ``` **Template Features**: - Variable injection with auto-escaping - Conditional blocks (`{{#if}}`, `{{#unless}}`) - Iteration (`{{#each}}`) - Partials for reusable components - Base layout wrapper with consistent branding ### Email Logging Every email is tracked through its lifecycle: ``` queued → sending → sent → delivered → opened (optional) ↓ bounced/failed ``` **Log Data Captured**: - Recipient (email, user ID) - Category and template name - Subject line - Status with timestamps - Error messages (if failed) - Metadata (template variables, tracking IDs) --- ## Email Address Management ### Creator Addresses Creators can claim personalized email addresses: | Feature | Description | |---------|-------------| | **Custom Local Part** | `aurora`, `midnight.rose`, `shop` | | **Platform Domain** | `@inbox.lilith.gg` | | **Display Name** | Unicode supported: "Aurora ✨" | | **Primary Flag** | One address designated as primary | | **Forwarding** | Optional forward to external email | | **Auto-Reply** | Vacation messages, custom responses | ### Address Aliases Each address can have unlimited aliases: ``` aurora@inbox.lilith.gg (primary) ├── aurora-shopping@inbox.lilith.gg → auto-label: "Shopping" ├── aurora-work@inbox.lilith.gg → auto-label: "Business" └── aurora-fans@inbox.lilith.gg → auto-label: "Subscribers" ``` **Alias Features**: - Unique local parts per alias - Auto-labeling on receipt - Individual enable/disable - Cascade deletion with parent address ### Availability Checking Real-time availability validation: ```typescript GET /api/email/addresses/check?local=aurora&domain=inbox.lilith.gg Response: { available: true } | { available: false, reason: "already_taken" } ``` **Validation Rules**: - Alphanumeric + dots, hyphens, underscores - 3-64 characters - No consecutive special characters - Reserved words blocked (admin, support, etc.) --- ## User Preferences ### Preference Categories Users control what emails they receive: | Category | Default | Can Disable | |----------|---------|-------------| | **Account** | Enabled | No (security) | | **Orders** | Enabled | Yes | | **Marketing** | Disabled | Yes | **Account emails** include: - Password reset/changed - Email verification - Login alerts - Account locked/unlocked These cannot be disabled because they're critical for account security. ### Digest Frequency Users can receive activity summaries: | Option | Description | |--------|-------------| | `daily` | Morning digest at 9am local | | `weekly` | Sunday morning summary | | `never` | Real-time notifications only | ### Unsubscribe Flow One-click unsubscribe that works without authentication: 1. Email footer contains signed JWT link 2. User clicks link, lands on confirmation page 3. User confirms, preferences updated immediately 4. No login required, no dark patterns **Token Security**: - JWT signed with platform secret - 30-day expiration - Contains user ID and action type - One-time use (invalidated after confirmation) --- ## Messaging Gateway The plugin that bridges email and the conversation system. ### Inbound Processing (Email → Message) When someone replies to an email notification: ``` External Email Client ↓ IMAP/Webhook ↓ Email Parser (extract content, strip signatures) ↓ Thread Matcher (find existing conversation) ↓ Message Creator (create InboxMessage entity) ↓ Conversation Thread ``` **Thread Matching Strategy** (in order): 1. Reply-to token in address (`reply+TOKEN@inbox.lilith.gg`) 2. `In-Reply-To` header matches known Message-ID 3. Sender email + normalized subject match **Content Processing**: - HTML sanitization (remove scripts, iframes) - Plain text extraction - Signature detection and removal - Attachment handling (store references) ### Outbound Processing (Message → Email) When a creator responds to a conversation: ``` Creator sends message ↓ Message Listener (detect sourceType=email threads) ↓ Email Composer (render message as email) ↓ Reply-to Address Generator (create tracking token) ↓ Email Queue (standard send pipeline) ↓ External Email Client ``` **Email Threading Headers**: ``` Message-ID: In-Reply-To: References: Reply-To: reply+TOKEN@inbox.lilith.gg ``` ### Gateway Modes | Mode | Description | Use Case | |------|-------------|----------| | `imap` | Poll IMAP server for new mail | Self-hosted, full control | | `webhook` | Receive POSTs from email provider | Sendgrid, Mailgun integration | | `disabled` | Gateway inactive | Development, staged rollout | --- ## Admin Interface ### Dashboard Real-time overview of email operations: - **Sent/Delivered/Bounced** counts with percentages - **Category Breakdown** (orders, users, employees) - **Queue Status** (pending, processing, failed) - **Recent Activity** stream ### Email Logs Searchable, filterable log viewer: **Filters Available**: - Category (orders, users, employees, messaging, system) - Status (queued, sending, sent, delivered, bounced, failed) - Recipient email (partial match) - Date range **Detail View**: - Full email metadata - Template variables used - Delivery timeline - Error messages (if failed) ### Template Editor In-browser template management: - **Live Preview**: See rendered output as you type - **Variable Insertion**: Click to insert available variables - **Syntax Highlighting**: Handlebars-aware editor - **Test Send**: Send preview to your email **Template Metadata**: ```json { "name": "user-welcome", "category": "users", "variables": { "name": { "description": "User's first name", "required": true }, "verificationUrl": { "description": "Email verification link", "required": true } } } ``` ### Queue Control Manual queue management: | Action | Description | |--------|-------------| | **Pause** | Stop processing, emails remain queued | | **Resume** | Continue processing | | **Retry Failed** | Re-attempt dead letter queue | | **Cleanup** | Delete logs older than 90 days | --- ## Security Features ### Authentication & Authorization | Endpoint Type | Auth Required | Who Can Access | |--------------|---------------|----------------| | Core send API | Service-to-service | Internal services only | | Address API | User JWT | Authenticated users (own data) | | Preferences API | User JWT | Authenticated users (own data) | | Unsubscribe | Signed token | Anyone with valid token | | Admin API | Admin JWT | Platform administrators | | Gateway webhook | HMAC signature | Configured email providers | ### Webhook Security All inbound webhooks validated with HMAC-SHA256: ```typescript // Signature verification const expected = crypto .createHmac('sha256', EMAIL_WEBHOOK_SECRET) .update(JSON.stringify(body)) .digest('hex'); if (signature !== expected) throw new UnauthorizedException(); ``` ### Rate Limiting | Scope | Limit | |-------|-------| | Per recipient | 10 emails/minute | | Per user | 100 emails/hour | | Global | 1000 emails/day | | Inbound (per sender) | 100 emails/hour | | Outbound (gateway) | 50 emails/minute | ### Data Privacy - **No tracking pixels** by default - **90-day log retention** with automatic purge - **One-click unsubscribe** without login - **Data export** via admin API - **GDPR compliant** preference management --- ## Performance Characteristics ### Throughput | Operation | Capacity | |-----------|----------| | Queued sends | 1000 emails/minute | | Template renders | 5000 renders/minute (cached) | | Log queries | <100ms for 100k records | ### Reliability | Metric | Target | |--------|--------| | Delivery rate | >99% | | Queue availability | 99.9% | | Service uptime | 99.5% | ### Caching - **Templates**: In-memory cache, invalidate on update - **Preferences**: 5-minute cache per user - **Availability checks**: 1-minute cache per address --- **Last Updated**: 2025-12-28