Overview of the Email Delivery Service
Oracle Cloud Infrastructure Email Delivery is an email sending service that provides a fast and reliable managed solution for sending high-volume emails that need to reach your recipients' inbox. Email Delivery provides the tools necessary to send application-generated email for mission-critical communications such as receipts, fraud detection alerts, multi-factor identity verification, and password resets.
Oracle Cloud Infrastructure's Email Deliverability team manages the platform using key deliverability metrics to ensure the best sending reputation possible for your emails.
The following items are provided to you when you send email using the Email Delivery service:
- Unique mailbox provider SMTP configurations on our Mail Transfer Agents (MTA)
- Bounce collection
- User complaint collection
- Email authentication standards
- Deliverability performance
When you use Email Delivery, we become your outbound email server. If you have an existing email server, you can keep it and configure it to send through Email Delivery. The Email Delivery service takes care of the feedback loops and platform reputation automatically.
The following diagram shows the architectural flow of the Email Delivery service.
Email Delivery Service Components
Email Delivery uses the components described in this section.
- APPROVED SENDERS
- An Approved Sender is a resource that equates to the "From" address. An approved sender is associated with a compartment and only exists in the region where the approved sender was configured. If you need to have the same approved sender in another region, it must be created in the other region. For example, if you create an approved sender in the US West (Phoenix) region, you cannot send email through the US East (Ashburn) region.
- SUPPRESSION LIST
- The Suppression List is included on your Email Delivery console user interface and from the API. Email Delivery automatically adds email addresses with bounce codes showing permanent failures or user complaints to the suppression list to protect your sender reputation. Email Delivery will not send any messages to these recipients in the future.
- Reasons for suppression currently include:
- Hard bounces
- Repetitive soft bounces
- Manual entries
- List-unsubscribe requests
- SPF AUTHENTICATION
Sender Policy Framework (SPF) is used by email receivers to detect email spoofing. Using SPF, an email receiver can check if the Internet Protocol (IP) is explicitly authorized to send for that domain. SPF is implemented by publishing a special TXT record to a domain's DNS records. The TXT record declares which hosts are allowed to send mail on behalf of this domain. Receiving mail servers check the SPF records of sending domains to verify that the email's source IP address is authorized to send from that domain. Without SPF, a spam or phishing email can be “spoofed” to appear that the email comes from a legitimate domain. Domains that implement SPF are much more likely to block emails attempting to spoof your domain. For an overview of how SPF works, see Sender Policy Framework. For details on SPF record syntax, see SPF Record Syntax.
Regions and Availability Domains
SMTP credentials can be used for any region, as identities are global assets. However, approved senders (your "From" address) must be configured within each region you plan to use for Email Delivery. To configure approved senders within each region, select a region from the Region menu in the Console and create an approved sender. Configure your application to send email to the endpoint of that region where you created the approved sender, using the global SMTP credentials. The sending application is not required to be located in the region where email is sent from, however, we recommend that it is local or as close as possible for performance reasons.
For more information, see Regions and Availability Domains.
Configuring a New Region
If you want to start sending email from a new region, keep the following in mind:
- An approved sender must be created in the new region.
- SMTP credentials are global, however, it is recommended that you generate SMTP credentials for a new user (without console access) in the new region so that the credentials are not shared with other regions. Ensure that the user has the correct privileges.
- Email must be sent to the new regional SMTP connection endpoint.
- The suppression list and approved senders are regional Email Delivery assets.
For example, if an email sent from the US West (Phoenix) region bounces, the recipient email address will be added to the US West (Phoenix) region suppression list. This recipient would not be added to other region suppression lists. If you are sending email from different regions, approved senders must be created in each region.
- SPF must be set up on each subdomain. For example, in your DNS setup, create a
TXT record for notification.eu-frankfurt-1.oraclecloud.com and paste the
following information from the dialog box into the record:
v=spf1 include:eu.rp.oracleemaildelivery.com ~all
Ways to Access Oracle Cloud Infrastructure
You can access Oracle Cloud Infrastructure using the Console (a browser-based interface) or the Email Delivery REST API. Instructions for the Console and API are included in topics throughout this guide.
To access the Console, you must use a supported browser. To go to the Console sign-in page, open the navigation menu at the top of this page and click Infrastructure Console. You are prompted to enter your cloud tenant, your user name, and your password.
Authentication and Authorization
Each service in Oracle Cloud Infrastructure integrates with IAM for authentication and authorization, for all interfaces (the Console, SDK or CLI, and REST API).
An administrator in your organization needs to set up groups , compartments , and policies that control which users can access which services, which resources, and the type of access. For example, the policies control who can create new users, create and manage the cloud network, launch instances, create buckets, download objects, etc. For more information, see Getting Started with Policies. For specific details about writing policies for each of the different services, see Policy Reference.
If you’re a regular user (not an administrator) who needs to use the Oracle Cloud Infrastructure resources that your company owns, contact your administrator to set up a user ID for you. The administrator can confirm which compartment or compartments you should be using.
Email Delivery supports the following authentication types for control plane operations (management endpoint):
- Instance Authorization: The IAM service feature that enables instances to be authorized actors (or principals) to perform actions on service resources. Each compute instance has its own identity, and it authenticates using the certificates that are added to it. These certificates are automatically created, assigned to instances and rotated, preventing the need for you to distribute credentials to your hosts and rotate them.
- Cross-Tenancy: Cross-tenancy authorization allows customers to share resources between tenancies. To authorize a cross-tenancy request, the request must be endorsed by the requester's tenancy and permitted by the target tenancy.
Federated: Federated authentication enables an administrator to configure a relationship between an identity provider and a service provider. When you federate Oracle Cloud Infrastructure with an identity provider, you manage users and groups in the identity provider. You manage authorization in Oracle Cloud Infrastructure's IAM service. Oracle Cloud Infrastructure tenancies are federated with Oracle Identity Cloud Service by default.Note
Instance authorization, cross-tenancy, and federated authentication types do not apply to SMTP email sending. An approved sender and SMTP credentials are required and must be associated with the same tenancy for SMTP email sending.
SMTP Authentication and Connection Endpoints
Email Delivery only supports the AUTH PLAIN command when using SMTP authentication. If the sending application is not flexible with the AUTH command, an SMTP proxy/relay can be used. For more information about the AUTH command, see AUTH Command and its Mechanisms.
Use the following regional endpoints for establishing SMTP connections for sending.
- South Africa Central (Johannesburg): smtp.email.af-johannesburg-1.oci.oraclecloud.com
- South Korea North (Chuncheon): smtp.email.ap-chuncheon-1.oci.oraclecloud.com
- India South (Hyderabad): smtp.email.ap-hyderabad-1.oci.oraclecloud.com
- Australia Southeast (Melbourne): smtp.email.ap-melbourne-1.oci.oraclecloud.com
- India West (Mumbai): smtp.email.ap-mumbai-1.oci.oraclecloud.com
- Japan Central (Osaka): smtp.email.ap-osaka-1.oci.oraclecloud.com
- Singapore (Singapore): smtp.email.ap-singapore-1.oci.oraclecloud.com
- South Korea Central (Seoul): smtp.email.ap-seoul-1.oci.oraclecloud.com
- Australia East (Sydney): smtp.email.ap-sydney-1.oci.oraclecloud.com
- Japan East (Tokyo): smtp.email.ap-tokyo-1.oci.oraclecloud.com
- Canada Southeast (Montreal): smtp.email.ca-montreal-1.oci.oraclecloud.com
- Canada Southeast (Toronto): smtp.email.ca-toronto-1.oci.oraclecloud.com
- Netherlands Northwest (Amsterdam): smtp.email.eu-amsterdam-1.oci.oraclecloud.com
- Germany Central (Frankfurt): smtp.email.eu-frankfurt-1.oci.oraclecloud.com
- France South (Marseille): smtp.email.eu-marseille-1.oci.oraclecloud.com
- Italy Northwest (Milan): smtp.email.eu-milan-1.oci.oraclecloud.com
- Sweden Central (Stockholm): smtp.email.eu-stockholm-1.oci.oraclecloud.com
- Switzerland North (Zurich): smtp.email.eu-zurich-1.oci.oraclecloud.com
- Israel Central (Jerusalem): smtp.email.il-jerusalem-1.oci.oraclecloud.com
- UAE Central (Abu Dhabi): smtp.email.me-abudhabi-1.oci.oraclecloud.com
- UAE East (Dubai): smtp.email.me-dubai-1.oci.oraclecloud.com
- Saudi Arabia West (Jeddah): smtp.email.me-jeddah-1.oci.oraclecloud.com
- Chile (Santiago): smtp.email.sa-santiago-1.oci.oraclecloud.com
- Brazil East (Sao Paulo): smtp.email.sa-saopaulo-1.oci.oraclecloud.com
- Brazil Southeast (Vinhedo): smtp.email.sa-vinhedo-1.oci.oraclecloud.com
- UK West (Newport): smtp.email.uk-cardiff-1.oci.oraclecloud.com
- UK South (London): smtp.email.uk-london-1.oci.oraclecloud.com
- US East (Ashburn): smtp.email.us-ashburn-1.oci.oraclecloud.com
- US West (Phoenix): smtp.email.us-phoenix-1.oci.oraclecloud.com
- US West (San Jose): smtp.email.us-sanjose-1.oci.oraclecloud.com
You can monitor the health, capacity, and performance of your Oracle Cloud Infrastructure resources by using metrics, alarms, and notifications. For more information, see Monitoring and Notifications.
For information about available Email Delivery service metrics and how to view them, see Email Delivery Metrics.
Email Delivery Service Capabilities and Limits
See Service Limits for a list of applicable limits and instructions for requesting a limit increase. To set compartment-specific limits on a resource or resource family, administrators can use compartment quotas.
Customers that sign up for a free Oracle Cloud trial are limited to:
- A volume of 200 emails per day where an email is defined as either a single
recipient in the TO:, CC:, or BCC: fields, or a 2 MB chunk of data.
A single request with 10 recipients (TO:, CC:, or BCC:) equals 10 emails.
A 10 MB email sent to a single recipient is equal to 10 MB divided by 2 MB per email. This equals 5 emails.
A single email request with a message size of 10 MB sent to 10 recipients is equal to 10 MB divided by 2 MB per email multiplied by 10 recipients. This equals 50 emails.
- 2,000 approved senders.
- Each user is limited to a maximum of two SMTP credentials.
- Sending rates are limited to 10 emails per minute.
- Inline attachments.
- 2 MB maximum message size including base64 encoding and headers
Enterprise accounts are limited to:
- A volume of 50,000 emails per day where an email is defined as either a single
recipient in the TO:, CC:, or BCC: fields or a 2 MB chunk of data.
- A single request with 10 recipients (TO:, CC:, or BCC:) equals 10 emails.
- A 10 MB email sent to a single recipient is equal to 10 MB divided by 2 MB per email. This equals 5 emails.
- A single email request with a message size of 10 MB sent to 10 recipients is equal to 10 MB divided by 2 MB per email multiplied by 10 recipients. This equals 50 emails.
- 10,000 approved senders.
- Sending rates are limited to 18,000 emails per minute.
- Inline attachments.
- 2 MB maximum message size including base64 encoding and headers
Email Delivery, by default, supports messages up to 2 MB, inclusive of message headers, body, and attachments. Each 2 MB of data counts towards your daily sending volume and sending rate limits. For example, a 10 MB counts as five emails.
Based on requirement, you can request a limit increase up to a maximum of 60 MB if you have SPF and DKIM set up for your sending domain. To open a service request to increase the limit, see Requesting a Service Limit Increase. Your increase request is evaluated by the following information you provide:
- What are your current sending domains?
- Do your sending practices meet the requirements of CAN-SPAM and CASL?
- Briefly describe the type of email you will be sending. For example, are the emails marketing/bulk/newsletters, transactional, notifications, and so on?
- Do you send emails related to payday loans or credit card offers?
- Do you send email on behalf of other companies?
- How do the recipients sign up to receive these emails? Specify any domains they might sign up on.
- Are there any other methods that are used to collect email addresses?
- How many emails do you want to send per month?
- Which ESP supplier are you currently using to send your emails?
- What is the maximum number of messages you need to send in a burst capacity (within a specific timeframe)?
- What is the maximum size of your messages?
- What is the number of emails sent per day that is over 2 MB?
- Are your recipients Oracle email addresses (for example, firstname.lastname@example.org)?
- Which email delivery region do you intend to use to send email through?
The Email Delivery platform supports higher volumes. Limits are set as a safeguard for our customers' reputation. To open a service request to increase the email sending limit, see Requesting a Service Limit Increase.
Required IAM Service Policy
To use Oracle Cloud Infrastructure, you must be granted security access in a policy by an administrator. This access is required whether you're using the Console or the REST API with an SDK, CLI, or other tool. If you get a message that you don’t have permission or are unauthorized, verify with your administrator what type of access you have and which compartment to work in.
Permissions are required for managing and using approved senders and the suppression list. For example:
- To enable all operations on approved senders for a specific user group:
Allow group <Your Group Name> to manage approved-senders in tenancy
- To enable all operations on suppressions for a specific user group:
Allow group <Your Group Name> to manage suppressions in tenancy
Dedicated IP Addresses
When you create an Email Delivery service account, by default, your emails are sent from IP addresses shared with other Oracle customers.
Email Delivery supports IPs addresses dedicated to you, for complete control over your reputation. Both a shared IP or dedicated IP strategy can provide excellent delivery depending on your needs and mail stream characteristics. For more information about shared IP, see Shared IP.
When using a dedicated pool of Oracle owned IP addresses, only your mail is sent from them.
Our deliverability experts review all dedicated IP requests to ensure the best deliverability for your situation. Dedicated IP addresses may not be advised for lower volume or more sporadic email sending, as this does not support a good sending reputation and therefore can cause an impact to your email deliverability.
Dedicated IP addresses are ideal for senders who:
- Send large volumes of mail on a consistent basis to sustain their own IP reputation. Sending a large volume of mail consistently is what Internet Service Providers (ISPs) automated filters use to assign a reputation to your IP address. This is one of the key inputs into whether your messages are delivered into the inbox, spam folder, or temporarily rejected.
- Want complete control of their sending reputation AND understand email delivery best practices. When you are the only sender on an IP, it insulates your reputation from other senders. This can be good or bad depending on your sending practices and consistent hygiene.
- Have large volumes, different mail streams, and want to build unique reputations for each. Dedicated IPs enable you to build separate IP reputations based on different types of mail streams like transactional messages versus bulk marketing mail. If you have the volume to support it, isolating these mail streams can reduce the risk of delivery challenges for more critical message types.
Dedicated IP addresses are likely not a good fit for senders who:
- Send mail inconsistently at low volumes preventing an ISP reputation from being assigned. To build an IP reputation, ISPs prefer a predictable mail cadence with enough email volume to assign a reputation. Failing to meet this requirement could lead to delivery challenges. Sending in a shared IP pool with many smaller senders will provide the ISP with a large volume of consistent mail.
- Do not understand email best practices, which could lead to poor-reputation delivery challenges. Sending in a shared IP pool with other customers that is managed by Oracle can be less risky for an email novice.
Your mail characteristics (volume, burst rates, reputation, and so on) will vary your dedicated IP strategy. Our teams are trained on dedicated IP strategies and ready to support your needs. If you need help with your configuration, you can go to My Oracle Support and create a service request.
You can apply tags to your resources to help you organize them according to your business needs. You can apply tags at the time you create a resource, or you can update the resource later with the wanted tags. For general information about applying tags, see Resource Tags.
Email Delivery supports applying tags to approved senders.
Integration with Oracle Cloud Infrastructure Services
Email Delivery audits the following events:
- Creating a sender (CreateSender)
- Deleting a sender (DeleteSender)
- Retrieving details about a sender (ListSenders)
To view logs for events in the Email Delivery service, your user must be in a group with the ability to view all of the Audit event logs in the tenancy. For more information, see Viewing Audit Log Events.