How It Works
From inbox to endpoint in one hop.
Conduit sits between your SMTP infrastructure and your application. Senders deliver email the normal way. Conduit parses, signs, and forwards every message as an HTTP POST — no polling, no mail libraries, no connection management.
Why Conduit?
Email is everywhere. Your app deserves an API.
Your monitoring systems send it. Your IoT devices send it. Your partners and vendors send it. But email is not an API — until now. Conduit sits between the mail server and your application, parsing every message, signing the payload, and firing an HTTPS POST to any URL you choose. No polling, no mail parsing libraries, no IMAP connections.
Features
Everything you need, nothing you don't.
Email in, webhooks out
Every email address you register becomes a live webhook endpoint. Any sending system — mail server, alert tool, form builder — delivers into your app within the same SMTP session.
Reliable by design
Can't deliver? Conduit returns 450 Temporary Failure to the sender, which retries on its own schedule. No internal queues, no lost messages.
Secure payloads
Every delivery is signed with HMAC-SHA256 in the X-Conduit-Signature header. Verify it in your app to confirm the request came from Conduit and hasn't been tampered with.
Domain ownership verification
Claim any domain through the API, publish one DNS TXT record, and only your account can create webhooks on it. Or use our public shared domains — no verification required.
Per-webhook rate limiting
Protect your app from unexpected email bursts. Set a max per minute for any webhook. Excess senders receive a polite 450 and retry automatically.
Custom payload templates
Define a JSON template per webhook and Conduit renders it from the parsed email fields before posting — so your endpoint receives exactly the structure it expects.
Custom request headers
Attach arbitrary HTTP headers to every delivery: auth tokens, routing hints, content-type overrides. Your endpoint receives them alongside the payload.
Fine-grained SMTP error control
Your webhook can return a specific SMTP code to the sender via X-Conduit-SMTP-Code. Accept, defer, or permanently reject individual messages with custom policy — without changing your HTTP status code.
Full delivery history
Every attempt is recorded: HTTP status, latency, error detail, sender, timestamp. Review from the web UI or query via the API to debug or audit traffic.
SMTP security policies
Define reusable security policies and attach them to any webhook. Restrict by source IP (CIDR ranges), require SMTP AUTH with bcrypt-hashed credentials, and enforce live SPF and DKIM checks — so only trusted senders get through.
Use Cases
From IoT sensors to CI pipelines.
Automated alerts → Slack, PagerDuty, or any webhook
Your monitoring system emails an alert address. Conduit forwards the email as a JSON POST to your incident platform in milliseconds — no polling, no IMAP.
Form submissions without a backend
A form builder sends submission notifications by email. Map the address to a webhook that posts directly into your CRM. Zero additional infrastructure.
E-commerce order notifications
Payment processors or marketplaces that send order confirmation emails deliver structured JSON to your fulfilment service — even if they offer no native webhook.
IoT and embedded device alerts
Devices that can only send email — industrial sensors, legacy hardware, embedded systems — gain first-class webhook integration without firmware changes.
Mailing list traffic → events
Subscribe a Conduit address to a mailing list. Every post becomes a webhook event your application can route, store, or act on in any way.
CI/CD pipeline triggers
Build systems that send email notifications can trigger deployments, Slack messages, or dashboard updates through Conduit without native webhook support.
Technical Highlights
Built for production from day one.
| Capability | Detail |
|---|---|
| Payload signing | HMAC-SHA256 over the raw request body; header: X-Conduit-Signature: sha256=<hex> |
| Retry semantics | 450 for transient failures (network, timeout, 5xx, 429); 550 for permanent failures |
| Email privacy | Email content is never stored — it exists only in memory for the duration of the delivery call |
| TLS | SMTP connections secured with STARTTLS; TLS validation on outbound webhook requests |
| Rate limiting | Per-webhook sliding-window rate limit enforced at RCPT TO; transient reject on excess |
| SPF & DKIM verification | Live DNS SPF lookups and cryptographic DKIM signature checks at DATA time; failed checks return 550 |
| Source IP allowlisting | Per-policy CIDR ranges enforced at RCPT TO; connections from unlisted IPs receive 550 5.7.1 |
| SMTP AUTH | Per-policy username/password credentials (bcrypt-hashed) enforced at RCPT TO; requires STARTTLS |