How It Works
From inbox to endpoint in one hop.
Conduit sits between your SMTP infrastructure and your application. Senders deliver email the normal way. Conduit parses, signs, and forwards each message as an HTTP POST. You do not need polling, mail libraries, or extra connection management.
Why Conduit?
Handle inbound email like any other integration.
Your monitoring systems send it. Your IoT devices send it. Your partners and vendors send it. Conduit sits between the mail server and your application, parses each message, signs the payload, and sends an HTTPS POST to the URL you choose. No polling, mail parsing libraries, or IMAP connections required.
Features
Core features for email-to-webhook delivery.
Email in, webhooks out
Every email address you register becomes a live webhook endpoint. Mail servers, alert tools, and form builders can deliver straight into your app within the same SMTP session.
Reliable by design
Can't deliver? Conduit returns 450 Temporary Failure to the sender, which retries on its own schedule. No internal queues, no lost messages.
Secure payloads
Every delivery is signed with HMAC-SHA256 in the X-Conduit-Signature header. Verify it in your app to confirm the request came from Conduit and hasn't been tampered with.
Domain ownership verification
Claim any domain through the API, publish one DNS TXT record, and only your account can create webhooks on it. You can also use one of our shared public domains without verification.
Per-webhook rate limiting
Protect your app from unexpected email bursts. Set a max per minute for any webhook. Excess senders receive a polite 450 and retry automatically.
Custom payload templates
Define a JSON template per webhook and Conduit renders it from the parsed email fields before posting, so your endpoint receives the structure it expects.
Custom request headers
Attach arbitrary HTTP headers to every delivery: auth tokens, routing hints, content-type overrides. Your endpoint receives them alongside the payload.
Fine-grained SMTP error control
Your webhook can return a specific SMTP code to the sender via X-Conduit-SMTP-Code. Accept, defer, or permanently reject individual messages with custom policy without changing your HTTP status code.
Full delivery history
Every attempt is recorded: HTTP status, latency, error detail, sender, timestamp. Review from the web UI or query via the API to debug or audit traffic.
SMTP security policies
Define reusable security policies and attach them to any webhook. Restrict by source IP (CIDR ranges), require SMTP AUTH with bcrypt-hashed credentials, and enforce live SPF and DKIM checks so only trusted senders get through.
Use Cases
From IoT sensors to CI pipelines.
Automated alerts → Slack, PagerDuty, or any webhook
Your monitoring system emails an alert address. Conduit forwards the email as a JSON POST to your incident platform in milliseconds, with no polling or IMAP.
Form submissions without a backend
A form builder sends submission notifications by email. Map the address to a webhook that posts directly into your CRM. Zero additional infrastructure.
E-commerce order notifications
Payment processors or marketplaces that send order confirmation emails deliver structured JSON to your fulfilment service even if they offer no native webhook.
IoT and embedded device alerts
Devices that can only send email, including industrial sensors, legacy hardware, and embedded systems, gain webhook integration without firmware changes.
Mailing list traffic → events
Subscribe a Conduit address to a mailing list. Every post becomes a webhook event your application can route, store, or act on in any way.
CI/CD pipeline triggers
Build systems that send email notifications can trigger deployments, Slack messages, or dashboard updates through Conduit without native webhook support.
Technical Highlights
Built for production from day one.
| Capability | Detail |
|---|---|
| Payload signing | HMAC-SHA256 over the raw request body; header: X-Conduit-Signature: sha256=<hex> |
| Retry semantics | 450 for transient failures (network, timeout, 5xx, 429); 550 for permanent failures |
| Email privacy | Email content is never stored. It exists only in memory for the duration of the delivery call |
| TLS | SMTP connections secured with STARTTLS; TLS validation on outbound webhook requests |
| Rate limiting | Per-webhook sliding-window rate limit enforced at RCPT TO; transient reject on excess |
| SPF & DKIM verification | Live DNS SPF lookups and cryptographic DKIM signature checks at DATA time; failed checks return 550 |
| Source IP allowlisting | Per-policy CIDR ranges enforced at RCPT TO; connections from unlisted IPs receive 550 5.7.1 |
| SMTP AUTH | Per-policy username/password credentials (bcrypt-hashed) enforced at RCPT TO; requires STARTTLS |