Email webhooks
Signed webhooks for transactional email events
Email is asynchronous. Your API call can succeed and a recipient server can still reject the message later. Webhooks let your app hear about acceptance, failures, bounces, soft bounces, and suppressions after the send request.
Events worth storing
- Accepted by Postfix
- Failed
- Bounced
- Soft bounced
- Suppressed
{
"event": "bounced",
"message_id": "msg_...",
"recipient": "user@example.com",
"domain": "yourdomain.com",
"occurred_at": "2026-06-20T12:00:00Z"
}
Signed payloads
Verify signatures before trusting event data, especially if events update user-visible state.
Retries
Return a 2xx response only after your app stores the event. Temporary endpoint failures are retried.
HTTPS endpoints
Production webhook URLs must use HTTPS and cannot point at localhost or private network targets.
What to do with webhook data
Store webhook events against your internal user, order, or notification record. For bounces, stop retrying the same recipient until the address is corrected. For failures, show support enough context to know whether it was a DNS, message, or recipient-side issue.