Email webhooks

Signed webhooks for transactional email events

Email is asynchronous. Your API call can succeed and a recipient server can still reject the message later. Webhooks let your app hear about acceptance, failures, bounces, soft bounces, and suppressions after the send request.

Events worth storing

  • Accepted by Postfix
  • Failed
  • Bounced
  • Soft bounced
  • Suppressed
{
  "event": "bounced",
  "message_id": "msg_...",
  "recipient": "user@example.com",
  "domain": "yourdomain.com",
  "occurred_at": "2026-06-20T12:00:00Z"
}

Signed payloads

Verify signatures before trusting event data, especially if events update user-visible state.

Retries

Return a 2xx response only after your app stores the event. Temporary endpoint failures are retried.

HTTPS endpoints

Production webhook URLs must use HTTPS and cannot point at localhost or private network targets.

What to do with webhook data

Store webhook events against your internal user, order, or notification record. For bounces, stop retrying the same recipient until the address is corrected. For failures, show support enough context to know whether it was a DNS, message, or recipient-side issue.