0%

Email marketing operations

Safety defaults

  • EmailDeliveryControl.sending_enabled defaults to false in PostgreSQL.
  • EMAIL_MARKETING_ALLOW_REAL_RECIPIENTS defaults to false.
  • The worker claims no recipients unless both controls permit delivery.
  • Test-only mode claims only normalized addresses in EMAIL_MARKETING_TEST_RECIPIENTS.
  • Do not reuse verification SMTP credentials or send to real users during rollout.

Tencent SES setup

The sender identity is mailer.acedata.cloud in ap-hongkong. DNS must pass all four Tencent checks:

  • MX for mailer.acedata.cloud
  • SPF TXT for mailer.acedata.cloud
  • DKIM TXT for qcloudhk1024._domainkey.mailer.acedata.cloud
  • DMARC TXT for _dmarc.mailer.acedata.cloud

The sender address is news@mailer.acedata.cloud. Campaign templates are created from locked campaign content in the admin console and must be approved by Tencent before scheduling.

Event callback

Tencent SES does not expose callback configuration through its public API. Configure it in the Tencent SES console only after the backend route is deployed.

Retrieve the callback URL without committing or copying the secret into source files:

1
2
3
KUBECONFIG=/path/to/hk-kubeconfig
CALLBACK_PATH=$(kubectl --kubeconfig "$KUBECONFIG" -n acedatacloud get secret email-marketing -o jsonpath='{.data.EMAIL_MARKETING_CALLBACK_PATH_SECRET}' | base64 --decode)
printf 'https://platform.acedata.cloud/api/v1/email-marketing/events/tencent/%s/\n' "$CALLBACK_PATH"

Register that HTTPS URL for SES delivery events. Then mark the registration complete and restart only the affected workloads:

1
2
3
4
kubectl --kubeconfig "$KUBECONFIG" -n acedatacloud patch secret email-marketing --type merge \
-p "$(printf '{\"stringData\":{\"EMAIL_MARKETING_CALLBACK_REGISTERED\":\"true\"}}')"
kubectl --kubeconfig "$KUBECONFIG" -n acedatacloud rollout restart deployment/platform-backend
kubectl --kubeconfig "$KUBECONFIG" -n acedatacloud rollout restart deployment/platform-backend-email-worker

Scheduling fails closed until provider health reports the identity enabled, callback registered, and every campaign template approved.

Seed rollout

  1. Keep EMAIL_MARKETING_ALLOW_REAL_RECIPIENTS=false.
  2. Keep exactly the owner-approved seed addresses in EMAIL_MARKETING_TEST_RECIPIENTS.
  3. Refresh audience profiles and create a campaign using a narrow preset.
  4. Lock content, preview and freeze the audience, then create Tencent templates.
  5. Wait for both locale templates to be approved.
  6. Enable the database control with the typed test confirmation.
  7. Release only the canary wave and verify callbacks, delivery, unsubscribe, and suppression behavior.
  8. Disable the database control after the test.

Moving to real recipients requires a separate owner decision, changing the deployment secret to EMAIL_MARKETING_ALLOW_REAL_RECIPIENTS=true, restarting the workloads, and using the stronger typed confirmation shown by the admin API.

Recovery

  • Pause globally first by setting EmailDeliveryControl.sending_enabled=false in the admin console.
  • reconcile_email_delivery recovers expired leases and never retries a provider request with an ambiguous outcome.
  • Ambiguous sends become OutcomeUnknown after the reconciliation window and require manual review.
  • Provider/user suppressions cannot be manually deactivated; only ManualSafety suppressions can be removed with an audit reason.
  • Recipient PII is purged after the configured retention period; hashes and aggregate delivery records remain for safety and reporting.