Mailtruck

Transactional Email Infrastructure

Mailtruck handles secure form submissions and sends recipient notifications via Amazon SES.

Mailtruck is a managed API used by web forms to collect structured fields and optional files, then deliver a notification email containing secure download links.

Node.js + Lambda API Gateway S3 + DynamoDB + SQS Amazon SES

Service Summary

Primary use case

Website form intake for customer workflows like contact requests, onboarding forms, and document submissions.

Emails are operational notifications triggered by explicit user submissions, not marketing campaigns.

Message characteristics

  • Asynchronous delivery through queue workers.
  • Email contains links only; files are not attached to email.
  • Each delivery record is sent at most once.
  • Resends create a new delivery with lineage tracking.

How the API Works

All routes are versioned under /v1.

1

POST /session

Validates tenant, intent, and origin. Returns a short-lived session token.

2

POST /upload-url

Validates session and file constraints, then returns a presigned S3 upload URL.

3

POST /submit

Validates payload, persists the submission, and enqueues work for async processing.

4

submission-workerdelivery-worker

Processes submission state, creates a delivery, builds content policy, and sends via SES.

5

GET /download

Validates download token and ownership, then mints a short-lived presigned S3 GET URL and redirects.

Security and Abuse Controls

Input and routing safeguards

  • Tenant, intent, and origin validation before session issuance.
  • Session token checks on upload and submit operations.
  • Tenant-level policy for file limits and naming.
  • Schema and parser boundaries for canonical records.

Delivery safeguards

  • Queue-driven workers with deterministic state transitions.
  • DLQ support for failed queue processing.
  • Short-lived signed download access generated at click time.
  • Structured logs for submission and delivery IDs.

Amazon SES Production Access Readiness

Mailtruck sends transactional form-delivery notifications for tenant-configured recipients. It does not operate as a bulk email marketing system.

Sending typeApplication-triggered transactional notifications

Recipient sourceTenant-configured routing for explicit form submissions

Content typeSubmission summary + secure download links

Attachment policyNo email attachments; links only

Operational controlsDLQ monitoring, logs, resend/redrive runbooks

Domain hygieneSPF, DKIM, DMARC required before production traffic

Operational Notes

Monitoring baseline

  • Delivery worker Lambda errors
  • Delivery DLQ visible message count
  • Queue age alarms (recommended)

Recovery paths

  • Redrive for recoverable queue failures
  • Regenerate delivery for expired-link support
  • Lineage tracked via derivedFrom