Oracle Cloud Infrastructure Email Delivery is an email sending service that provides a fast and reliable managed solution for sending high-volume emails that need to reach your recipients' inbox. Email Delivery provides the tools necessary to send application-generated email for mission-critical communications such as receipts, fraud detection alerts, multi-factor identity verification, and password resets.
Oracle Cloud Infrastructure's Email Deliverability team manages the platform using key deliverability metrics to ensure the best sending reputation possible for your emails.
The following items are provided to you when you send email using the Email Delivery service:
- Unique mailbox provider SMTP configurations
- Bounce collection
- User complaint collection
- Email authentication standards
- Deliverability performance
Email Delivery Service Components
Email Delivery uses the components described in this section.
- approved senders
- An Approved Sender is a resource that enables Email Delivery to send email with a matching "From" address. An approved sender is associated with a compartment and only exists in the region where the approved sender was configured. For example, if you create an approved sender in the us-phoenix-1 region, you cannot send email through the us-ashburn-1 region.
- suppression list
- The Suppression List is included on your Email Delivery console user interface and from the API. Email Delivery automatically adds email addresses with bounce codes showing permanent failures or user complaints to the suppression list to protect your sender reputation. Email Delivery will not send any messages to these recipients in the future.
- Reasons for suppression currently include:
Repetitive soft bounces
- spf authentication
- Sender Policy Framework (SPF) is used by email receivers to detect email spoofing. Using SPF, an email receiver can check if the Internet Protocol (IP) is explicitly authorized to send for that domain.
- SPF is implemented by publishing a special TXT record to a domain's DNS records. The TXT record declares which hosts are allowed to send mail on behalf of this domain.
- Receiving mail servers check the SPF records of sending domains to verify that the email's source IP address is authorized to send from that domain. Without SPF, a spam or phishing email can be “spoofed” to appear that the email comes from a legitimate domain. Domains that implement SPF are much more likely to block emails attempting to spoof your domain.
- For an overview of how SPF works, see Sender Policy Framework. For details on SPF record syntax, see SPF Record Syntax.
Regions and Availability Domains
Email Delivery is available in the us-phoenix-1 and us-ashburn-1 regions. For more information, see Regions and Availability Domains.
The sending application is not required to be located in the region where email is sent. For example, if your sending application is located in a region where Email Delivery is not currently available, you would configure email from one of the regions where it is available. In the Console, change your region to us-phoenix-1 or us-ashburn-1 and create an approved sender. When creating SMTP credentials, any region can be used, as identities are global assets. Configure your application to send email to the region where you created the approved sender (us-phoenix-1 or us-ashburn-1 endpoint) using the SMTP credentials.
When Email Delivery is available in more regions, you can configure Email Delivery in the same region as the sending application to improve performance.
Ways to Access Oracle Cloud Infrastructure
You can access Oracle Cloud Infrastructure using the Console (a browser-based interface) or the REST API. Instructions for the Console and API are included in topics throughout this guide. For a list of available SDKs, see SDKs and Other Tools.
To access the Console, you must use a supported browser. You can use the Console link at the top of this page to go to the sign-in page. You are prompted to enter your cloud tenant, your user name, and your password. For general information about using the API, see About the API.
Authentication and Authorization
Each service in Oracle Cloud Infrastructure integrates with IAM for authentication and authorization, for all interfaces (the Console, SDK or CLI, and REST API).
An administrator in your organization needs to set up A collection of users who all need a particular type of access to a set of resources or compartment., A collection of related resources that can be accessed only by certain groups that have been given permission by an administrator in your organization., and An IAM document that specifies who has what type of access to your resources. It is used in different ways: to mean an individual statement written in the policy language; to mean a collection of statements in a single, named "policy" document (which has an Oracle Cloud ID (OCID) assigned to it); and to mean the overall body of policies your organization uses to control access to resources. that control which users can access which services, which resources, and the type of access. For example, the policies control who can create new users, create and manage the cloud network, launch instances, create buckets, download objects, etc. For more information, see Getting Started with Policies. For specific details about writing policies for each of the different services, see Policy Reference.
If you’re a regular user (not an administrator) who needs to use the Oracle Cloud Infrastructure resources that your company owns, contact your administrator to set up a user ID for you. The administrator can confirm which compartment or compartments you should be using.
Email Delivery supports the following authentication types for control plane operations (management endpoint):
- Instance Authorization: The IAM service feature that enables instances to be authorized actors (or principals) to perform actions on service resources. Each compute instance has its own identity, and it authenticates using the certificates that are added to it. These certificates are automatically created, assigned to instances and rotated, preventing the need for you to distribute credentials to your hosts and rotate them.
- Cross-Tenancy: Cross-tenancy authorization allows customers to share resources between tenancies. To authorize a cross-tenancy request, the request must be endorsed by the requester's tenancy and permitted by the target tenancy.
- Federated: Federated authentication enables an administrator to configure a relationship between an identity provider and a service provider. When you federate Oracle Cloud Infrastructure with an identity provider, you manage users and groups in the identity provider. You manage authorization in Oracle Cloud Infrastructure's IAM service. Oracle Cloud Infrastructure tenancies are federated with Oracle Identity Cloud Service by default.
Instance authorization, cross-tenancy, and federated authentication types do not apply to SMTP email sending. An approved sender and SMTP credentials are required and must be associated with the same tenancy for SMTP email sending.
SMTP Authentication and Connection Endpoints
Email Delivery only supports the AUTH PLAIN command when using SMTP authentication. If the sending application is not flexible with the AUTH command, an SMTP proxy/relay can be used. For more information about the AUTH command, see AUTH Command and its Mechanisms.
Use the following regional endpoints for establishing SMTP connections for sending.
- us-phoenix-1: smtp.us-phoenix-1.oraclecloud.com
- us-ashburn-1: smtp.us-ashburn-1.oraclecloud.com
Email Delivery Service Capabilities and Limits
See Service Limits for a list of applicable limits and instructions for requesting a limit increase.
New accounts are limited to:
- A volume of 2,000 emails a day.
- Messages up to 2 MB, inclusive of message headers, body, and attachments.
- 2,000 approved senders.
- Each user is limited to a maximum of two SMTP credentials.
- Sending rates are limited to five messages per second.
- Inline attachments.
The Email Delivery platform supports higher volumes. Limits are set as a safeguard for our customers' reputation.
You can use My Oracle Support to file a service request to increase the email sending limit as needed.
Enterprise accounts are limited to:
- A volume of 50,000 emails a day.
- Messages up to 2 MB, inclusive of message headers, body, and attachments.
- 10,000 approved senders.
- Sending rates are limited to 18,000 per minute.
- Inline attachments.
Required IAM Service Policy
To use Oracle Cloud Infrastructure, you must be given the required type of access in a An IAM document that specifies who has what type of access to your resources. It is used in different ways: to mean an individual statement written in the policy language; to mean a collection of statements in a single, named "policy" document (which has an Oracle Cloud ID (OCID) assigned to it); and to mean the overall body of policies your organization uses to control access to resources. written by an administrator, whether you're using the Console or the REST API with an SDK, CLI, or other tool. If you try to perform an action and get a message that you don’t have permission or are unauthorized, confirm with your administrator the type of access you've been granted and which A collection of related resources that can be accessed only by certain groups that have been given permission by an administrator in your organization. you should work in.
You can apply tags to your resources to help you organize them according to your business needs. You can apply tags at the time you create a resource, or you can update the resource later with the desired tags. For general information about applying tags, see Resource Tags.
Integration with Oracle Cloud Infrastructure Services
Email Delivery audits the following events:
- Creating a sender (CreateSender)
- Deleting a sender (DeleteSender)
- Retrieving details about a sender (ListSenders)
To view logs for events in the Email Delivery service, see Viewing Audit Log Events.
Getting Started with Email Delivery
The Oracle Cloud Infrastructure enables you to set up the Email Delivery service within the Console.
To begin sending email with Email Delivery, complete the following steps:
- Overview of the Email Delivery Service
- Email Delivery Service Components
- Regions and Availability Domains
- Ways to Access Oracle Cloud Infrastructure
- Authentication and Authorization
- SMTP Authentication and Connection Endpoints
- Email Delivery Service Capabilities and Limits
- Required IAM Service Policy
- Tagging Resources
- Integration with Oracle Cloud Infrastructure Services
- Getting Started with Email Delivery