Authdog

Email providers

Last updated Jul 19, 2026
View as Markdown

Each environment can deliver transactional authentication email through Authdog's managed provider or one connected provider of your own. Only one provider is active at a time. The managed provider is used until you connect and activate another.

Choose a provider

Supported email delivery choices:

  • Authdog managed — no credentials or setup.
  • Custom SMTP — host, port, username, password, from address, and optional implicit TLS.
  • Resend — API key and from address.
  • SendGrid — API key and from address.
  • Amazon SES — access key ID, secret access key, region, and from address.
  • Postmark — server token, from address, and optional message stream.

Provider configuration belongs to one environment. Configure development first, then repeat with production-specific credentials and sender domains.

Connect a provider

In the Authdog console:

  1. Select the project and environment.
  2. Open Notifications → Providers.
  3. Select the Email channel.
  4. Choose a provider and select Connect.
  5. Enter its required credentials and from address.
  6. Save. A newly connected provider becomes active.
  7. Select Test, enter a recipient, and confirm delivery.

When managing an existing provider, secret fields are masked and never loaded back into the browser. Leave a secret field blank to keep its stored value; enter a new value to replace it.

You can connect several providers, but only one sends for the environment. Use Set active to switch, or Use managed to return to Authdog-managed delivery.

SMTP transport

Custom SMTP supports:

  • Port 587 with STARTTLS upgrade.
  • Port 465 with Use TLS/SSL enabled for implicit TLS.
  • AUTH LOGIN when both username and password are present.

Use the exact submission host and credentials supplied by your relay. Do not use an unencrypted SMTP endpoint.

Prepare the sender domain

Before activation:

  1. Verify the from address or domain with your provider.
  2. Publish provider-required SPF and DKIM records.
  3. Add a DMARC policy appropriate for your rollout.
  4. Confirm the provider account is out of sandbox or test mode where applicable.
  5. Send a test to a mailbox outside your own domain and inspect authentication results.

Authdog selecting a provider does not verify sender-domain ownership at that provider. Provider-side rejection still causes delivery failure.

Security guidance

  • Create least-privilege sending credentials for Authdog; do not reuse account-owner or general AWS credentials.
  • Store provider secrets only through the console. They are encrypted server-side and are not returned by provider queries.
  • Rotate credentials in a non-production environment first, then replace production values and run a test.
  • Restrict SES credentials to required email actions and region.
  • Use a dedicated transactional sender domain to isolate reputation from employee mail.
  • Disconnect credentials no longer in use.

Operational notes

  • Test before switching active provider and again after DNS or credential changes.
  • Keep Authdog managed delivery available as a deliberate rollback option.
  • A connected provider is not necessarily active; check its status badge.
  • Postmark defaults to the outbound message stream when no stream is configured.
  • SMTP defaults to port 587 when no usable port reaches dispatch, but the console requires a port during setup.
  • If delivery fails, check provider suppression lists, account limits, sender verification, region, credentials, and provider logs.
  • Disconnecting removes that environment's provider configuration. Switch active delivery first when planning a controlled change.

Email provider setup affects email only. SMS providers shown in the same console area are a separate channel and are not configured by this page.

Learn more