Ten capabilities, one platform. Multi-tenant from day one, with governance baked in and dedicated send infrastructure we operate so you don't have to.
Each tenant owns its own API keys, sending domains, templates, suppression list, rate limits, sender profiles, workflows and audit log. Nothing leaks across tenants — by query, by URL, by webhook, by anything.
Tenants are the mail isolation root: a query for messages, suppressions, or templates always scopes by tenant. The operator console adds a tenant switcher for staff debugging across boundaries, but the API layer never crosses without an explicit per-tenant Bearer key.
Marketing tweaks the copy. Dev ships the feature. Compliance approves before anything leaves. Roll back a regression with one click — no deploy required.
Templates are stored in SkyMailr's database, not in your application source code. That means non-engineers can edit the subject line of a password reset email without filing a ticket and waiting for a deploy. Every approved version is immutable; new edits create a new version that has to pass approval before it can be sent.
Pick OpenAI, Anthropic, DeepSeek — or fall back to the dummy provider for tests. SkyMailr drafts and revises template content from a structured brief. Output is validated against your variable contract before save.
The LLM is a copywriting assistant — never a send pipeline component. Every draft it produces enters the same versioning and approval workflow as a human-written template. Token usage and prompts are persisted per generation for cost tracking and audit. If the model returns invalid Jinja2 or violates the declared variable contract, the draft fails validation and is logged, not saved.
Compose drip campaigns, onboarding sequences, re-engagement flows with step types: send, wait, branch, tag. Enroll a user with one API call — SkyMailr runs the rest.
The workflow engine maintains per-recipient state machines that survive deploys, restarts, and operator intervention. Cancel a campaign mid-flight, re-route a step, pause-and-resume — all programmatic. Step runs are individually audit-logged with status, timing, and any error detail.
SkyMailr operates the send infrastructure for every customer — IP warming, DKIM signing, MX routing, bounce processing, complaint feedback loops. You stay in your application code; we keep the mail flowing.
Each tenant gets DNS instructions auto-generated from its sending domain configuration. SkyMailr verifies SPF, DKIM, DMARC, and the return-path CNAME before accepting sends — unverified domains are blocked at dispatch. Sender reputation is tracked per tenant per domain, with automatic warmup curves that grow daily caps as you build deliverability history.
Bounces, complaints, unsubscribes, and manual blocks aggregate into a suppression list. Checked at message creation AND at dispatch — so a recipient added between queue and send is still respected.
The double-check matters: under high concurrency, a recipient can be added to suppressions in the window between when a message is queued and when the worker picks it up. SkyMailr's dispatch service re-runs the suppression check at the moment of send, so a race never escapes a blocked recipient. Removals are audit-logged with who removed it and when.
Bearer-auth REST API. Drop-in Python SDK with typed helpers for the common paths (verify, reset, invite, workflow enroll). Idempotency keys are first-class — caller retries are safe.
The Python SDK is a thin wrapper — there's no magic. Anything the SDK can do you can do with curl or any HTTP client. Pass idempotency_key on every send and your retries will never duplicate. Errors come back with a clean JSON shape and HTTP status codes that match the situation (429 for rate limit, 403 for plan limit, 422 for validation).
POST /api/v1/messages/send-template/ — templated sendPOST /api/v1/messages/send/ — raw HTML/text sendPOST /api/v1/workflows/<id>/enroll/ — drop user into a sequencePOST /api/v1/suppressions/ — manual suppressionGET /api/v1/messages/<uuid>/events/ — full delivery event timelinePer-tenant risk score. Auto-pause on bounce or complaint spikes. Sending-pause scopes that block marketing while keeping transactional flowing. Every operator action audit-logged.
SkyMailr distinguishes "stop everything" from "stop only marketing." When a tenant trips a reputation alarm, the marketing-lifecycle scope auto-pauses, but password resets and security alerts keep flowing. Operators can flip the pause-scope manually with a written reason that joins the audit trail. Pre-flight gates verify the domain, the plan caps, the tenant status — all before a message even enters the queue.
Postmaster signals — delivered, bounced, opened, clicked, complained — are ingested, normalized to a standard schema, and attached to the originating message. Bounces auto-suppress. Complaints auto-pause. Everything is in the audit log.
Inbound webhook ingestion is HMAC-signature verified with a configurable timestamp tolerance — no spoofed bounce events can poison your suppression list. The normalizer maps provider-specific event types to a consistent shape so your application doesn't have to care which mail backbone fired the event. Duplicate events (replays) are deduplicated by provider event ID.
Every message, every retry, every approval, every suppression removal — recorded with actor, timestamp, and context. When the regulator asks why you sent that email, you have an answer.
SkyMailr's audit trail is first-class infrastructure, not an afterthought. ``MessageEvent`` rows capture every state transition on every message. ``TemplateApproval`` rows capture who approved which version when with what note. ``SuppressionRemovalLog`` captures every unblock. ``LLMGenerationRecord`` captures every LLM operation with prompt, model, token usage, and validation result. Every operator action that mutates production data lands in the audit log automatically.