alt Hacker NewsHaving sent billions of emails between multiple startups:
RE setup and testing: Trust (as is most devops one-time setups). Once the initial email setup is complete, you typically aren’t paying with it much. The black swan outages aren’t really an active concern.
RE PII: email is non-secure and shouldn’t have sensitive data in production either. Also, dev/test shouldn’t have PII in regulated industries as a good hygiene practice (I’ve worked in healthcare, finance, and national security contexts).
Re licensing: I appreciate your openness and clarity on the licensing of the gateway engine as AGPL vs MIT for the rest. There’s a more modern licensing approach with FSL-1.1-MIT. It may be a better fit for customers (ie clear licensing terms when using a paid license and less concerns if the business goes defunct or pivots) and for your business plans.
Thanks, someone who has sent billions of emails is exactly who I need to ask.
Regarding 'set and forget': I agree once infra is stable, it stays. But I see the value when the application layer changes—tweaking templates, switching providers, or DNS updates. Do you still feel mocks are enough there?
Regarding PII: You're 100% right on hygiene. The encryption (ML-KEM-768) is just a 'safety net' for the human errors.
Regarding FSL-1.1-MIT: Very interesting suggestion. I will investigate it.
Honest question: At your scale, is this a niche tool or is 'mock and pray' just the industry standard for a reason? Don’t worry about hurting my feelings, I just need to know if I'm solving a real problem.