Emails Driftstack sends
Driftstack uses Postmark
for transactional email. This page lists every template we
send, what triggers it, and whether you can opt out (vs
transactional emails that are required for the service to
function).
Auth + account access
| Template | Trigger | Opt-outable? |
|---|
| signup-verification — "Verify your Driftstack account" | Signup (POST /v1/auth/signup) | No — required to access the account. |
| password-reset | Password reset (POST /v1/auth/password-reset/request) | No — user-triggered. |
| oauth-pending-verification |
Sign-in with Google or GitHub using an email that already
has a Driftstack account but no link yet — the recipient
confirms the new sign-in method via a 60-min single-use
link (POST /v1/auth/oauth-client/start
→ /v1/auth/oauth-client/confirm-merge).
| No — required for the merge to complete. |
Lifecycle (opt-outable)
| Template | Trigger |
|---|
| signup-welcome | Sent after verify-email succeeds. |
| session-success-first | First successful session on the account (V-304a). |
| session-failed-first | First failed session — gentle nudge with debugging tips. |
| tier-changed | Tier upgrade or downgrade lands. |
Billing
| Template | Trigger | Opt-outable? |
|---|
| billing-receipt | Successful charge (Stripe / crypto) | Yes — opt-outable per
OptOutableEmailEventSchema, though most
customers leave it on for record-keeping. |
| billing-failure | Payment attempt failed; carries portal URL + retry-at. | No — needed to recover payment before suspension. |
| billing-renewal-reminder | 3-7 days before annual renewal (V-304b). | Yes. |
| subscription-cancellation | Subscription cancellation processed. | No. |
Status + ops notifications
| Template | Trigger | Opt-outable? |
|---|
| status-subscription-confirmation | Email-list opt-in confirmation from
status page. | The link in this email is itself the
opt-in confirmation; status emails carry one-click
unsubscribe. |
| status-subscription-welcome | First "you're subscribed" email. | Unsubscribe link in body. |
| status-incident-created | Incident filed on the public status page. | Unsubscribe link in body. |
| status-incident-updated |
Operator posted an update on an open incident.
Throttled to at most 1 per subscriber per incident per
hour to prevent inbox flood on long-running incidents.
| Unsubscribe link in body. |
| status-incident-resolved | Same incident resolved. | Unsubscribe link in body (single subscription
covers create + update + resolve). |
| session-event-digest | Weekly summary of sessions run + outcomes. | Unsubscribe link in body. |
| quota-warning | Approaching the tier's concurrency / minute cap. | No — guards against accidental overage. |
Security + rotation
Credential-rotation notifications. Security-critical; never
opt-outable.
| Template | Trigger | Opt-outable? |
|---|
| webhook-secret-rotation-reminder |
Webhook signing secret reaches the 60-day nag threshold
(recommended 90-day rotation cadence). Includes endpoint
URL + secret prefix so the right endpoint is identifiable
without re-exposing the full secret.
| No — security advisory. |
| webhook-secret-force-rotated |
Server-initiated rotation when a webhook secret crosses
the 91-day hard cap. Carries the new secret prefix + 7-day
grace deadline so verifier code can pick up the new value
during the dual-sign window.
| No — security advisory. |
| webhook-secret-grace-expiring |
24h-before-grace-expiry nag after a force-rotation. Heads
up that the previous secret is about to stop verifying;
update verifier code now if it hasn't picked up the new
secret yet.
| No — security advisory. |
| byok-anthropic-key-rotation-reminder |
BYOK Anthropic API key reaches the 60-day nag threshold
(recommended 90-day rotation cadence). No partial-key
echo in the body — the key never appears.
| No — security advisory. |
Team + support
| Template | Trigger | Opt-outable? |
|---|
| team-invite | An admin invites a new member to the team. | No — the invitee needs the link to accept. |
| support-ack | Acknowledgement of a support ticket. | No. |
Managing your preferences
Status-page subscribers can unsubscribe with the one-click
link in any status email. Lifecycle + billing-notification
emails are managed via the customer dashboard or the API:
GET /v1/account/email-preferences # read current toggles
PUT /v1/account/email-preferences # body: { event_type, opted_in }
PUT updates one event type at a time. Repeat for
each toggle you want to change. The full event-type set is in
OptOutableEmailEventSchema in
@driftstack/api-types.
Domain + sender reputation
Driftstack emails come from [email protected]
with reply-to [email protected]. DKIM, SPF,
and DMARC are configured on the driftstack.dev
apex domain (DMARC policy p=quarantine with
rua + ruf reporting). Postmark is
the single sender — if you see an email claiming to come from
Driftstack from any other infrastructure, it isn't us. Report
it to
[email protected].
Related
