{"id":850,"date":"2026-04-16T09:55:15","date_gmt":"2026-04-16T09:55:15","guid":{"rendered":"https:\/\/www.devopsschool.com\/tutorials\/oracle-cloud-email-delivery-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-application-development\/"},"modified":"2026-04-16T09:55:15","modified_gmt":"2026-04-16T09:55:15","slug":"oracle-cloud-email-delivery-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-application-development","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/tutorials\/oracle-cloud-email-delivery-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-application-development\/","title":{"rendered":"Oracle Cloud Email Delivery Tutorial: Architecture, Pricing, Use Cases, and Hands-On Guide for Application Development"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">Category<\/h2>\n\n\n\n<p>Application Development<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">1. Introduction<\/h2>\n\n\n\n<p>Oracle Cloud <strong>Email Delivery<\/strong> (often referred to in documentation as <strong>Oracle Cloud Infrastructure (OCI) Email Delivery<\/strong>) is a managed service for sending <strong>outbound<\/strong> email from your applications and systems\u2014things like password resets, account verification, invoices, alerts, and operational notifications.<\/p>\n\n\n\n<p>In simple terms: you connect your app to Oracle Cloud Email Delivery using standard <strong>SMTP<\/strong>, authenticate with <strong>SMTP credentials<\/strong>, and send emails reliably without running and maintaining your own mail servers.<\/p>\n\n\n\n<p>Technically, Email Delivery provides a regional, cloud-managed email submission and delivery capability with governance features such as <strong>approved senders<\/strong>, optional <strong>email domains and DKIM signing<\/strong>, <strong>suppression list<\/strong> management (bounces\/complaints), and integration with Oracle Cloud\u2019s <strong>IAM<\/strong>, <strong>compartments<\/strong>, <strong>audit logging<\/strong>, and <strong>monitoring<\/strong>.<\/p>\n\n\n\n<p>It solves a common problem in Application Development and platform operations: <strong>delivering transactional email at scale<\/strong> while reducing the operational burden and security risks of self-hosted SMTP servers and improving deliverability through authenticated sending practices.<\/p>\n\n\n\n<blockquote>\n<p>Service name note: The exact service name used throughout this tutorial is <strong>Email Delivery<\/strong>. In official Oracle Cloud documentation, you may also see it presented as <strong>OCI Email Delivery<\/strong>. At the time of writing, Email Delivery is an active OCI service; verify current naming and scope in the official docs if Oracle updates branding.<\/p>\n<\/blockquote>\n\n\n\n<h2 class=\"wp-block-heading\">2. What is Email Delivery?<\/h2>\n\n\n\n<p><strong>Official purpose (practical definition):<\/strong><br\/>\nOracle Cloud <strong>Email Delivery<\/strong> is an Oracle Cloud Infrastructure service that enables you to send outbound email from applications and services using SMTP, with controls for sender identity, email authentication (for example DKIM), and bounce\/complaint suppression.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Core capabilities<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Send outbound email via SMTP<\/strong> using region-specific SMTP endpoints.<\/li>\n<li>Define and verify <strong>Approved Senders<\/strong> (email addresses allowed to send).<\/li>\n<li>Configure <strong>Email Domains<\/strong> (domain-level sending identity) and set up <strong>DKIM<\/strong> signing for improved deliverability.<\/li>\n<li>Track and manage a <strong>Suppression List<\/strong> (addresses that should not receive email due to bounces\/complaints or manual suppression).<\/li>\n<li>Use Oracle Cloud governance features:<\/li>\n<li><strong>IAM policies<\/strong> and compartment-based access control<\/li>\n<li><strong>Audit<\/strong> for control-plane actions<\/li>\n<li><strong>Monitoring metrics<\/strong> for visibility (verify metric names and availability in your region in official docs)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Major components (conceptual model)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>SMTP submission endpoint (data plane):<\/strong> where your app submits messages.<\/li>\n<li><strong>Approved Sender:<\/strong> a verified \u201cFrom\u201d address you are allowed to use.<\/li>\n<li><strong>Email Domain + DKIM:<\/strong> domain-based authentication configuration for better reputation and deliverability.<\/li>\n<li><strong>SMTP credentials:<\/strong> username\/password created for an OCI user to authenticate to the SMTP endpoint.<\/li>\n<li><strong>Suppression list:<\/strong> addresses that should not receive messages due to deliverability and complaint handling.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Service type and scope<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Service type:<\/strong> Managed outbound email (transactional) delivery service using SMTP submission.<\/li>\n<li><strong>Scope:<\/strong> Primarily <strong>regional<\/strong> within OCI. Email Delivery resources (like approved senders\/domains) and SMTP endpoints are region-associated.  <\/li>\n<li>Verify regional availability in the official \u201cRegions\u201d and Email Delivery documentation.<\/li>\n<li><strong>Tenancy\/compartment integration:<\/strong> Resources are managed within an OCI <strong>tenancy<\/strong>, organized by <strong>compartments<\/strong>, and governed by <strong>IAM<\/strong> policies.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">How it fits into the Oracle Cloud ecosystem<\/h3>\n\n\n\n<p>Email Delivery fits naturally into <strong>Application Development<\/strong> and platform operations on Oracle Cloud:\n&#8211; Compute workloads (Compute instances, Instance Pools)\n&#8211; Containerized apps (OKE)\n&#8211; Serverless (Functions) where networking permits outbound SMTP\n&#8211; CI\/CD pipelines and operational tooling (sending job status notifications)\n&#8211; Observability-driven operations (alerts routed through application logic)<\/p>\n\n\n\n<p>It complements (but does not replace) other messaging and integration services\u2014Email Delivery is for <strong>email<\/strong>, not for general pub\/sub or SMS.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">3. Why use Email Delivery?<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Business reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Faster time-to-market:<\/strong> you don\u2019t need to build and maintain a mail server infrastructure.<\/li>\n<li><strong>Lower operational overhead:<\/strong> fewer components to patch, secure, and monitor.<\/li>\n<li><strong>Better customer experience:<\/strong> more reliable delivery for transactional email (verification, receipts, alerts).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Technical reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Standard SMTP integration:<\/strong> works with most languages, frameworks, and libraries.<\/li>\n<li><strong>Governed sender identity:<\/strong> \u201capproved sender\u201d and domain-based setups reduce accidental spoofing and misconfiguration.<\/li>\n<li><strong>Deliverability best practices:<\/strong> DKIM signing support and suppression handling help reduce spam-folder placement.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Operational reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Compartment-based organization:<\/strong> separate dev\/test\/prod sending identities and policies.<\/li>\n<li><strong>Metrics and visibility:<\/strong> operational insights without building your own telemetry (verify exact metrics in your region).<\/li>\n<li><strong>Quotas\/service limits:<\/strong> guardrails for safe usage and scaling.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Security\/compliance reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>IAM-controlled administration:<\/strong> define who can create approved senders\/domains and manage suppressions.<\/li>\n<li><strong>Audit logging:<\/strong> changes to sending identities and suppression rules can be audited.<\/li>\n<li><strong>TLS-based SMTP submission:<\/strong> use encrypted connections (STARTTLS \/ TLS) to reduce interception risk.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Scalability\/performance reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Designed for scalable outbound delivery without you maintaining MTAs, queues, or bounce processors.<\/li>\n<li>Supports use cases from small transactional volumes to high-volume application sending (subject to service limits).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">When teams should choose Email Delivery<\/h3>\n\n\n\n<p>Choose Email Delivery when you need:\n&#8211; Transactional email from apps or platform workflows\n&#8211; A managed service that integrates into OCI IAM\/compartments\n&#8211; A controlled and auditable way to manage senders\/domains\n&#8211; A solution that avoids self-hosted SMTP complexity<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">When teams should not choose Email Delivery<\/h3>\n\n\n\n<p>Avoid Email Delivery when you need:\n&#8211; <strong>Inbound<\/strong> email processing (mailboxes, receiving, routing inbound mail) \u2014 Email Delivery is outbound-focused.\n&#8211; A complete marketing automation platform (campaigns, segmentation, A\/B testing, templates, unsubscribe management at scale).<br\/>\n  &#8211; For marketing-heavy workflows, consider specialized tools (Oracle products or third-party ESPs).\n&#8211; Full control over MTA behavior, custom queueing policies, or on-prem-only routing (self-managed might fit better).<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">4. Where is Email Delivery used?<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Industries<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>SaaS and software products (account verification, billing notices)<\/li>\n<li>E-commerce (order confirmations, shipping notifications)<\/li>\n<li>Financial services (transaction alerts, statements\u2014subject to compliance)<\/li>\n<li>Healthcare (appointment reminders\u2014subject to regulatory controls)<\/li>\n<li>Education (enrollment notifications, LMS alerts)<\/li>\n<li>Media and subscriptions (login links, alerts)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Team types<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Application developers and platform teams<\/li>\n<li>DevOps\/SRE teams sending operational notifications<\/li>\n<li>Security teams integrating identity flows (MFA\/verification emails)<\/li>\n<li>IT operations teams modernizing legacy app notifications<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Workloads<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>User lifecycle: sign-up, verification, password reset<\/li>\n<li>System events: job completion, failures, anomaly alerts<\/li>\n<li>Billing: invoices, receipts, payment failure notices<\/li>\n<li>Support: ticket updates, escalation notifications<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Architectures<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Microservices: each service uses SMTP through a shared internal library<\/li>\n<li>Event-driven: events trigger functions that send emails<\/li>\n<li>Batch processing: scheduled jobs send summary reports<\/li>\n<li>Hybrid: on-prem apps send via OCI Email Delivery over the internet\/VPN (networking permitting)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Real-world deployment contexts<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Production:<\/strong> DKIM-enabled domain sending, strict IAM, monitoring, suppression governance<\/li>\n<li><strong>Dev\/Test:<\/strong> separate approved senders, lower limits, test recipient addresses, controlled policies to avoid accidental outbound spam<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">5. Top Use Cases and Scenarios<\/h2>\n\n\n\n<p>Below are realistic scenarios where Oracle Cloud Email Delivery is commonly used. Each includes the problem, why Email Delivery fits, and a short example.<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\n<p><strong>Password reset emails<\/strong>\n   &#8211; <strong>Problem:<\/strong> Users need secure password reset links delivered quickly.\n   &#8211; <strong>Why Email Delivery fits:<\/strong> SMTP integration is simple; DKIM improves deliverability; suppression reduces repeat failures.\n   &#8211; <strong>Scenario:<\/strong> A web app sends a reset token email after a user requests password recovery.<\/p>\n<\/li>\n<li>\n<p><strong>New account verification<\/strong>\n   &#8211; <strong>Problem:<\/strong> You must confirm that the user owns the email address.\n   &#8211; <strong>Why it fits:<\/strong> Controlled approved sender identity; consistent delivery.\n   &#8211; <strong>Scenario:<\/strong> After sign-up, the app emails a verification link.<\/p>\n<\/li>\n<li>\n<p><strong>Billing and invoice notifications<\/strong>\n   &#8211; <strong>Problem:<\/strong> Customers must reliably receive invoices and payment receipts.\n   &#8211; <strong>Why it fits:<\/strong> Operationally managed sending identity and domain authentication.\n   &#8211; <strong>Scenario:<\/strong> A monthly billing job emails invoices (PDF links) to customers.<\/p>\n<\/li>\n<li>\n<p><strong>Order confirmation and shipping updates<\/strong>\n   &#8211; <strong>Problem:<\/strong> Transactional updates must reach inboxes quickly.\n   &#8211; <strong>Why it fits:<\/strong> Designed for transactional email flows from application backends.\n   &#8211; <strong>Scenario:<\/strong> E-commerce backend sends \u201corder placed\u201d and \u201cshipped\u201d emails.<\/p>\n<\/li>\n<li>\n<p><strong>Operational alerts routed through application logic<\/strong>\n   &#8211; <strong>Problem:<\/strong> Teams want to send tailored alerts (with context) rather than generic monitoring emails.\n   &#8211; <strong>Why it fits:<\/strong> Application-controlled SMTP sending with your own templates\/content.\n   &#8211; <strong>Scenario:<\/strong> A pipeline detects failures and emails the owning team with logs\/links.<\/p>\n<\/li>\n<li>\n<p><strong>CI\/CD pipeline notifications<\/strong>\n   &#8211; <strong>Problem:<\/strong> Build\/deploy results should reach developers without relying on third-party email servers.\n   &#8211; <strong>Why it fits:<\/strong> Easy SMTP integration from build agents; compartment separation per environment.\n   &#8211; <strong>Scenario:<\/strong> Jenkins\/GitHub Actions runner calls a script that sends an email summary.<\/p>\n<\/li>\n<li>\n<p><strong>Security notifications<\/strong>\n   &#8211; <strong>Problem:<\/strong> Users need warnings about unusual login activity.\n   &#8211; <strong>Why it fits:<\/strong> Controlled \u201cFrom\u201d identity reduces spoof risk; can sign with DKIM.\n   &#8211; <strong>Scenario:<\/strong> App emails \u201cNew login from device X\u201d alerts.<\/p>\n<\/li>\n<li>\n<p><strong>Scheduled report distribution<\/strong>\n   &#8211; <strong>Problem:<\/strong> Stakeholders want daily\/weekly reports by email.\n   &#8211; <strong>Why it fits:<\/strong> Batch systems can send outbound messages on schedule via SMTP.\n   &#8211; <strong>Scenario:<\/strong> A nightly job emails KPI summaries to executives.<\/p>\n<\/li>\n<li>\n<p><strong>Multi-tenant SaaS with compartment isolation<\/strong>\n   &#8211; <strong>Problem:<\/strong> Different tenants require isolation and governance.\n   &#8211; <strong>Why it fits:<\/strong> OCI compartments and IAM policies can separate identities and control access.\n   &#8211; <strong>Scenario:<\/strong> Each tenant\u2019s environment has distinct sending domain configuration.<\/p>\n<\/li>\n<li>\n<p><strong>Legacy application modernization<\/strong>\n   &#8211; <strong>Problem:<\/strong> A legacy app expects an SMTP relay but you don\u2019t want to host an MTA.\n   &#8211; <strong>Why it fits:<\/strong> Email Delivery acts as the relay; minimal changes required.\n   &#8211; <strong>Scenario:<\/strong> An on-prem app is re-pointed from local Postfix to OCI SMTP.<\/p>\n<\/li>\n<li>\n<p><strong>Edge-case: \u201cDo-not-contact\u201d enforcement<\/strong>\n   &#8211; <strong>Problem:<\/strong> You must prevent sending to certain addresses for legal or customer preference reasons.\n   &#8211; <strong>Why it fits:<\/strong> Suppression list management provides a centralized stop-list (validate workflow in official docs).\n   &#8211; <strong>Scenario:<\/strong> Support adds addresses to suppression based on customer request.<\/p>\n<\/li>\n<li>\n<p><strong>Blue\/green release testing for email flows<\/strong>\n   &#8211; <strong>Problem:<\/strong> New release must be tested without affecting real customers.\n   &#8211; <strong>Why it fits:<\/strong> Separate approved senders or separate compartments for staging.\n   &#8211; <strong>Scenario:<\/strong> Staging environment sends only to internal test addresses.<\/p>\n<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\">6. Core Features<\/h2>\n\n\n\n<p>This section focuses on widely documented, current capabilities of Oracle Cloud Email Delivery. If your tenancy\/region differs, <strong>verify in official docs<\/strong>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">6.1 SMTP-based sending<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> Lets applications submit emails through SMTP using authenticated credentials.<\/li>\n<li><strong>Why it matters:<\/strong> SMTP is universally supported; easiest integration path for most apps and tools.<\/li>\n<li><strong>Practical benefit:<\/strong> Works with Python, Java, Node.js, .NET, PHP, Postfix relay mode, and more.<\/li>\n<li><strong>Caveats:<\/strong> SMTP traffic is to a <strong>public endpoint<\/strong>; ensure outbound network access and TLS.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">6.2 Approved Senders (verified \u201cFrom\u201d addresses)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> Restricts outbound sending to verified sender addresses.<\/li>\n<li><strong>Why it matters:<\/strong> Prevents spoofing and reduces misconfigured apps sending as random addresses.<\/li>\n<li><strong>Practical benefit:<\/strong> Easy to start: verify a single address and send test emails quickly.<\/li>\n<li><strong>Caveats:<\/strong> For higher deliverability and brand alignment, domain-based configuration is recommended.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">6.3 Email Domains and DKIM signing<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> Allows domain-level configuration and DKIM keys\/records so recipients can verify message authenticity.<\/li>\n<li><strong>Why it matters:<\/strong> DKIM is a major deliverability factor; many organizations require authenticated sending.<\/li>\n<li><strong>Practical benefit:<\/strong> Fewer spam-folder issues; improved trust and consistent branding.<\/li>\n<li><strong>Caveats:<\/strong> Requires DNS access to publish DKIM records; DNS changes take time to propagate.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">6.4 Suppression list management (bounces\/complaints)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> Maintains a list of recipients that should not be emailed (for example, repeated bounces or complaints, and manually suppressed addresses).<\/li>\n<li><strong>Why it matters:<\/strong> Repeatedly emailing invalid addresses harms sender reputation.<\/li>\n<li><strong>Practical benefit:<\/strong> Helps protect deliverability and reduces wasted send attempts.<\/li>\n<li><strong>Caveats:<\/strong> Understand your business process: manual suppression for \u201cdo not email\u201d may be required in addition to bounce-based suppression.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">6.5 IAM and compartment scoping<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> Controls who can create\/manage approved senders, domains, and suppression entries.<\/li>\n<li><strong>Why it matters:<\/strong> Sending email is a sensitive capability; governance prevents abuse.<\/li>\n<li><strong>Practical benefit:<\/strong> Enforce separation of duties (developers can send, security admins manage domains).<\/li>\n<li><strong>Caveats:<\/strong> Design policies carefully to avoid over-permissive access.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">6.6 Auditability (control-plane)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> OCI audit logs can record administrative actions (creating senders\/domains, changing settings).<\/li>\n<li><strong>Why it matters:<\/strong> Supports compliance and incident investigation.<\/li>\n<li><strong>Practical benefit:<\/strong> Trace \u201cwho changed what\u201d in production.<\/li>\n<li><strong>Caveats:<\/strong> Audit covers management actions; it is not a full email content archive.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">6.7 Monitoring and metrics<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> Provides service-level metrics that help operators understand sending volume and delivery outcomes.<\/li>\n<li><strong>Why it matters:<\/strong> You need to detect spikes, failures, or reputation-impacting issues quickly.<\/li>\n<li><strong>Practical benefit:<\/strong> Alert on abnormal bounce rates or send failures (verify which metrics are exposed and how).<\/li>\n<li><strong>Caveats:<\/strong> Metrics granularity and availability may differ by region; verify in docs.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">6.8 SDK\/CLI support for management operations<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> Enables automation of management tasks (creating approved senders, querying suppression list).<\/li>\n<li><strong>Why it matters:<\/strong> Infrastructure-as-Code and repeatability for multi-environment setups.<\/li>\n<li><strong>Practical benefit:<\/strong> Integrate with CI\/CD and provisioning workflows.<\/li>\n<li><strong>Caveats:<\/strong> Email submission itself is typically via SMTP; API\/CLI are primarily for management.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">7. Architecture and How It Works<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">High-level architecture<\/h3>\n\n\n\n<p>Email Delivery has two primary planes:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\n<p><strong>Control plane (management):<\/strong>\n   &#8211; Define and verify approved senders\n   &#8211; Configure email domains and DKIM\n   &#8211; Manage suppression list\n   &#8211; Govern via IAM\/compartments and track actions via Audit<\/p>\n<\/li>\n<li>\n<p><strong>Data plane (email submission and delivery):<\/strong>\n   &#8211; Applications connect to a region-specific SMTP endpoint using SMTP credentials\n   &#8211; Messages are processed and delivered to recipient mail systems\n   &#8211; Bounces\/complaints may influence the suppression list and metrics (verify details in official docs)<\/p>\n<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">Request\/data\/control flow<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Admin configures <strong>Approved Sender<\/strong> (and optionally domain + DKIM).<\/li>\n<li>Admin creates <strong>SMTP credentials<\/strong> for an OCI user intended for sending.<\/li>\n<li>Application uses SMTP (preferably TLS) to submit an email:\n   &#8211; Authenticates using SMTP username\/password\n   &#8211; Uses an approved \u201cFrom\u201d address<\/li>\n<li>Email Delivery attempts delivery to recipients\u2019 mail servers.<\/li>\n<li>Delivery outcomes influence:\n   &#8211; Suppression list entries (for certain failures)\n   &#8211; Monitoring metrics<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">Integrations with related Oracle Cloud services<\/h3>\n\n\n\n<p>Common OCI integrations include:\n&#8211; <strong>IAM:<\/strong> policies controlling Email Delivery management\n&#8211; <strong>Compartments:<\/strong> environment scoping (dev\/test\/prod)\n&#8211; <strong>Audit:<\/strong> change tracking\n&#8211; <strong>Monitoring\/Alarms:<\/strong> operational visibility\n&#8211; <strong>OCI Functions \/ OKE \/ Compute:<\/strong> application hosts that send mail via SMTP\n&#8211; <strong>OCI Vault:<\/strong> store SMTP credentials securely (recommended)<\/p>\n\n\n\n<blockquote>\n<p>Note: Some teams also integrate with OCI Events\/Notifications patterns indirectly (for example, an event triggers a function; the function sends email via Email Delivery). Avoid assuming direct \u201cbounce event streaming\u201d integrations unless confirmed in official docs.<\/p>\n<\/blockquote>\n\n\n\n<h3 class=\"wp-block-heading\">Dependency services<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>DNS provider<\/strong> (OCI DNS or external): needed for DKIM records if you use email domains.<\/li>\n<li><strong>Vault<\/strong> (optional but recommended): secrets storage for SMTP credentials.<\/li>\n<li><strong>Networking egress:<\/strong> application must reach the public SMTP endpoint.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Security\/authentication model<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>SMTP authentication:<\/strong> uses SMTP credentials tied to an OCI user.<\/li>\n<li><strong>Authorization governance:<\/strong> controlled by IAM policies for who can manage Email Delivery resources.<\/li>\n<li><strong>Sender validation:<\/strong> \u201cFrom\u201d addresses must match configured approved senders and\/or domain policies.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Networking model<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>SMTP endpoints are <strong>public<\/strong> and regional. Your workloads must have outbound internet access (direct or via NAT gateway) to reach the endpoint.<\/li>\n<li>Use <strong>TLS\/STARTTLS<\/strong> ports supported by Email Delivery (verify current ports and endpoints in official docs; commonly 587 for STARTTLS is used).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Monitoring\/logging\/governance considerations<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use <strong>Monitoring metrics<\/strong> and <strong>alarms<\/strong> to detect:<\/li>\n<li>Spikes in sending volume<\/li>\n<li>Elevated bounce\/complaint rates<\/li>\n<li>Authentication failures (where measurable)<\/li>\n<li>Use <strong>Audit<\/strong> to track:<\/li>\n<li>Creation\/deletion of approved senders and domains<\/li>\n<li>Suppression list changes<\/li>\n<li>Policy changes affecting Email Delivery administration<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">Simple architecture diagram (starter)<\/h4>\n\n\n\n<pre><code class=\"language-mermaid\">flowchart LR\n  A[Application \/ Script] --&gt;|SMTP over TLS| S[Email Delivery SMTP Endpoint&lt;br\/&gt;(Regional)]\n  S --&gt; R[Recipient Mail Servers]\n  Admin[Admin] --&gt;|Console\/CLI| C[Email Delivery Control Plane&lt;br\/&gt;Approved Senders \/ Domains \/ Suppressions]\n  C -.governs.-&gt; S\n<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Production-style architecture diagram (recommended patterns)<\/h4>\n\n\n\n<pre><code class=\"language-mermaid\">flowchart TB\n  subgraph OCI[Oracle Cloud Tenancy]\n    subgraph CompartmentProd[Compartment: prod]\n      App1[OKE\/Compute Apps] --&gt;|SMTP TLS 587| SMTP[Email Delivery SMTP Endpoint&lt;br\/&gt;(Region)]\n      Vault[OCI Vault&lt;br\/&gt;SMTP Credentials Secret] --&gt; App1\n      Mon[OCI Monitoring + Alarms] &lt;--&gt;|Metrics| SMTP\n      Audit[OCI Audit] &lt;--&gt;|Control-plane events| Control[Email Delivery Resources&lt;br\/&gt;Approved Senders, Email Domains, DKIM, Suppressions]\n      IAM[IAM Policies &amp; Groups] --&gt; Control\n    end\n  end\n\n  SMTP --&gt; MX[External Recipient Mail Systems]\n  DNS[DNS Provider (OCI DNS\/External)] --&gt;|DKIM records| Control\n<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">8. Prerequisites<\/h2>\n\n\n\n<p>Before you start the hands-on lab, ensure you have:<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Tenancy \/ account requirements<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>An active <strong>Oracle Cloud (OCI) tenancy<\/strong> with permission to use Email Delivery in at least one region.<\/li>\n<li>Access to the OCI Console.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Permissions \/ IAM roles<\/h3>\n\n\n\n<p>You need permissions to:\n&#8211; Manage Email Delivery resources (approved senders, email domains, suppressions)\n&#8211; Create SMTP credentials for a user (typically under IAM user settings)<\/p>\n\n\n\n<p>A common policy pattern (example\u2014adjust to your model and <strong>verify in official IAM docs<\/strong>):\n&#8211; Create a group (for example <code>EmailDeliveryAdmins<\/code>)\n&#8211; Add users who manage Email Delivery to that group\n&#8211; Create a policy in the target compartment such as:\n  &#8211; <code>Allow group EmailDeliveryAdmins to manage email-family in compartment &lt;compartment-name&gt;<\/code><\/p>\n\n\n\n<blockquote>\n<p>The exact resource family name and policy verbs should be validated against the official Email Delivery IAM documentation.<\/p>\n<\/blockquote>\n\n\n\n<h3 class=\"wp-block-heading\">Billing requirements<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A billing-enabled tenancy (Email Delivery is usage-priced; free tier may exist\u2014verify in official pricing).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Tools (for the lab)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A machine to run a test send:<\/li>\n<li>Your laptop, or<\/li>\n<li>An OCI Compute instance, or<\/li>\n<li>Cloud Shell (if outbound SMTP is allowed from your environment)<\/li>\n<li>One of the following:<\/li>\n<li>Python 3 (recommended for this tutorial), or<\/li>\n<li><code>swaks<\/code> (SMTP test tool), or<\/li>\n<li>Any SMTP-capable client library\/tool<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Region availability<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Email Delivery is regional. Pick a region where it\u2019s available in your tenancy.<\/li>\n<li>You must use the SMTP endpoint matching your chosen region.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Quotas \/ limits<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Email Delivery has service limits (for example rate\/volume). Start small.<\/li>\n<li>If you plan production volume, review and request limit increases early (via OCI service limits process).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Prerequisite services (optional but recommended)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>OCI Vault<\/strong> for storing SMTP credentials (recommended for production).<\/li>\n<li><strong>DNS<\/strong> access (OCI DNS or external) if you want DKIM domain setup.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">9. Pricing \/ Cost<\/h2>\n\n\n\n<p>Oracle Cloud Email Delivery pricing is <strong>usage-based<\/strong>. Exact prices can vary by region and may change; always confirm using official Oracle sources.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Pricing dimensions (what you typically pay for)<\/h3>\n\n\n\n<p>Common pricing dimensions for managed email delivery services include:\n&#8211; <strong>Number of emails sent<\/strong> (often billed per 1,000 emails or similar unit)\n&#8211; Potential add-ons or premium deliverability options (if offered; verify in OCI pricing)\n&#8211; Related services you use alongside Email Delivery (Vault, Monitoring, data egress, Compute\/Functions)<\/p>\n\n\n\n<p>For Oracle Cloud Email Delivery specifically:\n&#8211; Refer to the official Oracle Cloud pricing page and Email Delivery line item(s) to confirm:\n  &#8211; Unit of measure (emails, per 1K emails, etc.)\n  &#8211; Whether there is a free monthly allowance (free tier) and its size\n  &#8211; Any regional variance<\/p>\n\n\n\n<p>Official references:\n&#8211; Oracle Cloud Pricing page (navigate to Email Delivery): https:\/\/www.oracle.com\/cloud\/price-list\/\n&#8211; Oracle Cloud Cost Estimator \/ Calculator: https:\/\/www.oracle.com\/cloud\/costestimator.html (or the current Oracle cost estimator page)<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Free tier (if applicable)<\/h3>\n\n\n\n<p>Oracle Cloud often provides free usage for certain services. If Email Delivery includes a free allowance, it will be listed on the official pricing\/free tier pages. <strong>Verify in official docs<\/strong> because free tier amounts and eligibility can change.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Cost drivers (what makes costs grow)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Higher <strong>transaction volume<\/strong> (more emails sent)<\/li>\n<li>High-volume environments (prod + staging + dev sending)<\/li>\n<li>Poor deliverability leading to repeated sends and retries in your application logic<\/li>\n<li>Operational tooling sending noisy alerts<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Hidden or indirect costs<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Compute\/Functions cost<\/strong> for the workloads that generate the emails.<\/li>\n<li><strong>Vault cost<\/strong> (if used) for secret storage operations.<\/li>\n<li><strong>Monitoring\/Logging cost<\/strong> if you export metrics\/logs heavily.<\/li>\n<li><strong>Data egress cost<\/strong> is usually about data leaving OCI; SMTP submission goes to OCI endpoints, but your app still needs internet egress connectivity. Cost implications depend on your network design and where the app runs.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Network\/data transfer implications<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>If your app runs outside OCI (on-prem or another cloud), you will incur that environment\u2019s outbound internet traffic costs to reach OCI SMTP endpoints.<\/li>\n<li>If your app runs inside OCI private subnets, you may need <strong>NAT Gateway<\/strong> for outbound internet access; NAT Gateway itself has costs.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">How to optimize cost (practical tactics)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Keep non-production environments on a strict allow-list of recipient domains (for example only internal addresses).<\/li>\n<li>Rate-limit and deduplicate application notifications.<\/li>\n<li>Use suppression list governance to avoid repeated sends to invalid addresses.<\/li>\n<li>Avoid attaching large files; prefer secure download links to Object Storage (with proper authorization).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Example low-cost starter estimate (no fabricated numbers)<\/h3>\n\n\n\n<p>A realistic starter approach:\n&#8211; Use Email Delivery for a small set of transactional emails (password resets, verification).\n&#8211; Keep total monthly volume within any available free allowance (if offered).\n&#8211; If you exceed free allowance, estimate cost by:\n  1. Calculate monthly emails sent (for example, signups + resets + notifications).\n  2. Multiply by the per-email or per-1,000-email rate shown on the official pricing page.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Example production cost considerations<\/h3>\n\n\n\n<p>For production planning:\n&#8211; Build a cost model by environment: dev\/test\/prod.\n&#8211; Estimate peak day\/month volumes.\n&#8211; Include additional spend for:\n  &#8211; NAT Gateway (if required)\n  &#8211; Vault (secrets)\n  &#8211; Observability tooling\n&#8211; Consider deliverability engineering as a \u201ccost\u201d (time\/effort): DKIM setup, suppression workflows, monitoring, and incident response.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">10. Step-by-Step Hands-On Tutorial<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Objective<\/h3>\n\n\n\n<p>Configure Oracle Cloud <strong>Email Delivery<\/strong> with an <strong>Approved Sender<\/strong>, create <strong>SMTP credentials<\/strong>, and send a real test email via <strong>SMTP over TLS<\/strong> from a local machine (or any host you control).<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Lab Overview<\/h3>\n\n\n\n<p>You will:\n1. Choose a region and compartment for Email Delivery resources.\n2. Create and verify an <strong>Approved Sender<\/strong> (email address).\n3. Create <strong>SMTP credentials<\/strong> for an OCI user.\n4. Send a test email using Python (<code>smtplib<\/code>) via the regional SMTP endpoint.\n5. Validate delivery and review basic operational checks.\n6. Clean up resources.<\/p>\n\n\n\n<blockquote>\n<p>Assumptions: You can receive the sender verification email and a test recipient email. If your organization restricts external SMTP, use a network that allows outbound TCP 587.<\/p>\n<\/blockquote>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 1: Prepare your OCI compartment and access<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Log in to the <strong>Oracle Cloud Console<\/strong>.<\/li>\n<li>Select the <strong>region<\/strong> you will use (top-right region selector).<\/li>\n<li>(Recommended) Create a compartment for this lab:\n   &#8211; Go to <strong>Identity &amp; Security \u2192 Compartments<\/strong>\n   &#8211; Create a compartment, for example: <code>email-delivery-lab<\/code><\/li>\n<\/ol>\n\n\n\n<p><strong>Expected outcome:<\/strong> You have a known compartment and region for Email Delivery resources.<\/p>\n\n\n\n<p><strong>Verification:<\/strong>\n&#8211; You can see your compartment in the compartment list.\n&#8211; You can switch to your chosen region.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 2: Create (or identify) a user and group for Email Delivery administration<\/h3>\n\n\n\n<p>If you already have a user with admin rights, you can use it for the lab. For least-privilege practice:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Go to <strong>Identity &amp; Security \u2192 Groups<\/strong><\/li>\n<li>Create a group, for example: <code>EmailDeliveryAdmins<\/code><\/li>\n<li>Add your user to this group.<\/li>\n<\/ol>\n\n\n\n<p>Then add an IAM policy in the compartment:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Go to <strong>Identity &amp; Security \u2192 Policies<\/strong><\/li>\n<li>Create a policy in compartment <code>email-delivery-lab<\/code><\/li>\n<li>Add a statement similar to (verify exact resource family in official docs):\n   &#8211; <code>Allow group EmailDeliveryAdmins to manage email-family in compartment email-delivery-lab<\/code><\/li>\n<\/ol>\n\n\n\n<p><strong>Expected outcome:<\/strong> Your user can manage Email Delivery resources in the lab compartment.<\/p>\n\n\n\n<p><strong>Verification:<\/strong>\n&#8211; You can open Email Delivery pages without authorization errors.\n&#8211; You can create an approved sender in the next step.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 3: Create and verify an Approved Sender<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Navigate to <strong>Developer Services<\/strong> (or the menu area where Email Delivery appears in your console) and open <strong>Email Delivery<\/strong>.<\/li>\n<li>Select your lab <strong>compartment<\/strong>.<\/li>\n<li>Go to <strong>Approved Senders<\/strong>.<\/li>\n<li>Click <strong>Create Approved Sender<\/strong>.<\/li>\n<li>Enter an email address you control, for example: <code>yourname@yourdomain.com<\/code>.<\/li>\n<li>Create it.<\/li>\n<\/ol>\n\n\n\n<p>Oracle Cloud will send a verification email to that address. Open the email and complete the verification step.<\/p>\n\n\n\n<p><strong>Expected outcome:<\/strong> The sender is verified and appears as \u201capproved\/verified\u201d in the console.<\/p>\n\n\n\n<p><strong>Verification:<\/strong>\n&#8211; In Approved Senders, the status shows as verified\/active (exact wording may vary).\n&#8211; You can use this address as the \u201cFrom\u201d address.<\/p>\n\n\n\n<p><strong>Common issue:<\/strong> Verification email not received.\n&#8211; Check spam\/junk folders.\n&#8211; Ensure your email gateway doesn\u2019t block automated verification messages.\n&#8211; Re-send verification if the console provides that option.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 4: Create SMTP credentials for your OCI user<\/h3>\n\n\n\n<p>SMTP credentials are used for SMTP authentication. In OCI:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Go to <strong>Identity &amp; Security \u2192 Users<\/strong><\/li>\n<li>Select the user that will send emails (for the lab, your current user is fine).<\/li>\n<li>Find <strong>SMTP Credentials<\/strong>.<\/li>\n<li>Click <strong>Generate SMTP Credentials<\/strong>.<\/li>\n<li>Provide a description, for example: <code>email-delivery-lab-smtp<\/code>.<\/li>\n<li>Copy and store:\n   &#8211; <strong>SMTP username<\/strong>\n   &#8211; <strong>SMTP password<\/strong><\/li>\n<\/ol>\n\n\n\n<p>Store them securely. For the lab you can store locally in environment variables; for production use <strong>OCI Vault<\/strong>.<\/p>\n\n\n\n<p><strong>Expected outcome:<\/strong> You have SMTP credentials to authenticate to the Email Delivery SMTP endpoint.<\/p>\n\n\n\n<p><strong>Verification:<\/strong>\n&#8211; SMTP credentials appear in the user\u2019s SMTP credentials list.\n&#8211; You have copied the password (it is typically shown only once).<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 5: Identify the correct SMTP endpoint for your region<\/h3>\n\n\n\n<p>Email Delivery uses a <strong>regional SMTP endpoint<\/strong>. In many OCI regions, the SMTP host is formatted similarly to:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>smtp.email.&lt;region-identifier&gt;.oci.oraclecloud.com<\/code><\/li>\n<\/ul>\n\n\n\n<p>Example (format only\u2014<strong>verify for your region in official docs\/console<\/strong>):\n&#8211; <code>smtp.email.us-ashburn-1.oci.oraclecloud.com<\/code><\/p>\n\n\n\n<p>Also confirm the port and TLS mode. Common patterns are:\n&#8211; Port <strong>587<\/strong> with <strong>STARTTLS<\/strong> (commonly recommended)\n&#8211; Port <strong>465<\/strong> with implicit TLS (if supported)\n&#8211; Port <strong>25<\/strong> may be blocked by networks\/ISPs and is often not ideal for client submission<\/p>\n\n\n\n<p><strong>Expected outcome:<\/strong> You know the SMTP host and port to use.<\/p>\n\n\n\n<p><strong>Verification:<\/strong>\n&#8211; The SMTP endpoint is shown in Email Delivery documentation or console for your region.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 6: Send a test email using Python (SMTP + STARTTLS)<\/h3>\n\n\n\n<p>On your local machine (or a compute instance), create environment variables:<\/p>\n\n\n\n<pre><code class=\"language-bash\">export OCI_SMTP_HOST=\"smtp.email.&lt;your-region&gt;.oci.oraclecloud.com\"\nexport OCI_SMTP_PORT=\"587\"\nexport OCI_SMTP_USER=\"your-smtp-username\"\nexport OCI_SMTP_PASS=\"your-smtp-password\"\nexport MAIL_FROM=\"your-verified-approved-sender@yourdomain.com\"\nexport MAIL_TO=\"recipient@example.com\"\n<\/code><\/pre>\n\n\n\n<p>Now create a Python script <code>send_test_email.py<\/code>:<\/p>\n\n\n\n<pre><code class=\"language-python\">import os\nimport smtplib\nfrom email.message import EmailMessage\n\nsmtp_host = os.environ[\"OCI_SMTP_HOST\"]\nsmtp_port = int(os.environ.get(\"OCI_SMTP_PORT\", \"587\"))\nsmtp_user = os.environ[\"OCI_SMTP_USER\"]\nsmtp_pass = os.environ[\"OCI_SMTP_PASS\"]\nmail_from = os.environ[\"MAIL_FROM\"]\nmail_to = os.environ[\"MAIL_TO\"]\n\nmsg = EmailMessage()\nmsg[\"Subject\"] = \"OCI Email Delivery test\"\nmsg[\"From\"] = mail_from\nmsg[\"To\"] = mail_to\nmsg.set_content(\n    \"Hello!\\n\\nThis is a test email sent using Oracle Cloud Email Delivery via SMTP.\\n\"\n)\n\nwith smtplib.SMTP(smtp_host, smtp_port, timeout=30) as server:\n    server.ehlo()\n    server.starttls()\n    server.ehlo()\n    server.login(smtp_user, smtp_pass)\n    server.send_message(msg)\n\nprint(\"Sent.\")\n<\/code><\/pre>\n\n\n\n<p>Run it:<\/p>\n\n\n\n<pre><code class=\"language-bash\">python3 send_test_email.py\n<\/code><\/pre>\n\n\n\n<p><strong>Expected outcome:<\/strong>\n&#8211; The script prints <code>Sent.<\/code>\n&#8211; The recipient receives the email.<\/p>\n\n\n\n<p><strong>Verification steps:<\/strong>\n&#8211; Confirm the message arrives in the recipient inbox (or spam folder).\n&#8211; If it lands in spam, proceed to domain\/DKIM best practices later.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 7 (Optional but recommended for production): Configure Email Domain and DKIM<\/h3>\n\n\n\n<p>If you control DNS for <code>yourdomain.com<\/code>, set up DKIM:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>In <strong>Email Delivery \u2192 Email Domains<\/strong>, create an email domain for <code>yourdomain.com<\/code>.<\/li>\n<li>Generate DKIM key(s) as guided by the console.<\/li>\n<li>Publish DKIM DNS records at your DNS provider.<\/li>\n<li>Wait for DNS propagation and confirm verification in the console.<\/li>\n<\/ol>\n\n\n\n<p><strong>Expected outcome:<\/strong> DKIM is configured and active for your domain.<\/p>\n\n\n\n<p><strong>Verification:<\/strong>\n&#8211; Console shows DKIM as verified\/active.\n&#8211; You can send a new test email and inspect headers in the recipient mailbox to confirm DKIM results (look for <code>dkim=pass<\/code> in <code>Authentication-Results<\/code>).<\/p>\n\n\n\n<blockquote>\n<p>SPF and DMARC: Email deliverability typically also benefits from SPF and DMARC. Whether OCI requires or recommends specific records should be verified in the official Email Delivery docs.<\/p>\n<\/blockquote>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Validation<\/h3>\n\n\n\n<p>Use this checklist:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Sender verified:<\/strong> Approved Sender status is verified.<\/li>\n<li><strong>SMTP auth works:<\/strong> Python script sends successfully without authentication errors.<\/li>\n<li><strong>Recipient receives email:<\/strong> Inbox or spam (either confirms delivery path).<\/li>\n<li><strong>Headers (optional):<\/strong> Confirm DKIM pass once configured.<\/li>\n<\/ul>\n\n\n\n<p>If you have DKIM set, open the email source and look for:\n&#8211; <code>Authentication-Results: ... dkim=pass ...<\/code> (format varies by receiver)<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Troubleshooting<\/h3>\n\n\n\n<p>Common errors and fixes:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\n<p><strong><code>SMTPAuthenticationError<\/code> \/ login failed<\/strong>\n   &#8211; Ensure you used the SMTP credentials (not your console password).\n   &#8211; Regenerate SMTP credentials and update environment variables.\n   &#8211; Confirm your user is allowed to send and that the \u201cFrom\u201d address is an approved sender.<\/p>\n<\/li>\n<li>\n<p><strong>Connection timeout<\/strong>\n   &#8211; Your network may block outbound SMTP ports.\n   &#8211; Try from a different network or from an OCI Compute instance with internet egress.\n   &#8211; Confirm security rules\/route tables\/NAT gateway if sending from a private subnet.<\/p>\n<\/li>\n<li>\n<p><strong><code>From<\/code> address rejected<\/strong>\n   &#8211; The From address must match a verified Approved Sender (and\/or your configured domain rules).\n   &#8211; Re-check that you used exactly the verified email address (no display-name-only mismatch).<\/p>\n<\/li>\n<li>\n<p><strong>Email arrives in spam<\/strong>\n   &#8211; Configure DKIM on an Email Domain and ensure it verifies.\n   &#8211; Add SPF\/DMARC where appropriate (verify recommended records in official docs).\n   &#8211; Avoid spam-like content (URL shorteners, heavy promotional wording).<\/p>\n<\/li>\n<li>\n<p><strong>Recipient never receives email<\/strong>\n   &#8211; Check suppression list for the recipient address.\n   &#8211; Confirm the recipient domain isn\u2019t blocking the message.\n   &#8211; Validate that your content isn\u2019t being rejected downstream.<\/p>\n<\/li>\n<\/ol>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Cleanup<\/h3>\n\n\n\n<p>To avoid accidental future sends and to keep your tenancy tidy:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\n<p><strong>Delete SMTP credentials<\/strong>\n   &#8211; Identity &amp; Security \u2192 Users \u2192 your user \u2192 SMTP Credentials \u2192 delete the lab credential<\/p>\n<\/li>\n<li>\n<p><strong>Remove Approved Sender<\/strong>\n   &#8211; Email Delivery \u2192 Approved Senders \u2192 delete sender<\/p>\n<\/li>\n<li>\n<p><strong>Remove Email Domain \/ DKIM (if created)<\/strong>\n   &#8211; Email Delivery \u2192 Email Domains \u2192 delete domain resources\n   &#8211; Optionally remove DKIM DNS records you created (only if they were lab-only)<\/p>\n<\/li>\n<li>\n<p><strong>Remove IAM policy\/group (if lab-only)<\/strong>\n   &#8211; Delete the policy granting Email Delivery management in the lab compartment\n   &#8211; Remove group or user membership if created only for this lab<\/p>\n<\/li>\n<li>\n<p><strong>Delete compartment<\/strong> (optional)\n   &#8211; Only if it contains no other resources.<\/p>\n<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\">11. Best Practices<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Architecture best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Treat email as an external dependency:<\/strong> implement retries with backoff, but avoid infinite retry loops.<\/li>\n<li><strong>Centralize your email-sending module:<\/strong> build a shared library\/service so you can:<\/li>\n<li>enforce From addresses<\/li>\n<li>standardize headers<\/li>\n<li>apply rate limits<\/li>\n<li>manage templates consistently<\/li>\n<li><strong>Separate environments:<\/strong> use separate compartments and distinct senders\/domains for dev\/test\/prod.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">IAM\/security best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Least privilege:<\/strong> only allow a small admin group to manage domains, DKIM, and suppression rules.<\/li>\n<li><strong>Separate duties:<\/strong> developers can use SMTP credentials to send; security\/platform team manages identity (domains\/senders).<\/li>\n<li><strong>Rotate SMTP credentials:<\/strong> periodic rotation and immediate rotation after suspected compromise.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Cost best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Alert fatigue control:<\/strong> avoid sending noisy operational emails that inflate volume.<\/li>\n<li><strong>Deduplicate events:<\/strong> don\u2019t email on every retry; aggregate and summarize.<\/li>\n<li><strong>Use links not attachments:<\/strong> host content in Object Storage with appropriate access controls instead of emailing large files.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Performance best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Batch where appropriate:<\/strong> for report-style emails, batch and send once rather than many individual messages.<\/li>\n<li><strong>Use connection reuse:<\/strong> for high-volume sending within a service instance, reuse SMTP connections when feasible (while respecting library safety and service limits).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Reliability best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Implement dead-letter handling:<\/strong> if sending fails, queue for later processing or manual review.<\/li>\n<li><strong>Respect suppression:<\/strong> if an address is suppressed, stop sending and trigger a separate workflow to correct the address.<\/li>\n<li><strong>Backpressure:<\/strong> protect your application from cascading failures if SMTP becomes temporarily unavailable.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Operations best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Monitoring and alerting:<\/strong> create alarms for anomalies in send\/bounce patterns (verify metric availability).<\/li>\n<li><strong>Audit reviews:<\/strong> periodically review who changed approved senders\/domains.<\/li>\n<li><strong>Document runbooks:<\/strong> include steps for credential rotation, domain verification, and troubleshooting spam placement.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Governance\/tagging\/naming best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use consistent tags:<\/li>\n<li><code>env=dev|test|prod<\/code><\/li>\n<li><code>owner=&lt;team&gt;<\/code><\/li>\n<li><code>cost-center=&lt;id&gt;<\/code><\/li>\n<li>Standardize resource naming:<\/li>\n<li><code>prod-email-domain-yourdomain<\/code><\/li>\n<li><code>dev-approved-sender-noreply<\/code><\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">12. Security Considerations<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Identity and access model<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Control-plane access<\/strong> is governed by OCI IAM policies and compartments.<\/li>\n<li><strong>SMTP submission<\/strong> is authenticated using SMTP credentials associated with an OCI user.<\/li>\n<li>Protect SMTP credentials like any production secret\u2014anyone with them can send email as your approved sender(s).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Encryption<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use <strong>TLS\/STARTTLS<\/strong> for SMTP submission to protect credentials and message content in transit between your app and OCI.<\/li>\n<li>Verify supported cipher suites and TLS versions in official docs if you have strict compliance requirements.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Network exposure<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>SMTP endpoint is typically <strong>public<\/strong>. Plan egress:<\/li>\n<li>Private subnet apps use NAT gateway or another egress pattern.<\/li>\n<li>Restrict outbound traffic from workloads to required destinations where feasible.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Secrets handling<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Store SMTP credentials in <strong>OCI Vault<\/strong> (recommended) or an equivalent secret manager.<\/li>\n<li>Avoid embedding credentials in source code, container images, or CI logs.<\/li>\n<li>Rotate secrets and remove old credentials quickly.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Audit\/logging<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use <strong>OCI Audit<\/strong> to track administrative actions.<\/li>\n<li>If you need content-level audit trails, implement it in your application (careful with privacy\/legal requirements).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Compliance considerations<\/h3>\n\n\n\n<p>Email often contains PII or sensitive data:\n&#8211; Minimize sensitive content in emails (prefer secure links to authenticated pages).\n&#8211; Ensure your privacy policies cover email notifications.\n&#8211; For regulated industries, confirm regional data handling and service compliance posture in official Oracle documentation.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Common security mistakes<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Using a shared \u201cadmin\u201d user for SMTP credentials across many apps.<\/li>\n<li>Over-permissive IAM policy allowing many users to create new approved senders\/domains.<\/li>\n<li>Sending sensitive data directly in email bodies.<\/li>\n<li>Not rotating SMTP credentials after team changes.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Secure deployment recommendations<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use a dedicated OCI user for application SMTP credentials.<\/li>\n<li>Restrict that user\u2019s permissions and scope via compartments and IAM.<\/li>\n<li>Apply DKIM (and SPF\/DMARC where applicable) to reduce spoofing and improve trust.<\/li>\n<li>Monitor for unusual send volume (potential credential compromise indicator).<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">13. Limitations and Gotchas<\/h2>\n\n\n\n<p>The exact limits can change; consult official docs for current details.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Known limitations \/ service boundaries<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Outbound email only:<\/strong> not an inbound mailbox service.<\/li>\n<li><strong>Not a marketing automation platform:<\/strong> no built-in campaign management (verify features; don\u2019t assume templates\/list management beyond suppressions).<\/li>\n<li><strong>Public SMTP endpoint:<\/strong> no assumption of private connectivity unless explicitly documented by Oracle.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Quotas and service limits<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Expect limits such as:<\/li>\n<li>maximum send rate<\/li>\n<li>maximum emails\/day<\/li>\n<li>maximum recipients per message<\/li>\n<li>Plan limit increase requests well before production launch.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Regional constraints<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Resources and SMTP endpoints are regional; multi-region designs require:<\/li>\n<li>duplicating configuration (senders\/domains) per region, or<\/li>\n<li>standardizing on one region for email sending (depending on latency and governance)<\/li>\n<li>Verify which regions support Email Delivery.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Pricing surprises<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>High-volume operational alerts can quietly become expensive.<\/li>\n<li>NAT gateway egress patterns (if used) can add costs.<\/li>\n<li>Observability exports may add costs if you stream logs\/metrics heavily.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Compatibility issues<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Some networks block SMTP ports (especially 25).<\/li>\n<li>Some enterprise mail gateways have strict policies; DKIM\/SPF\/DMARC alignment becomes essential.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Operational gotchas<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>If recipients get suppressed due to bounces\/complaints, email may silently stop reaching them until the underlying issue is fixed and suppression is managed appropriately.<\/li>\n<li>Verification emails for approved senders can be delayed by external providers.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Migration challenges<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Legacy apps may assume an open relay or unauthenticated SMTP\u2014Email Delivery requires authenticated submission.<\/li>\n<li>Sender identity governance may require changes to \u201cFrom\u201d addresses across applications.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Vendor-specific nuances<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>SMTP credentials are tied to OCI users\u2014plan lifecycle management carefully.<\/li>\n<li>Approved sender verification is a distinct operational step; automate and document it for production readiness.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">14. Comparison with Alternatives<\/h2>\n\n\n\n<p>Email Delivery is one option among several ways to send email. Here\u2019s how it compares.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Nearest services in Oracle Cloud<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>OCI Notifications (email subscriptions):<\/strong> good for simple alerting from OCI events\/alarms; not a general transactional email engine for applications.<\/li>\n<li><strong>Oracle Integration Cloud \/ other integration tools:<\/strong> can orchestrate workflows; email sending may be a connector feature but may not match SMTP-based app needs.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Nearest services in other clouds<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Amazon SES<\/strong> (AWS): similar transactional email service.<\/li>\n<li><strong>Azure Communication Services Email<\/strong> (Azure): application email sending.<\/li>\n<li><strong>Google (partner-based email sending):<\/strong> GCP often relies on partners for email sending; patterns differ.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Open-source \/ self-managed<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Postfix\/Exim + reputation management:<\/strong> maximum control but high ops overhead and deliverability engineering burden.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">Comparison table<\/h4>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>Option<\/th>\n<th>Best For<\/th>\n<th>Strengths<\/th>\n<th>Weaknesses<\/th>\n<th>When to Choose<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><strong>Oracle Cloud Email Delivery<\/strong><\/td>\n<td>OCI-hosted apps needing transactional outbound email<\/td>\n<td>SMTP simplicity; OCI IAM\/compartments; approved sender\/domain governance; suppression handling<\/td>\n<td>Regional setup; public SMTP egress; not a full marketing platform<\/td>\n<td>You run workloads on Oracle Cloud and want managed transactional email with OCI governance<\/td>\n<\/tr>\n<tr>\n<td><strong>OCI Notifications (Email)<\/strong><\/td>\n<td>Infrastructure alerts, simple subscriptions<\/td>\n<td>Tight OCI integration for alarms\/events; minimal setup<\/td>\n<td>Not designed as a general app email engine; limited customization<\/td>\n<td>You need basic alert emails from OCI monitoring\/events<\/td>\n<\/tr>\n<tr>\n<td><strong>Amazon SES<\/strong><\/td>\n<td>AWS-centric transactional\/bulk email<\/td>\n<td>Mature ecosystem; deep integrations<\/td>\n<td>Different IAM model; cross-cloud adds egress\/complexity<\/td>\n<td>Your apps run on AWS or you already standardized on SES<\/td>\n<\/tr>\n<tr>\n<td><strong>Azure Communication Services Email<\/strong><\/td>\n<td>Azure app email<\/td>\n<td>Azure-native integration<\/td>\n<td>Cross-cloud complexity if on OCI<\/td>\n<td>Your apps are primarily on Azure<\/td>\n<\/tr>\n<tr>\n<td><strong>Third-party ESP (SendGrid\/Mailgun\/etc.)<\/strong><\/td>\n<td>Advanced deliverability tooling, marketing + transactional<\/td>\n<td>Rich analytics, templates, webhooks<\/td>\n<td>Vendor lock-in; separate IAM\/governance from OCI; potentially higher cost<\/td>\n<td>You need advanced email features beyond SMTP relay and basic suppression<\/td>\n<\/tr>\n<tr>\n<td><strong>Self-managed Postfix\/Exim<\/strong><\/td>\n<td>Maximum control; air-gapped\/hybrid constraints<\/td>\n<td>Full control; custom routing<\/td>\n<td>Highest ops burden; deliverability\/reputation is hard<\/td>\n<td>You have strict constraints or need deep customization and accept ops cost<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">15. Real-World Example<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Enterprise example: regulated SaaS platform sending customer notifications<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> A multi-tenant enterprise SaaS on Oracle Cloud must send verification emails, invoices, and security alerts reliably while maintaining governance, auditability, and environment separation.<\/li>\n<li><strong>Proposed architecture:<\/strong><\/li>\n<li>Separate OCI compartments: <code>prod<\/code>, <code>staging<\/code>, <code>dev<\/code><\/li>\n<li>Email Delivery configured per environment:<ul>\n<li><code>prod<\/code> uses domain + DKIM<\/li>\n<li><code>staging\/dev<\/code> use limited approved senders and strict recipient allow-lists<\/li>\n<\/ul>\n<\/li>\n<li>SMTP credentials stored in OCI Vault and injected into workloads via secure deployment pipelines<\/li>\n<li>Monitoring alarms on bounce\/complaint anomalies and send volume spikes<\/li>\n<li><strong>Why Email Delivery was chosen:<\/strong><\/li>\n<li>OCI-native governance (IAM\/compartments\/Audit)<\/li>\n<li>Simple SMTP integration across microservices<\/li>\n<li>Reduced operational burden vs self-managed MTAs<\/li>\n<li><strong>Expected outcomes:<\/strong><\/li>\n<li>Faster release cycles (no mail server maintenance)<\/li>\n<li>Improved deliverability with DKIM and suppression handling<\/li>\n<li>Clear audit trail for sending identity changes<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Startup\/small-team example: MVP app needs password reset and onboarding emails<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> A small team is launching an MVP on OCI and needs basic transactional email without spending weeks on deliverability engineering.<\/li>\n<li><strong>Proposed architecture:<\/strong><\/li>\n<li>One compartment for production<\/li>\n<li>Start with a single verified approved sender (for example <code>noreply@...<\/code>)<\/li>\n<li>Use SMTP credentials stored as a secret (Vault or minimal secret store)<\/li>\n<li>Use a single Python\/Node email module used by the app<\/li>\n<li><strong>Why Email Delivery was chosen:<\/strong><\/li>\n<li>Minimal setup and standard SMTP<\/li>\n<li>Keeps everything inside Oracle Cloud for simpler operations<\/li>\n<li><strong>Expected outcomes:<\/strong><\/li>\n<li>Working transactional emails quickly<\/li>\n<li>A clear path to improve deliverability later (domain + DKIM)<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">16. FAQ<\/h2>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\n<p><strong>Is Email Delivery for inbound email (receiving messages)?<\/strong><br\/>\n   No. Email Delivery is designed for <strong>outbound<\/strong> email sending. For inbound processing, you need a different approach (mail server, third-party inbound service, etc.).<\/p>\n<\/li>\n<li>\n<p><strong>Do I have to use SMTP, or is there an API to send messages?<\/strong><br\/>\n   The common, documented submission method is SMTP. Management is via console\/CLI\/SDK. Verify in official docs if Oracle introduces a send API.<\/p>\n<\/li>\n<li>\n<p><strong>What is an Approved Sender?<\/strong><br\/>\n   An Approved Sender is a verified email address that your applications are allowed to send from.<\/p>\n<\/li>\n<li>\n<p><strong>Do I need my own domain to start?<\/strong><br\/>\n   You can often start with an approved sender address you control. For production deliverability and branding, domain + DKIM is strongly recommended.<\/p>\n<\/li>\n<li>\n<p><strong>What is DKIM and why should I enable it?<\/strong><br\/>\n   DKIM signs outgoing mail so recipient systems can verify it wasn\u2019t modified and is authorized by your domain. This improves deliverability and trust.<\/p>\n<\/li>\n<li>\n<p><strong>Should I set up SPF and DMARC too?<\/strong><br\/>\n   Usually yes for production-grade sending. Exact recommendations depend on how OCI Email Delivery interacts with your domain; verify Oracle\u2019s official guidance.<\/p>\n<\/li>\n<li>\n<p><strong>Why are some recipients not receiving emails even though sends \u201csucceed\u201d?<\/strong><br\/>\n   They may be suppressed due to bounces\/complaints, or the receiving provider may be filtering the email. Check suppression lists and authentication (DKIM\/SPF\/DMARC).<\/p>\n<\/li>\n<li>\n<p><strong>How do suppression lists work?<\/strong><br\/>\n   Email Delivery maintains addresses that should not be emailed (for example due to bounce\/complaint). You can also manage suppressions manually.<\/p>\n<\/li>\n<li>\n<p><strong>Can I use Email Delivery for marketing campaigns?<\/strong><br\/>\n   It is primarily positioned for transactional email. Marketing at scale often requires additional capabilities (unsubscribe management, campaign tooling). Use a marketing platform if that\u2019s your need.<\/p>\n<\/li>\n<li>\n<p><strong>How do I store SMTP credentials securely?<\/strong><br\/>\n   Use <strong>OCI Vault<\/strong> (recommended) and inject credentials at runtime using secure configuration.<\/p>\n<\/li>\n<li>\n<p><strong>What ports should I use for SMTP?<\/strong><br\/>\n   Commonly port 587 with STARTTLS. Port availability can vary; verify supported ports in the official docs and ensure your network allows outbound access.<\/p>\n<\/li>\n<li>\n<p><strong>Can I send from private subnets in OCI?<\/strong><br\/>\n   Yes, if you provide outbound internet egress (often via NAT gateway). The SMTP endpoint is public unless Oracle documents a private option.<\/p>\n<\/li>\n<li>\n<p><strong>How do I separate dev\/test\/prod to prevent accidental emails?<\/strong><br\/>\n   Use separate compartments, separate senders\/domains, and enforce recipient allow-lists in non-prod code.<\/p>\n<\/li>\n<li>\n<p><strong>How can I monitor Email Delivery health?<\/strong><br\/>\n   Use OCI Monitoring metrics and alarms (verify which metrics are available), and implement application-level logging for SMTP responses.<\/p>\n<\/li>\n<li>\n<p><strong>What should I do if I suspect SMTP credentials were leaked?<\/strong><br\/>\n   Immediately delete\/rotate the SMTP credentials, audit recent changes and sending activity, and add preventive monitoring\/alerting on send spikes.<\/p>\n<\/li>\n<li>\n<p><strong>Does Email Delivery guarantee inbox placement?<\/strong><br\/>\n   No provider can guarantee inbox placement. Deliverability depends on authentication (DKIM\/SPF\/DMARC), content, sending patterns, and recipient filtering.<\/p>\n<\/li>\n<li>\n<p><strong>Can multiple apps share the same SMTP credentials?<\/strong><br\/>\n   They can, but it\u2019s not ideal. Prefer per-application credentials for traceability and blast-radius reduction.<\/p>\n<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\">17. Top Online Resources to Learn Email Delivery<\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>Resource Type<\/th>\n<th>Name<\/th>\n<th>Why It Is Useful<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>Official documentation<\/td>\n<td>OCI Email Delivery Documentation (Overview) \u2014 https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Email\/Concepts\/overview.htm<\/td>\n<td>Primary source for service concepts, setup steps, endpoints, and limits<\/td>\n<\/tr>\n<tr>\n<td>Official documentation<\/td>\n<td>Email Delivery: Approved Senders \/ Email Domains \/ Suppressions (navigate within docs) \u2014 https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Email\/home.htm<\/td>\n<td>Deep dives into sender verification, DKIM, and suppression management<\/td>\n<\/tr>\n<tr>\n<td>Official pricing<\/td>\n<td>Oracle Cloud Price List \u2014 https:\/\/www.oracle.com\/cloud\/price-list\/<\/td>\n<td>Authoritative pricing units and regional cost references<\/td>\n<\/tr>\n<tr>\n<td>Cost estimation<\/td>\n<td>Oracle Cloud Cost Estimator \u2014 https:\/\/www.oracle.com\/cloud\/costestimator.html<\/td>\n<td>Helps model monthly spend across services<\/td>\n<\/tr>\n<tr>\n<td>Official IAM docs<\/td>\n<td>OCI IAM Policies \u2014 https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Identity\/Concepts\/policies.htm<\/td>\n<td>Correct policy syntax and least-privilege guidance<\/td>\n<\/tr>\n<tr>\n<td>Official CLI docs<\/td>\n<td>OCI CLI Documentation \u2014 https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/API\/SDKDocs\/cliinstall.htm<\/td>\n<td>How to install and use CLI for automation<\/td>\n<\/tr>\n<tr>\n<td>Architecture guidance<\/td>\n<td>OCI Architecture Center \u2014 https:\/\/docs.oracle.com\/solutions\/<\/td>\n<td>Reference architectures and cloud design patterns (useful for production designs around Email Delivery)<\/td>\n<\/tr>\n<tr>\n<td>Official videos<\/td>\n<td>Oracle Cloud Infrastructure YouTube \u2014 https:\/\/www.youtube.com\/c\/OracleCloudInfrastructure<\/td>\n<td>Product explainers and operational guidance (search within for Email Delivery topics)<\/td>\n<\/tr>\n<tr>\n<td>SDK docs<\/td>\n<td>OCI SDK Documentation \u2014 https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/API\/SDKDocs\/sdks.htm<\/td>\n<td>Automate resource management and integrate with provisioning workflows<\/td>\n<\/tr>\n<tr>\n<td>Community learning<\/td>\n<td>Oracle Cloud blogs (search: \u201cOCI Email Delivery\u201d) \u2014 https:\/\/blogs.oracle.com\/cloud-infrastructure\/<\/td>\n<td>Practical posts and updates; validate against official docs for currency<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">18. Training and Certification Providers<\/h2>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\n<p><strong>DevOpsSchool.com<\/strong>\n   &#8211; <strong>Suitable audience:<\/strong> DevOps engineers, SREs, cloud engineers, developers\n   &#8211; <strong>Likely learning focus:<\/strong> DevOps, cloud operations, CI\/CD, cloud services usage patterns (including messaging\/email patterns)\n   &#8211; <strong>Mode:<\/strong> Check website\n   &#8211; <strong>Website:<\/strong> https:\/\/www.devopsschool.com\/<\/p>\n<\/li>\n<li>\n<p><strong>ScmGalaxy.com<\/strong>\n   &#8211; <strong>Suitable audience:<\/strong> DevOps practitioners, build\/release engineers, platform teams\n   &#8211; <strong>Likely learning focus:<\/strong> SCM, CI\/CD, DevOps toolchains, automation fundamentals\n   &#8211; <strong>Mode:<\/strong> Check website\n   &#8211; <strong>Website:<\/strong> https:\/\/www.scmgalaxy.com\/<\/p>\n<\/li>\n<li>\n<p><strong>CLoudOpsNow.in<\/strong>\n   &#8211; <strong>Suitable audience:<\/strong> Cloud operations teams, SREs, cloud engineers\n   &#8211; <strong>Likely learning focus:<\/strong> Cloud ops practices, monitoring, reliability, operational readiness\n   &#8211; <strong>Mode:<\/strong> Check website\n   &#8211; <strong>Website:<\/strong> https:\/\/www.cloudopsnow.in\/<\/p>\n<\/li>\n<li>\n<p><strong>SreSchool.com<\/strong>\n   &#8211; <strong>Suitable audience:<\/strong> SREs, operations engineers, platform engineers\n   &#8211; <strong>Likely learning focus:<\/strong> Reliability engineering, incident response, observability, runbooks\n   &#8211; <strong>Mode:<\/strong> Check website\n   &#8211; <strong>Website:<\/strong> https:\/\/www.sreschool.com\/<\/p>\n<\/li>\n<li>\n<p><strong>AiOpsSchool.com<\/strong>\n   &#8211; <strong>Suitable audience:<\/strong> SRE\/ops teams, DevOps engineers, IT operations\n   &#8211; <strong>Likely learning focus:<\/strong> AIOps concepts, automation, event correlation, monitoring strategy\n   &#8211; <strong>Mode:<\/strong> Check website\n   &#8211; <strong>Website:<\/strong> https:\/\/www.aiopsschool.com\/<\/p>\n<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\">19. Top Trainers<\/h2>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\n<p><strong>RajeshKumar.xyz<\/strong>\n   &#8211; <strong>Likely specialization:<\/strong> DevOps\/cloud training and coaching (verify current offerings on site)\n   &#8211; <strong>Suitable audience:<\/strong> Beginners to intermediate engineers seeking guided learning\n   &#8211; <strong>Website:<\/strong> https:\/\/www.rajeshkumar.xyz\/<\/p>\n<\/li>\n<li>\n<p><strong>devopstrainer.in<\/strong>\n   &#8211; <strong>Likely specialization:<\/strong> DevOps tools, CI\/CD, cloud operations training resources\n   &#8211; <strong>Suitable audience:<\/strong> DevOps engineers and students\n   &#8211; <strong>Website:<\/strong> https:\/\/www.devopstrainer.in\/<\/p>\n<\/li>\n<li>\n<p><strong>devopsfreelancer.com<\/strong>\n   &#8211; <strong>Likely specialization:<\/strong> DevOps consulting\/training resources and practitioner services (verify specifics on site)\n   &#8211; <strong>Suitable audience:<\/strong> Teams seeking practical DevOps enablement\n   &#8211; <strong>Website:<\/strong> https:\/\/www.devopsfreelancer.com\/<\/p>\n<\/li>\n<li>\n<p><strong>devopssupport.in<\/strong>\n   &#8211; <strong>Likely specialization:<\/strong> DevOps support and enablement resources (verify current scope on site)\n   &#8211; <strong>Suitable audience:<\/strong> Engineers needing operational help and training-style support\n   &#8211; <strong>Website:<\/strong> https:\/\/www.devopssupport.in\/<\/p>\n<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\">20. Top Consulting Companies<\/h2>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\n<p><strong>cotocus.com<\/strong>\n   &#8211; <strong>Likely service area:<\/strong> Cloud and DevOps consulting (verify offerings on website)\n   &#8211; <strong>Where they may help:<\/strong> Architecture design, cloud migrations, operational readiness\n   &#8211; <strong>Consulting use case examples:<\/strong> Designing compartment\/IAM strategy for Email Delivery administration; setting up secure secret handling; building monitoring\/alerting runbooks\n   &#8211; <strong>Website:<\/strong> https:\/\/cotocus.com\/<\/p>\n<\/li>\n<li>\n<p><strong>DevOpsSchool.com<\/strong>\n   &#8211; <strong>Likely service area:<\/strong> DevOps and cloud consulting\/training services (verify service catalog)\n   &#8211; <strong>Where they may help:<\/strong> CI\/CD modernization, DevOps platform engineering, cloud adoption\n   &#8211; <strong>Consulting use case examples:<\/strong> Integrating Email Delivery into CI\/CD notification workflows; implementing secure SMTP credential rotation; operational dashboards for email sending\n   &#8211; <strong>Website:<\/strong> https:\/\/www.devopsschool.com\/<\/p>\n<\/li>\n<li>\n<p><strong>DEVOPSCONSULTING.IN<\/strong>\n   &#8211; <strong>Likely service area:<\/strong> DevOps consulting and implementation services (verify current offerings)\n   &#8211; <strong>Where they may help:<\/strong> Toolchain automation, cloud governance, reliability practices\n   &#8211; <strong>Consulting use case examples:<\/strong> Building environment separation (dev\/test\/prod) around Email Delivery; policy reviews; incident response playbooks for deliverability issues\n   &#8211; <strong>Website:<\/strong> https:\/\/www.devopsconsulting.in\/<\/p>\n<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\">21. Career and Learning Roadmap<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">What to learn before this service<\/h3>\n\n\n\n<p>To use Email Delivery well in Oracle Cloud (Application Development context), you should know:\n&#8211; Email basics: SMTP, MIME, headers, TLS\/STARTTLS\n&#8211; Identity fundamentals: DKIM, SPF, DMARC concepts\n&#8211; OCI basics:\n  &#8211; Compartments\n  &#8211; IAM users\/groups\/policies\n  &#8211; Regions and endpoints\n&#8211; Secure secret management (Vault or equivalent)<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">What to learn after this service<\/h3>\n\n\n\n<p>To operate Email Delivery in production:\n&#8211; Deliverability engineering (reputation, bounce\/complaint handling)\n&#8211; Observability: metrics, alarms, incident response\n&#8211; Secure application configuration patterns (Vault integration, rotation)\n&#8211; Infrastructure as Code patterns for repeatable provisioning (Terraform\/CLI\u2014verify official modules)<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Job roles that use it<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Cloud Engineers (OCI)<\/li>\n<li>DevOps Engineers<\/li>\n<li>SRE \/ Platform Engineers<\/li>\n<li>Backend Developers<\/li>\n<li>Security Engineers (governance, auditing, least-privilege)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Certification path (if available)<\/h3>\n\n\n\n<p>Oracle Cloud certifications evolve. Look for OCI architect\/developer\/operations certifications that cover:\n&#8211; IAM\n&#8211; networking\n&#8211; governance\n&#8211; application integration patterns<br\/>\nCheck Oracle University \/ OCI certification tracks for the most current mapping.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Project ideas for practice<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Build a small service that sends:<\/li>\n<li>welcome emails<\/li>\n<li>password reset emails<\/li>\n<li>weekly summary reports<\/li>\n<li>Implement a \u201csafe mailer\u201d library:<\/li>\n<li>environment-based recipient allow-lists<\/li>\n<li>rate limiting<\/li>\n<li>structured logging of SMTP responses<\/li>\n<li>Create an operations dashboard:<\/li>\n<li>daily send counts<\/li>\n<li>bounce rate alerts (if metrics available)<\/li>\n<li>anomaly detection on send volume<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">22. Glossary<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Approved Sender:<\/strong> A verified email address authorized to send outbound messages through Email Delivery.<\/li>\n<li><strong>DKIM (DomainKeys Identified Mail):<\/strong> A method of signing outgoing email so recipients can verify authenticity and integrity.<\/li>\n<li><strong>SPF (Sender Policy Framework):<\/strong> DNS-based mechanism to declare which servers are allowed to send mail for a domain.<\/li>\n<li><strong>DMARC:<\/strong> A policy layer built on SPF\/DKIM that instructs recipients how to handle authentication failures and provides reporting.<\/li>\n<li><strong>SMTP:<\/strong> Simple Mail Transfer Protocol; standard protocol for sending email.<\/li>\n<li><strong>STARTTLS:<\/strong> An SMTP command to upgrade an existing plaintext connection to TLS encryption.<\/li>\n<li><strong>Suppression List:<\/strong> A list of recipients that should not receive email due to bounces, complaints, or manual suppression.<\/li>\n<li><strong>Compartment (OCI):<\/strong> A logical container used to organize and isolate OCI resources for governance and access control.<\/li>\n<li><strong>IAM Policy (OCI):<\/strong> A statement defining permissions for groups over resources in compartments.<\/li>\n<li><strong>SMTP Credentials (OCI):<\/strong> Username\/password pair created for an OCI user to authenticate to Email Delivery\u2019s SMTP endpoint.<\/li>\n<li><strong>Deliverability:<\/strong> The likelihood that email reaches recipients\u2019 inboxes rather than spam\/junk or being rejected.<\/li>\n<li><strong>Bounce:<\/strong> A delivery failure report indicating the message could not be delivered.<\/li>\n<li><strong>Complaint:<\/strong> A signal that a recipient marked the message as spam (handling depends on provider and service behavior; verify OCI\u2019s exact complaint processing).<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">23. Summary<\/h2>\n\n\n\n<p>Oracle Cloud <strong>Email Delivery<\/strong> is a managed <strong>outbound email<\/strong> service designed for Application Development teams that need to send transactional emails reliably using <strong>SMTP<\/strong>, with governance features like <strong>approved senders<\/strong>, optional <strong>domain + DKIM<\/strong> authentication, and <strong>suppression list<\/strong> handling.<\/p>\n\n\n\n<p>It matters because building and operating your own mail servers is operationally heavy and deliverability is difficult. Email Delivery helps standardize and control sending identity, integrates with Oracle Cloud <strong>IAM\/compartments<\/strong>, and supports operational visibility through <strong>audit and monitoring<\/strong> (verify exact telemetry capabilities in your region).<\/p>\n\n\n\n<p>Cost is primarily driven by <strong>email volume<\/strong> and surrounding architecture choices (NAT egress, Vault usage, and observability). Security hinges on <strong>protecting SMTP credentials<\/strong>, using <strong>TLS<\/strong>, applying <strong>least-privilege IAM<\/strong>, and enabling <strong>DKIM<\/strong> for production.<\/p>\n\n\n\n<p>Use Email Delivery when your Oracle Cloud applications need transactional email with strong governance. Next, deepen your production readiness by implementing DKIM\/SPF\/DMARC practices, adding monitoring\/alerts, and managing SMTP credentials through OCI Vault with rotation.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Application Development<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[54,62],"tags":[],"class_list":["post-850","post","type-post","status-publish","format-standard","hentry","category-application-development","category-oracle-cloud"],"_links":{"self":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts\/850","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/comments?post=850"}],"version-history":[{"count":0,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts\/850\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/media?parent=850"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/categories?post=850"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/tags?post=850"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}