Transactional email architecture has four layers: event source (your app emits events), message queue (buffers and retries), email service (renders and sends), and delivery provider (Postmark, SES, SendGrid). Separate transactional email from marketing email at the infrastructure level — different subdomains, different providers, different IP reputation. Use a queue to handle failures gracefully and prevent lost emails.
Transactional Triggered Email Architecture: Implementation Guide
Why Architecture Matters for Transactional Email
Transactional email has different requirements than marketing email: it must arrive fast, it must arrive reliably, and a failure means a user can't reset their password or confirm their order.
Getting the architecture right means separating concerns, building in redundancy, and isolating transactional reputation from marketing reputation.
The Four-Layer Architecture
Layer 1: Event Source
Your application emits events when user actions require email:
- User signs up →
user.createdevent - User requests password reset →
password.reset_requestedevent - Order placed →
order.confirmedevent - Payment failed →
payment.failedevent
Events should be lightweight: event type, user ID, timestamp, and minimal context. Don't build the email in your application layer.
Layer 2: Message Queue
A queue sits between your application and the email service:
- Buffers events during traffic spikes
- Retries failed deliveries automatically
- Prevents your application from blocking on email sends
- Provides a record of every email event
Options: Redis Queue, AWS SQS, RabbitMQ, or a managed queue service. For most applications, a simple Redis-backed queue is sufficient.
Layer 3: Email Service (Worker)
A background worker processes the queue:
- Reads event from queue
- Looks up recipient data
- Selects and renders the email template
- Calls the delivery provider API
- Logs the result
- On failure: returns event to queue with retry metadata
This layer handles template rendering, personalization, and provider API calls. Keep it stateless — any worker instance should be able to process any event.
Layer 4: Delivery Provider
The provider handles actual SMTP delivery:
- Postmark — fastest delivery, best for critical transactional
- AWS SES — cheapest at scale
- SendGrid — most flexible, good API
- Resend — best developer experience
Separation From Marketing
This is the most important architectural decision: keep transactional and marketing email on completely separate infrastructure.
| Component | Transactional | Marketing |
|---|---|---|
| Subdomain | mail.yourdomain.com | marketing.yourdomain.com |
| Provider | Postmark or SES | SendGrid, Klaviyo, etc. |
| IP | Dedicated or provider shared pool | Separate IP/pool |
| SPF/DKIM | Separate keys | Separate keys |
| DMARC | Same domain policy | Same domain policy |
| Reputation | Isolated | Isolated |
If your marketing sends generate complaints and your reputation drops, your transactional email is unaffected. Users can still reset passwords and receive order confirmations.
Practitioner note: I've seen ecommerce businesses lose transactional delivery because they ran everything through one ESP. A bad marketing campaign tanked their sender reputation, and suddenly order confirmations were hitting spam. Separation isn't optional — it's insurance.
Failover Design
Primary + Fallback Provider
Configure two providers: primary (Postmark) and fallback (SES). If the primary API returns an error or times out:
- Worker retries primary once
- On second failure, switches to fallback provider
- Logs the failover event
- Alerts ops team
- Continues using fallback until primary is confirmed healthy
This prevents a single provider outage from blocking all transactional email.
Retry Strategy
Use exponential backoff for retries:
- Attempt 1: Immediate
- Attempt 2: 30 seconds
- Attempt 3: 2 minutes
- Attempt 4: 10 minutes
- Attempt 5: 1 hour
- After 5 failures: Log, alert, move to dead letter queue
Don't retry indefinitely. A password reset email that arrives 6 hours late is useless.
Template Management
Keep Templates in Code
Store email templates in your codebase, not in the ESP dashboard. This gives you:
- Version control
- Code review for template changes
- Consistent rendering across providers (failover works)
- Testing in CI/CD pipeline
Rendering
Use a template engine (Handlebars, Mjml, React Email) to render HTML from templates + data. Render on the worker layer, then pass rendered HTML to the provider API.
For HTML email best practices, keep templates simple, inline CSS, and test across email clients.
Practitioner note: Provider-specific templates create vendor lock-in and make failover impossible. If your templates live in Postmark and Postmark goes down, your fallback provider can't render them. Render locally, send rendered HTML to any provider.
Monitoring Transactional Email
Key Metrics
- Delivery latency: Time from event to inbox (target: <10 seconds)
- Delivery rate: Percentage successfully delivered (target: >99.5%)
- Bounce rate: Hard bounces indicate bad addresses (target: <0.5%)
- Queue depth: How many events are waiting (target: near 0 during normal operation)
- Failover events: How often the fallback provider is used
Alerting
Set up alerts for:
- Queue depth exceeds 100 (processing bottleneck)
- Delivery rate drops below 99% (provider issue)
- Failover activates (primary provider problem)
- Hard bounce rate exceeds 1% (list quality issue)
Common Mistakes
-
Sending transactional through your marketing ESP. Klaviyo, Mailchimp, and ActiveCampaign are not transactional email providers. Use a dedicated service.
-
Synchronous sending. Don't call the email API in your request handler. Use a queue. Synchronous sends add latency to your API responses and fail silently if the provider is slow.
-
No retry logic. APIs fail. Networks hiccup. Without retries, transactional emails get lost silently.
-
Sharing domains. Transactional and marketing on the same subdomain means shared reputation. One bad campaign affects password reset delivery.
Practitioner note: The cost of proper transactional architecture is minimal — a Redis instance and a few hundred lines of worker code. The cost of not having it is customers who can't log in, orders without confirmations, and support tickets that could have been prevented.
If you're building transactional email infrastructure and need architecture review, schedule a consultation.
Sources
- Postmark: Transactional Email Best Practices
- AWS: SES Developer Guide
- SendGrid: Transactional Email Guide
- M3AAWG: Best Practices for Transactional Messages
- Resend: Documentation
v1.0 · April 2026
Frequently Asked Questions
What is transactional triggered email?
Email sent in response to a user action — password resets, order confirmations, shipping notifications, account alerts. Unlike marketing email, transactional email is expected by the recipient and must arrive quickly and reliably.
Should transactional email use a different provider than marketing email?
Yes. Transactional and marketing email should use separate subdomains and ideally separate providers. Marketing reputation issues won't affect your transactional delivery. Send marketing from marketing.yourdomain.com and transactional from mail.yourdomain.com.
What's the best transactional email provider?
Postmark for deliverability and speed, AWS SES for cost at scale, SendGrid for flexibility, Resend for developer experience. Choice depends on volume, budget, and technical requirements.
How do I handle transactional email failures?
Use a message queue (Redis, SQS, RabbitMQ) between your application and email provider. Failed sends go back in the queue with exponential backoff retry. After max retries, log the failure and alert your team.
What latency should I expect for transactional email?
Under 10 seconds from trigger to inbox for well-architected systems. Postmark averages under 1 second for delivery. If your transactional emails take minutes, your architecture has a bottleneck — usually the rendering layer or queue processing.
Want this handled for you?
Free 30-minute strategy call. Walk away with a plan either way.