Platform / Control & API
Run it from one place. Or automate it by API.
Infrastructure you can't operate safely is infrastructure you don't really control. The console puts the estate under deliberate, attributable management (domains, mailboxes, routing, access), and a scoped API automates the objects your product touches.
Email operations have a tooling problem. The actual controls live in a dozen places: registrar panels, provider dashboards, server configs, spreadsheets. Each has its own login and its own permissions model, and no audit trail connects them. So nobody can answer "who changed what, when?", and every change is a small act of faith.
We consolidated the controls. One console over DNS records, mailboxes, routing preferences, provider connections, and team access, with the permissions, MFA, and audit logging that consolidation demands, plus an API with scoped keys for domain and mailbox automation. See it yourself at console.egressif.io.
The model
One hierarchy, every object accountable.
Capabilities
What the control plane gives you.
A hierarchy that matches reality
Organizations contain workspaces. Workspaces own domains. Domains carry mailboxes, DNS records, and routing preferences. Every object is first-class with its own configuration, isolation, and history. Works the same whether you are one company with three streams or an agency with two hundred brands.
Role-based access control
Granular, per-capability permissions across organizations, teams, users, domains, DNS records, and mailboxes. An account manager sees their clients and nothing else. A billing role sees invoices and no infrastructure. Offboarding someone is one action. Custom roles let you express your actual org chart instead of ours.
Authentication worth the name
Multi-factor authentication with authenticator-app and email factors, session management, and scoped API keys for automation. The console protecting your email infrastructure is held to the same standard as the infrastructure.
Provider connections
Connect Google Workspace and Microsoft 365 through their official OAuth flows for domain verification and administration. Bring your own accounts at the big sending platforms where that fits your architecture. Credentials and tokens are stored encrypted, scoped to the minimum, and deleted on revocation.
Routing preferences in plain language
Decide how mail bound for Google, Microsoft, security gateways, consumer webmail, and everything else should be handled. Per team, with per-domain overrides and ordered fallback preferences. Routing differs per domain, so you can run controlled experiments: try a strategy on a test domain, compare outcomes, roll out the winner. The engine executes your intent. You never touch a server.
Bulk operations where they matter
Domains, mailboxes, and users support batch create, edit, and delete, and mailbox lists export to CSV. Onboarding thirty mailboxes is one screen, not thirty repetitions.
Audit logs on every action
Every administrative change records who did it, on whose behalf, from where, when, and what changed. The attribution survives async background jobs too. The trail your security review will ask for already exists.
An API for the objects you automate
Domains and mailboxes are addressable programmatically through scoped API keys: create, list, update, manage in bulk. Build provisioning into your own product or scripts. The console and the API operate the same objects, and the API surface grows along the same lines as the console.
Delivery-event feeds, wired for you
Every delivery outcome on our network is captured durably with the receiving server’s verbatim response. Where your team can consume a live feed, we wire delivery events into your systems; where you just need answers, we pull the records for you. Tell us what your stack can use and we set it up.
Integration surface
What you can automate today.
Scoped API keys drive the objects most teams actually automate. We would rather show you the real surface than a glossy one: this is what the keys do today, and the surface grows along the same lines as the console.
| Surface | What you can do | What teams build with it |
|---|---|---|
| DOMAINS API | create, list, update, and remove sending domains under scoped keys | client onboarding flows, per-customer domain provisioning inside your product |
| MAILBOXES API | create, list, and update mailboxes and aliases, singly or in bulk | "every customer gets an identity" as a signup step instead of a ticket |
| API KEYS | per-scope keys (read / write / delete on domains and mailboxes), revocable in one action | least-privilege automation, separate keys per integration |
| CONSOLE | routing preferences, fallback ordering, DNS records, RBAC, MFA, audit logs | everything operational that does not need to live in your codebase |
| EVENT FEEDS | delivery outcomes captured durably on our side; live feeds wired to your systems by arrangement | bounce data into your CRM, delivery evidence into your support tooling |
If you need a feed or an export we don't list here, ask. The honest answer might be "next quarter", but it will be honest.
What you get out of it
What changes for you.
Email changes stop requiring deploys
Routing preferences, new domains, mailboxes, and access are settings and API calls, not engineering sprints. The backlog of "small email tasks" empties.
Access reviews become exports
Who can touch what, and who touched what: RBAC plus audit logs answer both in minutes, which is exactly what your next security review will ask.
Your product can ship email features
Domains and mailboxes provision through the API inside your own flows, so "every customer gets a sending identity" becomes a feature you sell rather than a process you dread.
Offboarding takes one action
When someone leaves, their access goes with them, everywhere, immediately. No password-rotation week.
Related reading
Go deeper in the reference library
See the console with your own domains.
Domains, rough volume, current providers, and what hurts. You will get a straight answer on fit, and a real number, in one conversation.