LogoSimply SendDOCS
    GuideInbound Emails

    Configure Inbound Emails & Webhooks

    Route incoming emails to your verified domains back into your application using Simply Send's high-speed Inbound parser and HTTP Webhook triggers.

    Overview

    Simply Send provides a comprehensive, developer-first solution to receive incoming emails. When an email is routed to your domain, Simply Send automatically:

    1. MIME Parsing

    Decodes raw email headers, body text, HTML, sender/recipient formats, and extracts file attachments instantly.

    2. Secure Storage

    Stores parsed content and files inside private S3 buckets. Retains metadata for 7 days (Free) or 30 days (Paid) for searchability.

    3. Webhook Delivery

    Dispatches an HTTP POST request to your registered webhook URL with the parsed email fields as a secure JSON payload.

    Step 1: Set Up Inbound MX Records

    Before Simply Send can process incoming mail for your domain, you must configure a Mail Exchanger (MX) record in your domain's DNS panel. This record authorizes Simply Send to receive messages on your domain (or a subdomain prefix).

    Inbound MX Setup Guide

    Read our step-by-step instructions on setting up root vs. subdomain prefixes, generating record specifications, and avoiding critical email outages.

    Go to Inbound MX Setup Guide

    Step 2: Connect Webhooks for Real-Time Event Routing

    Once your Inbound DNS is verified, configure a Webhook endpoint to instantly forward received emails to your own server backend.

    Webhook Registration Steps

    1. Go to the **Webhooks** page in the Simply Send Dashboard.
    2. Click **Add Endpoint**.
    3. Provide your secure destination URL (e.g. https://api.yourdomain.com/webhooks/simply-send).
    4. Under **Events to subscribe to**, select **email_received**.
    5. Save the webhook. Copy the automatically generated **Signing Secret** key.

    Webhook Event Payload Structure

    When an email is received, Simply Send sends an HTTP POST request containing a structured JSON payload containing the sender, recipients, subject line, body summary text, and attachment metadata.

    {
  "id": "evt_1726513462888_0a3b2c1d",
  "type": "email_received",
  "created": "2026-06-22T21:45:12.118Z",
  "data": {
    "messageId": "[email protected]",
    "recipient": "support@mail.yourdomain.com",
    "timestamp": 1782183912118,
    "metadata": {
      "subject": "Inquiry regarding billing",
      "from": "[email protected]",
      "to": "support@mail.yourdomain.com",
      "snippet": "Hello support, I have a quick question about my invoice #1234...",
      "hasAttachments": true
    }
  }
}

    Webhook Security & Signature Verification

    Simply Send adds cryptographic signatures to prevent tampering and spoofing. Every webhook post includes a signature in the X-Webhook-Signature header.

    To verify the signature, compute an HMAC-SHA256 hash using your webhook's **Signing Secret** and the raw JSON request body, then compare it to the received header value.

    Signature Verification Example:
    const crypto = require('crypto');
const express = require('express');
const app = express();

// Webhook endpoint (Requires raw body to compute signature)
app.post('/webhooks/simply-send', express.raw({ type: 'application/json' }), (req, res) => {
  const signature = req.headers['x-webhook-signature'];
  const payloadString = req.body.toString('utf8');
  const secret = process.env.SIMPLY_SEND_WEBHOOK_SECRET;

  if (!signature) {
    return res.status(401).send('Missing signature header');
  }

  // Calculate the expected HMAC-SHA256 signature
  const expectedSignature = crypto
    .createHmac('sha256', secret)
    .update(payloadString)
    .digest('hex');

  if (crypto.timingSafeEqual(Buffer.from(signature, 'hex'), Buffer.from(expectedSignature, 'hex'))) {
    // Webhook is authenticated and secure
    const event = JSON.parse(payloadString);
    console.log('Received event: ' + event.type);
    
    if (event.type === 'email_received') {
      const emailData = event.data.payload;
      console.log('Email from: ' + emailData.from + ', Subject: ' + emailData.subject);
    }

    return res.status(200).send({ received: true });
  } else {
    // Signature verification failed
    return res.status(403).send('Invalid signature');
  }
});

app.listen(3000, () => console.log('Listening for webhooks...'));

    Credit Consumption & Cost

    Inbound email processing consumes credits from your Simply Send account balance at the same rate as outbound sending. Credits are charged per recipient processed, depending on the usecase of your verified domain:

    Transactional Domains

    Domains configured for Transactional use cases (e.g. transactional emails, notifications, alerts).

    3 credits per received email

    Marketing Domains

    Domains configured for Marketing use cases (e.g. inbound newsletters, bulk campaign replies).

    4 credits per received email

    Free and Prepaid Plans: Incoming emails will only be accepted and parsed if your credit balance is greater than 0. If your balance is depleted, incoming emails will not be processed, meaning they will not be delivered to your Simply Send Inbox UI or forwarded to your webhook endpoints.

    Retention and Attachment Storage

    Parsed inbound email metadata resides securely in your Simply Send account and is automatically purged according to your plan limits:

    • Free Tier Accounts: 7 days retention limit.
    • Paid Pro Accounts: 30 days retention limit.
    • Enterprise Accounts: Custom retention limit.

    To fetch complete parsed email MIME files or raw message attachments, use the Inbound Emails endpoints in the Simply Send API or download them directly from the Inbox panel inside your console dashboard.

    Next Step: API Reference for Webhooks

    Review the Webhooks API endpoints to create, list, modify, or delete webhook endpoints programmatically.

    API Reference: Webhooks