Now that you understand the basics of transactional emails, you can begin setting up the infrastructure to successfully send them.

But before you can start sending, you’ll need to choose your delivery method. This typically comes down to a classic build vs. buy decision: do you spin up and manage your own mail server, or use a third-party email service provider (ESP) to handle delivery for you?

Each path has trade-offs in complexity, deliverability, cost, and control—so it’s worth understanding what you're signing up for before you commit.

Option 1: Run your own mail server

Benefits of running your own mail server

The appeal of running your own mail servers is understandable, and for many developers, tinkering with Postfix or Exim may be appealing.

There are several benefits to running your own mail server:

  • Total control: You own every aspect of the email pipeline: queue management, retry logic, IP warming schedules. Need custom routing based on the recipient domain? Want to implement exotic rate limiting? It's all possible when you control the metal.
  • Data sovereignty: For organizations with strict data residency requirements or handling ultra-sensitive information, keeping email infrastructure in-house eliminates the need for a third-party processor. Your emails never leave your network until they hit the recipient's mail server.
  • Predictable costs at scale: Once you're sending millions of emails daily, the unit economics can favor self-hosting. No per-email charges, no pricing tiers, just the cost of servers and bandwidth.
  • No API limits: Provider APIs typically throttle requests (600-1000/minute is common). With your own infrastructure, you're only limited by your hardware and the receiving ISPs' tolerance.

Costs of running your own mail server

Despite these benefits, there are several reasons setting up and managing your own mail server may lead to long-term headaches.

First off, deliverability is now your responsibility, and reliably getting emails delivered to inboxes at scale is hard.

Here’s just a few of the things you'll need to do, often on an ongoing basis:

  • Manage IP reputation across dozens of ISPs, each with unique algorithms
  • Implement and monitor SPF, DKIM, and DMARC authentication
  • Build relationships with postmasters at major providers
  • Handle IP warming for new addresses (weeks of gradual volume increase)
  • Monitor and respond to blocklists (Spamhaus, SURBL, etc.)
  • Parse and act on bounce messages in dozens of formats

We talk more about how to improve email deliverability in a later section.

Then you have the infrastructure complexity. A production email system requires multiple IPs, queue servers, monitoring, logs, and backups. You also have the problem that major ISPs provide feedback loops (FBLs) to report spam complaints, but only to established senders they trust. Building these relationships takes months or years. Without FBLs, you're flying blind on recipient engagement.

You also shoulder the regulatory burden. You become responsible for:

  • CAN-SPAM, CASL, and GDPR compliance infrastructure
  • Data retention and right-to-be-forgotten workflows
  • Maintaining suppression lists across jurisdictions
  • Audit trails for compliance teams

But the real killer is opportunity cost. Email infrastructure has a nasty tendency to become a full-time job for multiple engineers. Every hour your team spends debugging SMTP issues, parsing bounce logs, or negotiating with ISP postmasters is an hour not spent on your core product.

For 99% of companies, the hidden costs dramatically outweigh the benefits. Modern email deliverability requires constant attention and expertise that's better purchased than built.

Option 2: Use an email service provider (ESP)

Instead of running your own mail server, the best option for companies planning to send transactional email is to use an email service provider (ESP) that will send emails on your behalf. The transactional email service landscape has matured significantly, with providers catering to different needs, from developer-first APIs to enterprise-grade infrastructure.

Benefits of using an ESP

These providers offer global infrastructure and, critically, teams dedicated to maintaining deliverability so you can focus on building your product rather than managing email servers.

Here's what ESPs handle for you:

  • Deliverability management: ESPs maintain relationships with ISPs, monitor blocklists, and manage IP warming. They employ entire teams dedicated to ensuring your emails reach inboxes, not spam folders.
  • Infrastructure at scale: Sending millions of emails requires distributed infrastructure, queue management, retry logic, and failover systems. ESPs provide this infrastructure as a service.
  • Compliance and security: From SPF/DKIM/DMARC authentication to GDPR compliance and bounce handling, ESPs handle the complex regulatory and technical requirements of modern email.
  • Analytics and monitoring: Track delivery rates, open rates, bounce types, and engagement metrics without building your own analytics pipeline.

How to choose a transactional email service

All ESPs are not created equal. Choosing the right one for your company will depend on several factors, including but not limited to:

  • Volume and growth trajectory: If you're sending less than 50K emails/month, most providers' free tiers work well. For 100K-1M monthly emails, compare unit economics carefully—SES dominates on pure cost, but others provide better tooling.
  • Developer experience Priority: Resend and Mailgun lead in API design and documentation. SendGrid and Postmark offer solid middle ground. SES requires the most custom work.
  • Geographic requirements: For EU data residency, Mailgun and Mailjet offer dedicated EU infrastructure. SES provides global regions. Others primarily use US infrastructure.
  • Feature requirements: Need visual template builders? SendGrid, Mailjet, and MailerSend excel. Want subaccounts? Bird Email is unique here. Require testing infrastructure? Mailtrap specializes in this.
  • Support criticality: Postmark's support is legendary in the industry. Mailgun and Resend also provide responsive developer support. AWS SES support requires paid plans.

The top 10 transactional email services

Below is a quick rundown of the top transactional email services available, but check out Knock’s full post for an in-depth breakdown of each solution.

Resend

  • Strengths: Beautiful developer experience, React Email integration, minimalist platform, transparent observability
  • Weaknesses: Newer and less battle-tested, some features still maturing
  • Pricing: Free tier with 3,000 emails/month; Pro tier at $20/month for 50,000 emails
  • Best for: Modern development teams prioritizing DX and clean APIs

SendGrid (Twilio)

  • Strengths: Massive scale (powers Uber, Booking.com), rich analytics, AI-powered delivery optimization, extensive template management
  • Weaknesses: Email history is a paid add-on, shared IP reputation can vary
  • Pricing: Free trial 100 emails/day for 60 days; Essentials from $19.95/month for 50K emails
  • Best for: Teams wanting full-featured platform with marketing capabilities

Amazon SES

  • Strengths: Extremely low cost ($0.10 per 1,000 emails), AWS integration, scales to billions
  • Weaknesses: Complex setup, sandboxed initially, analytics require additional AWS services
  • Pricing: Free tier for AWS-hosted apps (62K emails/month), then $0.10/1000 emails
  • Best for: AWS-native applications, comfortable building abstraction layers

Postmark (ActiveCampaign)

  • Strengths: Obsessive deliverability focus, time-to-inbox metrics, 45-day retention on all plans, excellent support
  • Weaknesses: No marketing features, basic templating compared to competitors
  • Pricing: 100 free emails/month forever; plans from $15/month for 10K emails
  • Best for: Teams prioritizing deliverability above all else

Mailgun (Sinch)

  • Strengths: Developer-focused, excellent API, EU data residency, advanced routing, both EU and US regions
  • Weaknesses: Limited non-developer features, pricing jumps between tiers
  • Pricing: 5K emails free for 3 months, then ~$35/month for 10K emails
  • Best for: Technical teams wanting granular control without building from scratch

Bird Email (formerly SparkPost/MessageBird)

  • Strengths: Powers 40% of commercial email, subaccounts feature, on-premise option, predictive analytics
  • Weaknesses: Hard-to-navigate documentation, enterprise-focused
  • Pricing: Free trial available; Premier/Enterprise tiers for 100K+ emails/month
  • Best For: High-volume senders needing enterprise features

Mailjet (Sinch)

  • Strengths: Hybrid marketer/developer support, real-time collaboration, EU data residency
  • Weaknesses: Limited automation, analytics locked on lower tiers
  • Pricing: Free tier 200 emails/day; Essential from $17/month for 15K emails
  • Best for: Teams needing collaboration between technical and non-technical users

Mailtrap (Railsware)

  • Strengths: Safe email testing environment, automated testing workflows, client preview
  • Weaknesses: Split offering between testing and sending products
  • Pricing: Free tier 500 test emails/month; sending starts at 1K emails/month free
  • Best for: Development teams prioritizing testing and staging environments

MailerSend

  • Strengths: Modern UI, multi-channel (email + SMS), visual builder with API flexibility
  • Weaknesses: Limited third-party integrations
  • Pricing: Free tier 3K emails/month; paid from $25/month for 50K emails
  • Best for: Modern SaaS apps wanting approachable tools without sacrificing flexibility

Mailchimp Transactional (formerly Mandrill)

  • Strengths: Global infrastructure, excellent documentation, strong analytics
  • Weaknesses: Requires existing Mailchimp subscription (Standard or Premium)
  • Pricing: Block-based pricing; ~$80 for 100K emails/month
  • Best for: Existing Mailchimp customers needing transactional capabilities

Email authentication: How to set up SPF, DKIM, DMARC, and BIMI

As you’ll soon learn, email thrives in a world of acronyms, especially when it comes to authentication. From SPF to DKIM to DMARC, each one is critically important for determining whether your emails reach users or vanish into the spam folder.

Whether you have your own mail server or use an ESP, you’ll need to set this up for each domain. Let’s quickly work through them.

SPF: One TXT record to rule allowed senders

SPF (Sender Policy Framework) is your first checkpoint. It's a DNS TXT record that declares which servers are authorized to send email on behalf of your domain.

When an inbox receives your email, it checks the Return-Path header and verifies it against your SPF record. If the sending server isn't on your approved list, it will get rejected.

Here's what a typical SPF record looks like:

  v=spf1 include:_spf.google.com include:amazonses.com include:sendgrid.net ~all

Breaking it down:

  • v=spf1: The SPF version (always spf1)
  • include:: Authorizes servers from specific providers
  • ~all: Soft fail policy (mark suspicious but don't reject)

Some SPF Best Practices:

// Bad: Too many includes, will hit 10-lookup limit
v=spf1 include:provider1.com include:provider2.com include:provider3.com ... include:provider10.com ~all
 
// Good: Specific includes, reasonable policy
v=spf1 include:sendgrid.net include:mailgun.org -all
 
// Better: Use IP ranges for controlled infrastructure
v=spf1 ip4:192.0.2.0/24 include:sendgrid.net -all

DKIM: Signing every message

DKIM (DomainKeys Identified Mail) cryptographically proves your email hasn't been tampered with and truly comes from you. It uses public-key cryptography where you publish a public key in DNS, and your provider signs each message with the private key.

Your DNS might have multiple DKIM records:

// SendGrid DKIM (CNAME records)
s1._domainkey.yourdomain.com  CNAME  s1.domainkey.sendgrid.net
 
// Mailgun DKIM (TXT record)
pic._domainkey.yourdomain.com  TXT  "k=rsa; p=MIGfMA0GCSqGSIb3..."

Quick verification:

// Check if DKIM exists
$ dig +short TXT selector._domainkey.yourdomain.com
 
// Test by sending email and checking for header:
# DKIM-Signature: v=1; a=rsa-sha256; d=yourdomain.com...

Most ESPs handle DKIM automatically, but rotate keys periodically for security.

DMARC: Enforcement and reporting

DMARC tells receiving servers what to do when emails fail SPF or DKIM checks. It's your policy declaration that you're serious about email security.

  _dmarc.yourdomain.com  TXT  "v=DMARC1; p=quarantine; pct=100; rua=mailto:[email protected]"

Key components:

  • p=quarantine: Policy (none → quarantine → reject)
  • pct=100: Apply to all messages
  • rua=: Where to send aggregate reports

Progressive implementation:

  // Start: Monitor only
  v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com
 
  // Then: Quarantine suspicious
  v=DMARC1; p=quarantine; pct=100; rua=mailto:dmarc@yourdomain.com
 
  // Finally: Reject failures
  v=DMARC1; p=reject; pct=100; rua=mailto:dmarc@yourdomain.com

DMARC requires alignment. Your 'From' domain must match your authenticated domain (exactly for strict, or subdomains allowed for relaxed).

BIMI: The logo badge

Setting up BIMI makes sure your logo is displayed in your emails sent to Gmail and Apple Mail inboxes.

  default._bimi.yourdomain.com  TXT  "v=BIMI1; l=https://assets.yourdomain.com/logo.svg; a=https://assets.yourdomain.com/vmc.pem"

Prerequisites:

  • DMARC at p=quarantine or p=reject
  • 5,000+ emails/week volume
  • Registered trademark
  • VMC certificate ($1,000-1,500/year) (note: the VMC process takes 2-3 weeks through DigiCert or Entrust)
  • Your logo must be a square SVG with no scripts or fonts, hosted on HTTPS

While brand recognition can be beneficial, BIMI is a premium tier of email authentication, and typically only worth setting up if you send millions of emails monthly. For most transactional senders, a solid SPF, DKIM, and DMARC setup is sufficient.

🆕

Recently, BIMI underwent some positive changes. For more information, read Resend’s blog, What BIMI's Changes Mean for Email to see how it impacts you.

The Authentication Checklist

Before sending your first transactional email:

  1. SPF: Add provider's include to your SPF record
  2. DKIM: Configure DKIM keys with your provider
  3. DMARC: Start with p=none and monitor reports
  4. Test: Send emails to mail-tester.com for authentication score
  5. Monitor: Watch DMARC reports for unauthorized senders
  6. Iterate: Gradually increase DMARC enforcement

Authentication is table stakes for transactional email. Without proper SPF, DKIM, and DMARC, even legitimate password resets might never reach your users. Take the time to set it up correctly—your future support team will thank you.