Send notifications from your own domain.
Hook up your SMTP server in Dashboard → Orgs → Settings. Submission notifications, autoresponders, and digests route through it and appear from your domain. Failures fall back to our platform sender automatically — your forms keep working.
Why custom SMTP?
- Brand — emails come from
[email protected], not[email protected]. - Deliverability — your own SPF/DKIM/DMARC reputation, not ours.
- Compliance — useful when your privacy policy promises mail never leaves your infrastructure.
- Cost — you're already paying for SMTP somewhere; reuse it.
Set up SMTP
Open the org settings page, click Configure SMTP, fill in:
| field | typical value |
|---|---|
host | smtp.sendgrid.net, smtp.mailgun.org, smtp.postmarkapp.com, etc. |
port | 587 (STARTTLS) or 465 (TLS) |
username | Provider-issued SMTP user (often apikey). |
password | SMTP password or API key. Encrypted at rest. |
fromEmail | The From: address. Must be on a domain you've authorized in the provider. |
fromName | Optional display name. |
Test the connection
After saving, click Test connection. We open a SMTP
session (EHLO + AUTH) without sending mail and report
success or the error string. The result is stored on the config row;
a daily cron re-checks all configured tenants.
$ curl -X POST https://login.form4dev.com/api/orgs/<orgId>/smtp/test \ -H "Cookie: form4dev_session=…" {"success": true, "data": {"ok": true}}
Fallback behavior
If a send through your SMTP fails for any reason, we transparently retry through our platform sender so the notification still reaches you. A delivery record on every message tells you which provider actually delivered it — your SMTP, or the platform fallback.
When a daily health check marks your SMTP config as unhealthy, we stop attempting it until it recovers — saving the latency cost of a failing connection per send.
Credential handling
SMTP passwords are encrypted at rest. The encryption key is managed separately from the encrypted credentials, so a database backup alone is not enough to recover any tenant's SMTP password.
Per-send visibility
Every notification is logged with the provider that delivered it. You can filter the inbox by delivery provider to see which messages went through your SMTP vs. the platform fallback.