Show HN: Email Marketing Platform Built on a $1 iCloud Account

A lightweight, cost‑effective email marketing platform built to be practical, modular, and easy to extend. Originally engineered to work on minimal infrastructure, the platform focuses on high volume sending, multi‑domain management, generation of content via AI integrations, and clean handling of contacts, bounces, and unsubscribes.

PROD: https://mail.maxsoft.pro

This repository contains a full-stack email marketing platform with a React client (src/), a Node/Express server (server/), static assets (public/), and documentation (docs/). It was designed with simplicity and cost-savings in mind but is ready to be hardened, extended, and made community friendly.

• Provide reliable, high-volume email sending with multi-domain support
• Offer AI-assisted content generation and personalization
• Keep the platform modular, observable, and easy to run locally (dockerized)
• Be open and extensible so contributors can add ESPs, AI providers, or UI components

• Single-handed replacement of enterprise-level platforms immediately — instead, provide a pragmatic alternative for startups and indie teams
• Collecting or processing sensitive data without explicit consent or compliance mechanisms

• Client (src/):
  • React single-page application handling authentication, campaign creation, contact management, analytics, and admin UI.
  • Mobile-friendly components (BottomNavigationBar.jsx).
• Server (server/):
  • Express-based API that manages authentication, campaign lifecycle, sending queues, bounce/unsubscribe processing, AI integrations, and admin endpoints.
  • Models live under server/models/.
• Public (public/):
  • Static assets, landing pages, robots/ads rules, and styles.
• DevOps:
  • Docker and docker-compose are present for reproducible development and deployment.

1. Client → Server: REST API for all user and campaign actions.
2. Server → Database: MongoDB stores users, contacts, campaigns, logs, and events.
3. Server → AI Providers: gemini adapters generate content and suggestions.
4. Integrate direct iCloud SMTP for small setups.

1. Scalability & Performance

• Stateless API servers: prefer horizontal scaling behind a load balancer. Keep per-request state minimal.
• Background queues: offload all heavy work (sending, imports, AI generation, analytics aggregation) to workers.
• Redis + BullMQ (or equivalent): recommended for job queues, rate limiting, and delayed/scheduled tasks.
• Database indexing: create indexes on contact email, campaign status, campaign createdAt, and contact list ids. Use compound indexes for common filters.
• Pagination & streaming: server-driven pagination and cursor-based queries for contacts and activity feeds to avoid large payloads.

2. Background Processing & Job Reliability

• Implement idempotent job handlers and unique job keys to prevent duplicate sends.
• Support retries with exponential backoff and dead-letter queues for failing jobs.
• Use domain/ESP-specific queues to control per-domain concurrency and throttling.
• Add a monitoring dashboard for queue depth, job failures, and retry counts.

3. Deliverability & Domain Reputation

• Per-domain configuration: store iCloud SMTP/IMAP credentials and domain names per user.
• Throttling & rate policy: per-domain/ESP sending rate limits and domain rotation strategies to avoid blacklisting.

4. Security & Data Privacy

• Authentication:
  • JWT for API tokens with refresh-token flows or session cookies with secure, httpOnly attributes.
  • Role-based access control (RBAC): admin, manager, user roles with guarded admin APIs (server/middleware/auth.js is an ideal place to centralize).
• Input sanitization: sanitize HTML email templates and contact imports. Use a whitelist sanitizer for email HTML (strip scripts, inline event handlers).
• Compliance:
  • Track consent for each contact (opt-in source, timestamp, ip).
  • Provide endpoints to export/delete personal data for GDPR/CCPA requests.
  • Maintain unsubscribe and suppression lists and honor CAN-SPAM rules.

5. Data Modeling & Database Best Practices

• Contact: include status (active, unsubscribed, bounced, suppressed), lastActivity, and source metadata.
• Campaign: include state machine: draft → scheduled → sending → paused → completed → failed.
• Logs & events: store minimal structured events (open, click, bounce) and use aggregation pipelines for analytics.
• Indexing: ensure queries used by lists/filters are covered by indexes (e.g., contacts by listId + status).
• Retention & archiving: implement retention policies for raw logs; move older detailed logs to cold storage.

6. Observability & Reliability

• Structured logging: JSON logs with correlation IDs; include userId, campaignId, domain, and jobId where applicable.
• Metrics:
  • Expose metrics endpoint (/metrics) for Prometheus: queue depths, send rate, error rate, average send latency.
• Alerts:
  • Alert on queue saturation, high bounce rates, or ESP throttling/responses.

8. AI Integration & Prompt Safety

• Provider abstraction: standardize prompts and responses.
• Caching & reuse: cache generated subject lines and content for a campaign to avoid repeated calls and costs.
• Prompt governance: keep prompt templates in-code or in a managed store (docs/prompts) with versioning.

9. UX, Accessibility & Product Features

• Campaign builder:
  • Template library with preview and test-send capabilities.
  • A/B testing flows for subject/body and automated winner selection.
• Contacts:
  • CSV import with field mapping, deduplication, and preview step; display import errors.
  • Segment builder with a visual rule builder and saved segments.
• Admin:
  • Usage dashboards and cost analytics per user/domain.
• Accessibility:
  • Ensure components follow WCAG guidelines, keyboard navigability, and semantic HTML.
• Feedback & notifications:
  • Real-time status updates for imports and send jobs (websocket or polling).
  • Email notification preferences for administrators and users.