Mail and Notification Settings

Mail ownership

SophMate workflows can create support drafts, watcher alerts, contact confirmations, and operational notifications that depend on reliable mail handling. Use a monitored mailbox and a transactional mailer for production communication rather than relying on default PHP mail behavior.

Notification routing

Decide which alerts go to site administrators, store owners, developers, agency operators, or support leads. Watcher and workflow notifications should include enough context to act without exposing secrets. The watchers and alerts docs explain alert ownership, and diagnostics and support explains what evidence should be safe to share.

Production verification

Before inviting users, send test messages for contact flows, watcher alerts, and support handoffs. The production readiness tutorial should be updated with the mailbox, delivery provider, and escalation owner.

Owner and cadence

• Primary owner: site administrator with provider, billing, and security responsibility.
• Review cadence: after provider, mailbox, role, budget, security, WooCommerce, or integration changes.
• Escalate when a setting grants high-risk access, changes provider spend, weakens privacy posture, or redirects alerts away from monitored owners.

Production checklist

• Use a transactional mailer, monitored sender, reply-to address, and delivery logs for production notifications.
• Test contact confirmations, watcher alerts, support handoffs, and operator notifications before launch.
• Document who owns provider credentials, budget limits, role access, notification routing, and ongoing review.
• Keep configuration changes behind administrator access and review them after plugin updates, staff changes, or incidents.

Acceptance checks

• Critical notifications reach a monitored mailbox and can be traced through the mail provider.
• Failed mail delivery has an owner and does not silently hide workflow or support issues.
• A second administrator can explain why each high-risk setting is enabled and who may change it.
• No production credential, support mailbox, or notification path depends on an unmanaged personal account.

Common mistakes

• Sending operational alerts to an inbox no one monitors during weekends, launches, or incidents.
• Using personal provider keys, personal mailboxes, or broad administrator access because it is faster during setup.
• Changing budgets, roles, notifications, or integrations without recording the owner and review reason.

Related operations

• Review Watchers and Alerts for alert routing.
• Use Incident Response Runbook when missed alerts affect production.
• Pair configuration work with Roles and Permissions.
• Review Approval Controls before enabling write-capable modules.
• Use Cost Allocation and Client Billing Review before client or team billing reviews.
• Use Security and Key Rotation before changing provider credentials.
• Use Cache Queue and Performance before scaling automation or alerts.
• Use Scheduled Task and Cron Reliability before relying on recurring work.
• Use Provider Models and Fallbacks before changing production model behavior.
• Use Data Residency and Provider Policy Review before sending sensitive context.
• Use Provider Rate Limits and Retry Planning before high-volume automation.
• Use Source Freshness Review Calendar before teams depend on policy sources.
• Use Email Deliverability and Domain Authentication before operational mail matters.