Outbound providers
Sluice receives your email (via REST API or SMTP), runs it through your guardrails, and then forwards approved emails through your configured outbound provider. You bring your own email infrastructure — Sluice never owns your sending domain or affects your IP reputation.
Configure your outbound provider in Settings > Outbound.
Supported providers
| Provider | Type | Notes |
|---|---|---|
| Resend | API | Recommended for AI-native stacks |
| SendGrid | API | Popular for established SaaS products |
| Postmark | API | Strong deliverability, transactional focus |
| Gmail | SMTP/OAuth | Good for low-volume or personal accounts |
| Outlook / Microsoft 365 | Graph API | Enterprise Microsoft environments |
| Custom SMTP | SMTP | Any SMTP relay, maximum flexibility |
API providers
Resend
- In your Resend dashboard, go to API Keys and create a key (or use an existing one)
- In Sluice, go to Settings > Outbound and select Resend
- Paste your Resend API key
- Click Test Connection
Verified sender required. The
fromaddress must be verified in your Resend account. Sluice always sends from the address configured in your outbound settings, regardless of what the agent specifies in the API call.
SendGrid
- In your SendGrid dashboard, go to Settings > API Keys and create a key with "Mail Send" permissions
- In Sluice, go to Settings > Outbound and select SendGrid
- Paste your SendGrid API key
- Click Test Connection
Verified sender required. You must have a verified sender identity in SendGrid that matches the
fromaddress configured in Sluice.
Postmark
- In your Postmark dashboard, find your Server API Token under the server's API Tokens tab
- In Sluice, go to Settings > Outbound and select Postmark
- Paste your Postmark Server API Token
- Click Test Connection
Verified sender required. Your sender signature must be verified in Postmark.
SMTP providers
Gmail
| Setting | Value |
|---|---|
| Host | smtp.gmail.com (auto-filled) |
| Port | 587 (auto-filled) |
| Username | Your Gmail address |
| Password | A Gmail app password (not your regular password) |
You need to enable 2-factor authentication on your Google account before you can create an app password.
Microsoft Outlook / Microsoft 365
Sluice supports two connection methods for Microsoft email:
OAuth2 (recommended)
- Click Connect with Microsoft in the outbound settings
- Sign in with your Microsoft account and grant Sluice permission to send email on your behalf
- Choose your transport: Microsoft Graph API (recommended) or Legacy SMTP
- If sending from a shared mailbox, enter the User Principal Name
Token refresh is handled automatically — you won't need to re-authenticate.
SMTP with password
| Setting | Value |
|---|---|
| Host | smtp.office365.com (auto-filled) |
| Port | 587 (auto-filled) |
| Username | Your Microsoft email address |
| Password | Your Microsoft password or app password |
Custom SMTP
For any other SMTP server (AWS SES, Mailgun, or your own relay):
| Setting | Value |
|---|---|
| Host | Your SMTP server hostname |
| Port | Your SMTP server port (usually 587 or 465) |
| Username | Your SMTP username |
| Password | Your SMTP password |
Common custom SMTP configurations:
| Provider | Host | Port | Username | Password |
|---|---|---|---|---|
| AWS SES | email-smtp.{region}.amazonaws.com | 587 | SES SMTP username (from IAM) | SES SMTP password (from IAM) |
| Postmark (SMTP) | smtp.postmarkapp.com | 587 | Server API token | Server API token |
| Mailgun | smtp.mailgun.org | 587 | Mailgun SMTP username | Mailgun SMTP password |
| SendGrid (SMTP) | smtp.sendgrid.net | 587 | apikey | Your SendGrid API key |
Testing your connection
After entering your credentials, click Test Connection to verify everything works. Sluice will attempt to authenticate with your provider and report any errors.
Common issues:
- Gmail: Make sure you're using an app password, not your regular Google password
- Microsoft: If using SMTP, check that SMTP AUTH is enabled for your account in the Microsoft 365 admin center
- AWS SES: Make sure your SES SMTP credentials are different from your regular IAM credentials — and that your SES account is out of the sandbox for sending to unverified addresses
- Firewall: Ensure outbound connections on port 587 are allowed
Security
- Outbound credentials (API keys, SMTP passwords, OAuth2 tokens) are encrypted at rest
- Credentials are decrypted only at send time when forwarding an approved email
- You can update or rotate credentials at any time from the dashboard