Email Alert
Provider Intelligence
Connection Health

Email services should not fail mysteriously.

Email Alert keeps a safe provider-intelligence feed so the app can explain whether a problem is offline mode, an expired sign-in, an app-password issue, a rejected folder, or a wider provider problem.

Loading provider status Last checked: pending Mailbox passwords stay on the phone
Current Provider State

Email services being watched

Loading

Fetching the current Email Alert provider-intelligence feed.

Provider status is generated from safe connection diagnostics and the current provider configuration feed.

Workflow

How each service is tested

1 Collect safe app signals

The app reports provider, host, folder, status category, app version, and timing. It does not send mailbox passwords, app passwords, OAuth tokens, message bodies, or attachments.

2 Run synthetic canaries

AWS scheduled workflows test provider endpoints and owned test mailboxes. Synthetic account secrets live in AWS Secrets Manager, not in the website or app.

3 Compare with official sources

The agent checks official status pages and provider help sources, then summarises only the relevant operational signal.

4 Verify before publishing

Low-risk status changes can publish automatically. Config changes that affect auth, hosts, ports, or OAuth settings need deterministic checks and approval.

5 Feed the app and website

The app and this page consume the same versioned provider status/config feed, with cached defaults if the network is unavailable.

Canary Workflows

What Email Alert tests for each provider

Loading

Fetching safe provider test workflow metadata.

User mailbox passwords, app passwords, OAuth access tokens, OAuth refresh tokens, and message contents are not part of these workflows. Synthetic test-account credentials are entered only through an operator Secrets Manager workflow.

Credential Boundary

How canaries use passwords safely

  • Ordinary user mailbox passwords and OAuth refresh tokens stay on the iPhone.
  • Backend tests use Email Alert-owned synthetic mailbox accounts created only for provider monitoring.
  • Synthetic account passwords or refresh tokens are stored in AWS Secrets Manager.
  • Each canary Lambda receives least-privilege access to only the secret it needs.
  • The public status page never receives or displays any credential material.
  • Secrets are rotated, audited, and isolated by provider and environment.
External Signals

Official sources the agent should watch

Loading source guidance.

What The App Receives

Versioned provider guidance

Loading provider config preview...