Architecture
PING8 acts as the control plane. KumoMTA acts as the delivery engine. KumoProxy can act as the outbound egress layer.
PING8 app
-> HTTPS injection endpoint
-> KumoMTA
-> optional SOCKS5 KumoProxy
-> recipient mailbox provider
KumoMTA
-> webhook lifecycle events
-> PING8 event ingest endpointComponents
| Component | Responsibility |
|---|---|
| PING8 | Campaign creation, API templates, recipient selection, DNS verification, analytics, and event display. |
| KumoMTA | Message injection, queueing, signing, delivery attempts, provider responses, and lifecycle events. |
| KumoProxy | Optional SOCKS5 proxy that controls the outbound IP path. |
| DNS | Proves sender authorization through SPF, DKIM, DMARC, MX, A, and PTR. |
Data flow
- A campaign or Send API request creates a message in PING8.
- PING8 injects the message into KumoMTA over HTTPS.
- KumoMTA signs and queues the message.
- KumoMTA delivers directly or through KumoProxy.
- KumoMTA posts lifecycle events back to PING8.
- PING8 updates analytics, task details, and failure views.
Security boundaries
- Keep injection behind TLS.
- Require bearer or equivalent authentication.
- Do not expose administrative endpoints publicly.
- Restrict metrics access.
- Use a webhook secret so PING8 can reject forged events.