Email Best Practices

Use when building email features, emails going to spam, high bounce rates, setting up SPF/DKIM/DMARC authentication, implementing email capture, ensuring compliance (CAN-SPAM, GDPR, CASL), handling webhooks, retry logic, or deciding transactional vs marketing.

MIT-0 · Free to use, modify, and redistribute. No attribution required.

⭐ 10 · 3.2k · 13 current installs · 14 all-time installs

by@christina-de-martinez

MIT-0

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

The name/description (email deliverability, SPF/DKIM/DMARC, webhooks, retries, compliance) align with the included resources and examples. All code snippets and examples relate to sending reliability, deliverability, consent, and webhook processing—no unrelated services, binaries, or credentials are demanded by the skill metadata.

ℹ

Instruction Scope

SKILL.md and resource files are documentation and examples for implementing email systems. They do include runnable example snippets (TypeScript, bash, curl, dig) and mention environment variables (e.g., RESEND_WEBHOOK_SECRET) and third-party services (Resend, Svix). Nothing in the instructions tells the agent to read arbitrary host files, exfiltrate data, or call unexpected external endpoints. One content note: list-management recommends keeping suppression lists 'indefinite', which can conflict with data minimization and some regional retention requirements (GDPR) — implementers should adapt retention to applicable law.

✓

Install Mechanism

There is no install spec and no code files that would be downloaded or executed. This is instruction-only documentation; no install-related risk is present.

ℹ

Credentials

The skill declares no required env vars, credentials, or config paths. The documentation shows example usage of environment variables (API keys, webhook secrets) for webhook verification and API calls—these are typical and proportional to the described purpose, but they are only examples; the skill itself does not request them. Users should not assume the skill will automatically access secrets.

✓

Persistence & Privilege

The skill does not request always:true, does not install files or modify agent/system configuration, and is user-invocable only. It does not request persistent/system privileges.

Assessment

This skill is documentation and example code for building email systems — generally safe and coherent with its description. Before using it: review the examples and adapt them to your environment (don’t paste real API keys into examples), choose appropriate data-retention policies (the docs suggest indefinite suppression lists which can conflict with GDPR/data-minimization), secure webhook endpoints (verify signatures and store secrets safely), and confirm third-party references (Resend/Svix links) fit your vendor choices. If you need the agent to run any of the example code, make sure you provide only the minimal environment variables and credentials required and audit any outgoing network calls the agent will make.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0

Download zip

latestvk97f0jdg6v1hss3m7xvn54z6c9802wjy

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Email Best Practices

Guidance for building deliverable, compliant, user-friendly emails.

Architecture Overview

[User] → [Email Form] → [Validation] → [Double Opt-In]
                                              ↓
                                    [Consent Recorded]
                                              ↓
[Suppression Check] ←──────────────[Ready to Send]
        ↓
[Idempotent Send + Retry] ──────→ [Email API]
                                       ↓
                              [Webhook Events]
                                       ↓
              ┌────────┬────────┬─────────────┐
              ↓        ↓        ↓             ↓
         Delivered  Bounced  Complained  Opened/Clicked
                       ↓        ↓
              [Suppression List Updated]
                       ↓
              [List Hygiene Jobs]

Quick Reference

Need to...	See
Set up SPF/DKIM/DMARC, fix spam issues	Deliverability
Build password reset, OTP, confirmations	Transactional Emails
Plan which emails your app needs	Transactional Email Catalog
Build newsletter signup, validate emails	Email Capture
Send newsletters, promotions	Marketing Emails
Ensure CAN-SPAM/GDPR/CASL compliance	Compliance
Decide transactional vs marketing	Email Types
Handle retries, idempotency, errors	Sending Reliability
Process delivery events, set up webhooks	Webhooks & Events
Manage bounces, complaints, suppression	List Management

Start Here

New app? Start with the Catalog to plan which emails your app needs (password reset, verification, etc.), then set up Deliverability (DNS authentication) before sending your first email.

Spam issues? Check Deliverability first—authentication problems are the most common cause. Gmail/Yahoo reject unauthenticated emails.

Marketing emails? Follow this path: Email Capture (collect consent) → Compliance (legal requirements) → Marketing Emails (best practices).

Production-ready sending? Add reliability: Sending Reliability (retry + idempotency) → Webhooks & Events (track delivery) → List Management (handle bounces).

Files

13 total

Select a file

Select a file to preview.

Comments

Loading comments…