Summary
Problem and Root Cause
The current email workflow lacked proper input validation at the API layer. As a result, invalid email addresses were allowed to send with response 201 and passed through the initial processing stages, only to fail later during Hawk events asynchronously.
Impact
- Invalid emails were sent for processing, leading to delivery failures
- Users received unclear error messages or no feedback
- System resources were wasted on processing invalid requests
- Poor user experience due to late-stage error detection
Solution Implemented
- Added missing email validation at the API layer so requests fail fast
- The API now returns HTTP 400 with error code email.error.invalid.email when an invalid email address is provided (previously returned 20x)
- Implemented comprehensive email address validation early in the request lifecycle to prevent downstream failures
Validation Coverage
- TO field: Primary recipient email addresses
- CC field: Carbon copy recipient email addresses
- BCC field: Blind carbon copy recipient email addresses
Validation Points
- Email send operations via API
- Draft save operations
Effective Date
Sunday, April 19, 2026
Details
The email API now validates all recipient email addresses (TO, CC, and BCC) when an email is sent or a draft is saved. Previously, requests containing invalid email addresses could be accepted with an HTTP 200 response, and the error would only appear later in the process. With this update, any request that includes an invalid email address is rejected immediately with an HTTP 400 (Bad Request) response. This provides faster and clearer feedback and prevents emails from being queued or processed with incorrect recipient data.
Customer Impact
- This change applies to the following endpoints:
- POST /v2/organizations/{organizationId}/conversations/{conversationId}/replies
- PUT /v2/organizations/{organizationId}/conversations/{conversationId}/draft
- POST /v1/conversations/{conversationId}/replies
- PUT /v1/conversations/{conversationId}/draft
For these APIs, any request that contains an invalid email address in the TO, CC, or BCC fields will now fail immediately with a 400 response. Customers using these endpoints in custom applications, integrations, or automated workflows should ensure that all email addresses are validated before making a request, and that their error-handling logic can correctly process this immediate failure behavior.
Customer Actions Required
- Review any systems or scripts that call the above APIs.
- Ensure email addresses are validated before sending or saving drafts.
- Update error-handling logic to correctly process 400 responses for invalid recipient data.
Rollout Plan and Timeline
Beta customers: Available starting 20 April.
After successful beta validation, the change will be rolled out to all customers in a subsequent general availability release.
Impacted Resources
POST /v2/organizations/{organizationId}/conversations/{conversationId}/replies,
PUT /v2/organizations/{organizationId}/conversations/{conversationId}/draft,
POST /v1/conversations/{conversationId}/replies,
PUT /v1/conversations/{conversationId}/draft,
Issue References
POSTINO-3854
Contacts
@Anish Monikantan Raghavendra Please reply to this announcement with any questions. This helps the wider developer community benefit from the discussion. We encourage you to use this thread before contacting the designated person directly. Thank you for your understanding.