Developer for Compliant Email System
Бюджет: $5.0 - $300.0
HOURLY / AS_NEEDED
⭐ 4.23 (14)
United States
email-marketing, email-communication, email-support, email-deliverability-consulting
Developer to Build a Compliant Outbound Email System (Smartlead API + AI Personalization + Deliverability Monitoring)
Code for the dashboard:
https://www.dropbox.com/scl/fi/y4sryfm75rgeeowyckmjb/Biomeshield_Outbound_Starter.zip?rlkey=1b5nz46lm4woecqficyek08t2&dl=0
About the project
We're a consumer wellness brand launching an influencer partnership program. We have a pre-qualified list of ~10,000 creators we want to reach out to individually about a product-gifting collaboration. This is a low-volume, high-personalization outreach program — think a few hundred thoughtful, individually tailored emails per day, not high-volume mass mailing.
We want an engineer to build a small, well-architected system that runs this outreach cleanly and protects our sender reputation. Most of the "sending" is handled by an off-the-shelf platform (Smartlead) — your job is to build the integration layer, the AI personalization pipeline, and the monitoring/safety logic around it.
Everything must follow email compliance law (CAN-SP1AM, and GDPR for any EU recipients) and email-provider deliverability best practices. Compliance and deliverability are non-negotiable requirements of this build, not afterthoughts.
What you'll build
Data ingestion (ETL). Parse our scored lead spreadsheet (.xlsx) into a PostgreSQL database. Honor our existing eligibility flags (some rows are pre-marked "exclude"). Make it idempotent — re-running never duplicates or double-sends.
Email verification integration.
Wire in a verification API (e.g. ZeroBounce or MillionVerifier) to scrub invalid/risky addresses before anything sends. Store the result per lead.
AI personalization pipeline.
An offline batch worker that calls the Claude API to generate a one-line, genuinely personalized opener per creator from public profile context we provide. Output is structured JSON (opener, niche, a quality score, and a flag for anything that should go to human review). Low-scoring outputs route to a review queue instead of auto-sending. Product claims come from a fixed, pre-approved copy block — the AI only writes the personalized intro line.
Smartlead API integration.
Push campaigns/sequences via Smartlead's API, map our sending mailboxes, and — critically — check our suppression list before every send.
Webhook ingestion.
A signature-verified, idempotent endpoint that receives Smartlead events (sent / open / click / reply / bounce / spam complaint / unsubscribe), updates lead state, and maintains a global suppression list.
Deliverability monitoring. A scheduled poller that pulls Google Postmaster Tools data (and Yahoo's complaint feedback loop) per sending domain into the database — spam-complaint rate, domain reputation, and authentication (SPF/DKIM/DMARC) pass rates.
Automatic safety "circuit breaker."
Config-driven logic that automatically throttles or pauses sending when key health metrics cross safe thresholds (e.g. spam-complaint rate, bounce rate, or a drop in domain reputation), then follows a defined recovery/ramp-back procedure. All actions logged for audit.
Dashboard + alerting.
A lightweight health dashboard and Slack/email alerts + a daily digest (sends, bounce %, complaint %, reputation, replies, and any paused domains).
Compliance & guardrails (please read — these are hard requirements)
Every email includes a valid physical mailing address, honest sender/subject lines, and a working one-click unsubscribe (List-Unsubscribe header).
Opt-outs and hard bounces are suppressed permanently and immediately — a suppressed address is never contacted again.
We send from dedicated sending domains kept separate from our primary corporate domain — a standard deliverability practice to manage sender reputation. The system must never send from or authenticate against our primary domain.
The system respects all provider rate limits and terms of service. We are not looking to circumvent any platform's rules, filters, or limits — the entire point of this build is to operate cleanly and sustainably.
Volumes are modest and ramp gradually per mailbox.
Recommended tech stack
Python 3.12 · FastAPI · PostgreSQL · a task queue/scheduler (Celery/RQ + Redis, or APScheduler) · Smartlead API · Claude API (Anthropic) · a verification API · Google Postmaster API. We're open to your judgment on specifics if you can justify it.
Deliverables
Working, deployed system with source code and a short README/runbook (setup, and how to pause/resume/recover).
Database schema + migration scripts.
The dashboard and alerting.
A walkthrough/handoff call.
Acceptance criteria
All sending mailboxes pass an authentication test (e.g. mail-tester score ≥ 9/10).
A simulated spam-complaint spike automatically pauses the affected domain within one monitoring cycle.
An unsubscribe or hard bounce suppresses the address before the next send cycle.
No email ever originates from or authenticates against our primary corporate domain.
ETL and sending are idempotent (no duplicates, no double-sends).
Skills / experience we're looking for
Strong Python + PostgreSQL, and comfort integrating third-party REST APIs and webhooks.
Real cold/outbound email deliverability experience — you understand SPF, DKIM, DMARC, warmup, sender reputation, and the Google/Yahoo bulk-sender requirements.
Bonus: prior work with Smartlead (or Instantly), Postmaster Tools, and LLM APIs.
You care about doing outreach the compliant, sustainable way. If your approach relies on cutting corners on compliance or provider rules, we're not a fit.
Engagement & budget
Fixed-price project, depending on your proposed approach (open to discussion).
Possibility of an ongoing monthly retainer for maintenance and tuning after launch.
To apply, please tell us a cold-email or deliverability system you've built before (brief description or link).
Portfolio: Point me to a cold-email or email-deliverability system you've built or run. What was your role, and what volume did it handle?
Circuit breaker: If you were protecting our sending domains, which health metrics would you monitor, what thresholds would you set, and what would the system do automatically when one is crossed? Walk me through your thinking.
Authentication: Explain SPF, DKIM, and DMARC in your own words, and one deliverability problem you've personally diagnosed and fixed.
Stack & timeline: What stack would you use for this, and what's your realistic milestone timeline?
Compliance: How do you make sure an outbound program stays inside CAN-SPAM (and GDPR for EU contacts)? How do you handle suppression and opt-outs technically?
One thing you'd change about the scope above.
Any code must be kept clean and will be audieted at milestone close-out by a 3rd party.
A note if you offer infrastructure as a service: Part of this project is the underlying email "plumbing" — sourcing dedicated sending domains, creating and warming mailboxes, and configuring SPF/DKIM/DMARC. If you (or your company) offer that setup as a managed/done-for-you service rather than building it from scratch, we're open to that — please mention it in your proposal, along with whether the mailboxes and domains would remain fully owned and exportable by us.
Відкрити на Upwork