Pipe support@ straight into OpsIQ: each inbound email becomes a native ticket, the AI drafts or sends a grounded reply by email, and your team picks up only what needs a human — all on one threaded timeline. Transactional and broadcast email run through the same authenticated relay, so SPF, DKIM and DMARC pass and your messages land in the inbox, not spam.
Email stops being a separate silo. It becomes just another channel feeding the same AI, the same tickets and the same audited history.
Point your support mailbox at OpsIQ (forwarding rule or IMAP fetch). Every inbound message becomes a native ticket with the sender resolved to a contact, the subject as the title, the body as the first reply, and attachments ingested inline. Replies on the same thread append to the same ticket — no duplicate tickets, no lost context.
The same brain that runs your chat widget reads the email, answers from your knowledge base and the customer's account, and either drafts a reply for an agent or sends it automatically — your choice per workspace.
Message-ID, In-Reply-To and References headers are matched so a customer's follow-up appends to the original ticket instead of opening a new one.
Password resets, ticket updates, CSAT surveys, invoice receipts and 2FA codes all send through the authenticated relay with templated, branded HTML.
Send product announcements, promotion welcome emails and newsletters to segmented audiences — with consent honoured and unsubscribe handled.
The SMTP relay signs every outbound message with DKIM and aligns SPF and DMARC for your sending domain, so mailbox providers trust your mail and it reaches the inbox.
OpsIQ fetches or receives the message, extracts the sender, subject, body and attachments, resolves the sender to an existing contact (or creates one), and opens a native ticket on the right queue. Routing rules can auto-assign by keyword, tag by department, and apply your SLA clock — all before a human has looked at it.
Agent and AI replies are sent back to the customer by email through the OpsIQ relay, threaded so the conversation stays intact in their mail client. Every outbound message is DKIM-signed and SPF/DMARC-aligned for your domain, with bounce and complaint handling feeding back into deliverability health.
Add an IMAP mailbox — Gmail, Outlook or cPanel — give it a friendly name, route it to a department, and test the connection live before you save. A cron job polls it every few minutes; no MX change required to get started.
Each mailbox carries its own host, port and encryption, a username and password, the mail folder to watch, and the team it feeds. Hit Test for a real IMAP login before saving, then Poll now to pull mail on demand.
Give OpsIQ IMAP credentials to fetch new mail on a schedule, or set a forwarding rule from support@ to your OpsIQ pipe address. Either way, inbound mail starts becoming tickets immediately — and you can OAuth-connect Gmail / Outlook for app-password-free access.
The ingestor reads the message, resolves the sender to a contact (or creates one), opens a ticket with the subject as title and the body as the first reply, and ingests attachments inline. Follow-ups thread onto the same ticket — no duplicates, no lost context.
Message-ID, In-Reply-To and References headers (plus the requester) are matched so a customer's reply appends to the original ticket. Attachments — receipts, screenshots, PDFs — are decoded and stored on the timeline.
The same brain that runs your chat widget reads the email, answers from your knowledge base and the customer's account, and either drafts a reply for an agent to approve in the Email Drafts queue, or sends it automatically — your choice, per workspace.
Pending AI-drafted replies queue for review. Open the incoming message, edit the draft inline, hit Regenerate for a fresh take, or Send reply to deliver it to the customer by email. Nothing reaches the customer until you choose to.
Outbound email leaves through one transport you control: pin a Mailgun / SendGrid / Postmark / Resend / Amazon SES connector, or configure SMTP as a fallback. Every message is DKIM-signed and SPF/DMARC-aligned for your domain, so mailbox providers trust it.
Pin an outbound connector as the preferred transport, configure SMTP as the fallback, and set a From identity. A 24-hour delivery panel shows sent, failed and a breakdown by transport — with a warning if OpsIQ is still falling back to PHP mail().
The same authenticated relay carries one-to-one transactional mail — password resets, 2FA codes, ticket updates, CSAT surveys, invoice receipts — and one-to-many broadcasts to your agents or segmented audiences, with consent honoured and unsubscribe handled.
Compose a broadcast with the OpsIQ Writing assist, pick all active agents or a selected subset, and send. Each run is logged with date, subject, scope and sent / failed counts so you can see exactly what went out and to whom.
Outbound mail uses templated, branded HTML with merge tokens; your From identity and signing are configured per sending domain; and every send is recorded so you can audit delivery and protect your sender reputation.
Resets, receipts, ticket updates and CSAT use branded HTML templates with merge tokens like the recipient name and a unique link — personalised, on-brand, consistent.
Set the From email and From name per workspace; connectors override with their own configured identity. DKIM is signed for your domain so the right reply-to and signature ride every message.
A 24-hour panel breaks down sent, failed and by transport; broadcasts keep a full history with sent / failed counts; bounces and complaints feed back into deliverability health.
Hard bounces and spam complaints are tracked and surfaced, so problem addresses stop receiving mail and your sender reputation stays clean.
Pin a provider connector as the preferred transport with SMTP as the automatic fallback — one send path for CRM email, campaigns, proactive rules and ticket replies.
Live IMAP connection tests on the way in, and a one-click test email on the way out, so you verify both ends before a single customer is affected.
A fair look at where the OpsIQ email channel sits next to the usual shared-inbox tools.
| Capability | OpsIQ | Front | Help Scout | Gmail-as-helpdesk |
|---|---|---|---|---|
| Email → native ticket | ✅ Built-in | ✅ Yes | ✅ Yes | Labels only |
| AI drafts grounded in your KB + account | ✅ Core | Add-on | Add-on (AI) | None |
| Approve-then-send draft queue | ✅ Yes | Partial | Partial | Manual |
| Unified with chat + tickets + CRM | ✅ One workspace | Inbox only | Inbox + docs | None |
| Header thread matching (no dupes) | ✅ Yes | ✅ Yes | ✅ Yes | Threads, not tickets |
| DKIM/SPF/DMARC handled for you | ✅ Relay + connectors | Partial | Partial | DIY DNS |
| Transactional + broadcast on same relay | ✅ Yes | Limited | Limited | DIY |
| Bounce & complaint tracking | ✅ Yes | ✅ Yes | ✅ Yes | Manual |
| Bring your own provider (SES/Postmark…) | ✅ Connector or SMTP | Limited | Limited | n/a |
| Pricing model | Flat plan | Per-seat | Per-seat | Per-mailbox |
Every outbound message — agent reply, AI auto-reply, transactional, broadcast — enters a single router. It tries your pinned connector first, then any other configured connector, then SMTP, and only falls through to PHP mail() as a last resort, warning you when it does.
Pin one connector as the preferred outbound transport so every send is predictable. If that send fails, the router cascades to your remaining connectors, then SMTP — so a single provider outage never silences your support inbox. A fallback warning fires the moment OpsIQ has to use PHP mail(), because most hosts throttle it.
Every outbound message gets a minted, persisted Message-ID. When a reply comes back, OpsIQ matches In-Reply-To and References against that ID — so the follow-up appends to the original ticket instead of opening a duplicate. An atomic Message-ID claim makes ingestion idempotent, even if the poll runs twice.
The router mints a unique Message-ID, stores it, and preserves In-Reply-To / References on the way out. Inbound replies are matched on those headers (plus the requester). An atomic claim on the Message-ID means a re-run of the poller can never double-ingest the same email.
Inbound mail produces a pending AI draft. An agent edits it inline, regenerates for a fresh take, or approves it — and only then does it leave by email. RFC-3834 suppression and a per-sender rate limit keep auto-replies away from bounces, daemons and broken filters.
Each inbound message lands in the Email Drafts queue with a grounded AI draft attached. Tweak it inline, hit Regenerate to re-run the AI with the same context, or approve to send. RFC-3834 suppression skips auto-responders, mailing lists and no-reply senders, and a 3-per-hour per-sender cap stops reply loops dead.
The unglamorous parts that decide whether an email channel survives a real load: bounded polling, hardened timeouts, header-injection defence, and webhook authenticity.
The poller works to a wall-clock budget with per-mailbox caps, so a slow AI draft on one busy inbox can never stall the whole sync. Each tick stays predictable.
Connect, read and command timeouts are bounded to 8–12 seconds. A dead or hanging mail host costs roughly 20 seconds at most — never an unbounded stall.
Certificates are validated by default. Self-signed certs are a fine-grained, per-mailbox opt-in for the rare internal host — secure unless you deliberately relax it.
CRLF and NUL sequences are stripped from every header value before send, so a malicious subject or name can never inject extra SMTP headers or recipients.
Inbound provider webhooks are verified by HMAC-SHA256 or Basic Auth, with a 5-minute timestamp window to block replays — and each connector gets its own unguessable path.
Hard bounces raise an email.bounced activity and the address is auto-skipped in outreach, so you stop mailing dead inboxes and protect sender reputation.
Every capability, grouped. ★ marks a stand-out.
| Feature | What it does |
|---|---|
| Inbound | |
| IMAP Mailbox Connect ★ | Gmail, Outlook or cPanel; test the connection live before saving, cron polls every 3 minutes. |
| Inbound Email → Native Ticket ★ | Sender resolved, subject becomes the title, body the first reply, attachments inline — one message, one ticket, one timeline. |
| Sendmail Pipe Receiver | Alias-pipe raw email straight into tickets via your MTA — no MX change required. |
| Header-Based Thread Matching ★ | Message-ID, In-Reply-To and References matched so replies thread instead of duplicating. |
| Inbound Idempotency NEW | Atomic Message-ID claim means a double poll never double-ingests the same email. |
| Attachment Ingestion | Decoded, stored and displayed inline from multipart MIME — files travel into the ticket. |
| Department Routing by Recipient | support@, billing@ and sales@ routed by the To / Cc / Delivered-To headers into the right queue. |
| Multiple Mailbox Support | Unlimited parallel mailboxes — support@, sales@, billing@ side by side, each routed. |
| Polling Performance Budgeting NEW | Wall-clock budget plus per-mailbox caps so AI drafts never stall the poll. |
| IMAP Timeout Hardening NEW | 8–12s bounded timeouts; a dead host costs ~20s at most, never an unbounded stall. |
| SSL Certificate Validation Toggle NEW | Validated by default; self-signed certs are a per-mailbox opt-in. Secure by default. |
| AI & replies | |
| AI-Drafted Email Replies ★ | Grounded in the account and your knowledge base, written in your voice, mode set per workspace. |
| Email Drafts Queue ★ | A review page where every pending reply waits — approve-then-send. |
| Draft Regeneration NEW | Re-run the AI with the same context for a fresh take, without losing the thread. |
| Draft Editing NEW | Inline tweaks before send — quick edits, no separate composer. |
| Auto-Reply Mode Control ★ | Auto-send, draft-first or hands-off, chosen per workspace. |
| Auto-Reply Suppression (RFC 3834) ★ | Skips mailers, bounces, no-reply senders and lists — never auto-reply to a daemon. |
| Per-Sender Auto-Reply Rate Limit NEW | 3-per-hour cap per sender stops reply loops from broken filters. |
| Outbound & deliverability | |
| Outbound Email Router ★ | One send path: pinned connector → other connectors → SMTP → mail() last resort. |
| Email Connector: Mailgun | Inbound webhook plus the Messages API for outbound relay. |
| Email Connector: SendGrid | Inbound Parse plus outbound over Basic Auth. |
| SMTP Fallback | STARTTLS or SSL used automatically when a connector send fails. |
| Test Email Send NEW | Fire a live test through the chosen transport to confirm delivery end to end. |
| DKIM Signing ★ | Per-message DKIM plus a unique Message-ID so providers trust your mail. |
| SPF & DMARC Alignment ★ | Relay and connector domains aligned so authentication passes. |
| Per-Domain From Identity | Global or per-department From identity; connectors can override. |
| Reply-To Preservation ★ | In-Reply-To and References preserved so replies land on the same ticket. |
| Message-ID Minting & Persistence NEW | Minted, stored and matched against inbound replies. |
| Department Signatures NEW | Per-department signatures appended to outbound mail automatically. |
| Header Injection Defence ★ NEW | CRLF and NUL stripped from header values to block SMTP header injection. |
| Multipart MIME NEW | text/html plus attachments — text clients see text, HTML clients see styled. |
| Attachment Support NEW | Attach up to 15 files at 15MB each on outbound replies. |
| Analytics & logs | |
| 24-Hour Delivery Stats NEW | Sent and failed, broken down by transport, on a live 24-hour dashboard. |
| Email Audit Log ★ NEW | Every email logged with direction, status, transport and thread — fully auditable. |
| Transactional & broadcast | |
| Broadcast Email to Agents | Send to all or selected agents; every run is logged. |
| OpsIQ Writing for Broadcasts NEW | Compose broadcasts with the AI Assist writer. |
| Broadcast History & Audit NEW | Full history — who sent what, scope and sent / failed counts. |
| Transactional Email | Resets, 2FA codes, receipts, CSAT and ticket updates over the signed relay. |
| Compliance & suppression | |
| Email Consent Tracking ★ | unknown / granted / revoked states block mail to anyone opted out. |
| Unsubscribe Handling | The unsubscribe link revokes consent and logs the activity automatically. |
| Bounce Detection Activity | Hard bounces raise an email.bounced activity so you stop sending to bad addresses. |
| Bounce Impact on Outreach NEW | Bounced contacts are auto-skipped in sequences and outreach. |
| Integration, config & security | |
| Email Connector Context Provider NEW | Mailbox, draft, stats and domain config surfaced to the AI. |
| Pinned Connector Selection NEW | Pin one connector as the preferred outbound default. |
| Mail Fallback Warning NEW | Warns the instant OpsIQ has to fall back to PHP mail(). |
| Webhook Signature Verification ★ | HMAC-SHA256 or Basic Auth blocks forged inbound email. |
| Webhook Timestamp Validation NEW | A 5-minute window blocks replay attacks. |
| Unique Webhook Paths per Connector NEW | Unguessable per-connector paths prevent enumeration. |
| Allowed Self-Signed Certs (Per-Mailbox) NEW | Fine-grained opt-in for self-signed certs — secure by default. |
Two ways: set a forwarding rule from support@ to your OpsIQ pipe address, or give OpsIQ IMAP credentials to fetch new mail on a schedule. Either way, inbound mail starts becoming tickets immediately — no MX change required to get started.
Your choice, per workspace. You can have the AI auto-send grounded replies for confident answers, draft replies for an agent to approve, or stay silent and only suggest. Anything it isn't confident about is handed to a human with full context.
The relay DKIM-signs every outbound message and aligns SPF and DMARC for your sending domain. You add a couple of DNS records once; after that, mailbox providers authenticate your mail and it reaches the inbox. Bounces and complaints are tracked to protect your sender reputation.
No. OpsIQ matches Message-ID, In-Reply-To and References headers (and the requester) so a customer's reply appends to the original ticket. New subjects from the same person open a new ticket only when they're genuinely a new request.
Your choice. Pin a Mailgun, SendGrid, Postmark, Resend or Amazon SES connector as the preferred transport, or configure SMTP directly. If a connector send fails, OpsIQ falls back to SMTP, and only falls through to PHP mail() if neither is set — which the Email Settings screen warns you about, because most hosts cap it.
Yes. Add as many IMAP mailboxes as you need — support@, sales@, billing@ — each with its own host, folder and the department it routes to. The cron poller checks every enabled box on each tick, and you can also "Poll now" or "Test" a mailbox on demand.
The same authenticated relay carries transactional mail — password resets, 2FA codes, ticket updates, CSAT surveys and invoice receipts — plus broadcasts to your agents or segmented audiences. Each broadcast is logged with its subject, scope and sent / failed counts, and audience sends honour consent and unsubscribe.
Forward support@ to OpsIQ and watch the first email become a ticket — and a reply — in minutes.