Recommended:

• Add per-service /healthz endpoint where applicable.
• Alert on Redis queue lag and failed delivery counts.
• Alert on SMTP/IMAP auth failure spikes.

Domain-level APIs:

• export: GET /domains/export
• import: POST /domains/import

Use object storage lifecycle policies for exported artifacts.

Define policies for:

• mailbox messages
• raw MIME objects
• push delivery logs
• webhook delivery logs

• Require TLS for SMTP submission and IMAP in production.
• Disable insecure auth flags in production.
• Rotate JWT and push credentials.
• Store secrets in manager-backed providers (K8s secret manager, cloud secret services).

• Increase mail-worker replicas first for throughput.
• Scale orchestrator nodes for control-path resilience.
• Separate SMTP/IMAP edge scaling from worker scaling.
• Tune WORKER_* and ORCH_* settings by profile (cheap/balanced/fast).