The client of vteam #472 wanted to reach out to all their affiliates and invite them to join under a new affiliate program. For this purpose, the client chose a third party API to send mass transactional and marketing emails. The client also requested that the API be integrated, which would allow their system to send emails without compromising server/IP’s reputation.
On the client’s request, vteams engineer Abdul Shakoor integrated the third party API as per the documentation provided. Due to the large volume of emails, he used a technique to first warm up the IP address, to improve delivery performance and increase the IP’s reputation, by increasing email volume gradually.
Thus, in the first phase a CRON job was developed, which would generate 1 email per minute to 600 distinct recipients. In the second phase, the volume of generating mass emails was increased.
Problems arose when recipients started receiving more than 50 emails; which included not only customized emails meant for them, but also customized emails that were generated for other affiliates. Additionally, these emails contained complete email lists of all affiliates which lead to a concern of breach.
Once this issue occurred the third party application suspended the account, as per client request, which stopped email notifications.
The engineer then critically analyzed the code and API to diagnose the root cause of this problem. Normally, when using PHP for various functions, we create a one-time object for a specific class but for this API we needed to create new object every time. Meaning; rather than resetting email addresses after sending an email, the API was saving email addresses as an array and sending them with the next email in queue. This is not normal behavior for an API and it should be specified in the API documentation, but there was no indication that the API takes variables in arrays. Due to the absence of this crucial information, recipients received multiple emails.
After diagnoses, a simple fix was implemented to reset the instance and solve the problem.
By not specifying how the API had the tendency to behave, resulted in issues of sending mass emails through a third party host. All documentation should be read thoroughly and one cannot assume that every API will behave similarly. Each and every functionality developed using a third party API needs to be tested, using the same scenarios and conditions as on the live environment.