Provide SMTP service

[markdboyd]

What we're after

cloud.gov provides a brokered SMTP service that customers can use to send transactional mail from their applications.

Hypothesized benefit(s)/why:

• Reduce operational dependencies on the home agency for cloud.gov customers
• Expand potential applications that cloud.gov is suitable to hosting

Potential metrics

• Customers can implement transactional mail for an auto-generated domain
• Customers can implement transactional mail for an agency domain

---

Further context for those unfamiliar with what we're doing

In order to send mail from their applications, customers have to take on the additional complexity and compliance burden of using an off-platform solution (eg secure connection back to their agency or a different provider). We should alleviate that complexity and compliance burden.

Security considerations

The feature will need to have an SCR and undergo assessment to ensure that the broker and the services that it provisions are properly secured and compliant (eg DNSSEC, SPF, DMARC, ...)

Notes for implementers

• The data.gov team created an SMTP brokerpak that uses Terraform to drive AWS SES and handle setup for all the key use-cases.
• If we want to reuse that brokerpak, we would need to the deploy the cloud-service-broker inside our boundary, or take ownership of the datagov-ssb deployment, which already runs it.
  • datagov-ssb has its own compliance docs and shares no infrastructure with other data.gov applications. Ryan Palmer supports for promoting it out of the existing "subsystem" status to a full service, operated independently or inside the cloud.gov boundary.
• The SCR and assessment should be done to cover multiple available brokerpaks at once, if possible (eg if there are brokerpaks for SMS or other services available that we want to offer).

Related issues/sub-projects

Tasks

Beta Give feedback

1. Deploy cloud-service-broker to pre-prod environment with 'cf push' #2943
   squad-success +1
   
2. https://github.com/cloud-gov/private/issues/1301
3. Bundle SMTP brokerpak with Cloud Service Broker #2988
   squad-success +1
   
4. Binding credentials should include FIPS endpoints #3120
   squad-success +1
   
5. https://github.com/cloud-gov/private/issues/1300
6. Validate that SMTP Brokerpak handles multi-tenancy #2991
   squad-success +1
   
7. Implement deletion protection for cloud resources created the brokerpak #3123
   squad-success +1
   
8. Tag SES resources with org, space tags #3107
   squad-success +1
   
9. Create local development workflow for CSB & brokerpaks #3118
   squad-success +1
   
10. https://github.com/cloud-gov/private/issues/1103
11. Deploy Cloud Service Broker with Terraform to pre-prod environment #2989
    squad-success +1
    
12. Create CI pipeline for CSB #3112
    squad-success +1
    
13. Support restricting credential use to cloud.gov VPC #3119
    squad-success +1
14. Write OpenTofu tests for SMTP brokerpak #3029
    squad-success +1
15. Determine brokerpak versioning and migration process #3126
    +0
16. Determine SES pricing #3108
    +0
17. https://github.com/cloud-gov/private/issues/1302
18. Increase email send quota in AWS #3106
    +0
19. Document SMTP brokerpak for customers #2997
    squad-success +1
20. Document SMTP brokerpak for developers #2998
    squad-success +1
21. https://github.com/cloud-gov/private/issues/1104
22. Launch beta to select customers #3043
    squad-success +1
23. Investigate verifying email identities in addition to domain identities #3124
    +0