Transactional emails

Which emails WooshPayment sends, from which sender, with which DNS. Emails to the end customer are sent by your store, not us.

TLDR: WooshPayment sends emails only to the merchant (verify, welcome, password reset, new order notification, Apple Pay alert). Emails to the end customer (order confirmation, shipping, cart recovery) are sent by your Shopify/Woo store, not us.

Emails WE send

Sender: noreply@wooshpayment.com via Resend, DKIM + SPF configured on GoDaddy.

Email	When it fires	Recipient
`email_verify`	Immediately at signup	Merchant
`welcome`	Immediately at signup	Merchant
`password_reset`	When the merchant requests reset	Merchant
`merchant_order_notification`	On every completed/COD order	Merchant
`apple_pay_registration_required`	If Apple Pay auto-registration on the merchant's Whop fails	Merchant

No customer-facing email is sent by us.

Why we DON'T send emails to the customer

Product decision:

Branding: sending "order confirmed" from noreply@wooshpayment.com confuses the customer who doesn't know who WooshPayment is
Deliverability: Shopify and Woo have better deliverability than us because they have DKIM on the merchant's domain
Synchronization: Shopify/Woo is already the source of truth for shipping, tracking, invoicing — sending two "order confirmed" emails from different sources creates confusion

What this means in practice:

Customer pays on WooshPayment → we create the order via API → Shopify/Woo sends its "Order confirmed" email with the merchant's template
Customer abandons cart mid-flow → we don't send any recovery email (policy decision). The /cron/abandoned-cart cron exists but only handles DB housekeeping (marks expired sessions PENDING → EXPIRED), no sends

If in the future we want to re-enable customer recovery emails, sending will need to happen on per-merchant SMTP with DKIM on the merchant's domain, not from our noreply@wooshpayment.com. Roadmap.

DNS required on the WooshPayment side (already configured)

For those who want to know our current sender configuration:

SPF (on the wooshpayment.com apex):

v=spf1 include:secureserver.net include:_spf.resend.com -all

secureserver.net is GoDaddy mail (default), _spf.resend.com authorizes Resend to send on our behalf.

DKIM (CNAME resend._domainkey.wooshpayment.com):

Configured per the records provided by the Resend dashboard.

DMARC: on the roadmap. We don't publish it today.

Pre-production testing

When we add a new template (platform-side):

Resend dashboard → "Send test"
Verify rendering on Gmail, Outlook, Apple Mail (Outlook is the worst)
Test on mail-tester.com — we aim for ≥9/10
Verify anti-XSS escaping on all user-provided fields (shopName, customer.firstName, etc.)

Outlook spam folder

It happens that the first email to an Outlook/Hotmail recipient lands in Junk. It's normal for new sender domains. Solutions:

Recipient marks "Not spam" on first arrival → subsequent ones arrive normally
Add noreply@wooshpayment.com to contacts
See Email not arriving for full diagnostics

Customization

Templates aren't editable from the merchant dashboard today (they're hardcoded in apps/api/src/services/EmailService.ts with XSS escaping on all dynamic fields).

Roadmap: merchant-facing template editor for merchant alerts. Not for customer-facing emails — we don't send them by choice.

Useful links

Email not arriving — deliverability debugging
Whop Setup
Shopify integration — Shopify sends the order confirmation from its side