Skip to content
  • nomenclature
  • mail pipelines

Mail Pipelines

Provisionr uses four distinct types of mail groups, each designed for a specific communication pattern. Choosing the right pipe prevents noise, ensures the right people see the right messages, and keeps audit trails clean.

The Four Pipes

Section titled “The Four Pipes”
PipePurposeWho SendsWho Receives
MailHuman-facing distribution & shared inboxesHumans (internal or external)Humans
IntakeMachine report ingestion & audit feedsSystems (vendors, scanners, SaaS)Small review group or archive-only
AlertsOn-call alarms & urgent eventsMonitoring systemsOn-call personnel (small, focused)
InfraAutomation routers & fan-outMachinesOther groups (no human members)

Quick Chooser

Section titled “Quick Chooser”
Is the sender a human?
  YES → Mail
  NO  → Is the message urgent / on-call actionable?
          YES → Alerts
          NO  → Is it a report or audit feed for later review?
                  YES → Intake
                  NO  → Is it machine-to-machine routing?
                          YES → Infra

Shared Defaults (All Four Pipes)

Section titled “Shared Defaults (All Four Pipes)”
  • Archive: ON for all groups (archives are audit records)
  • Mailing label: ON
  • Security label: OFF (mail pipes don’t grant access)
  • Owners: Minimum 2 from durable admin cohorts (prv-plt-team-wks, prv-sec-team-grc)

What Not To Do (Global Anti-Patterns)

Section titled “What Not To Do (Global Anti-Patterns)”
  • Never use mail-*, intake-*, alerts-*, or infra-* on any access ACL.
  • Never mix pipe types in one group (e.g., human mail + machine reports in the same list).
  • Never put humans as direct members of infra-* groups.
  • Never skip moderation/allowlisting on externally-posting groups.

Wiring Patterns

Section titled “Wiring Patterns”

Pipes can be wired together for sophisticated routing:

Reports to Humans

Section titled “Reports to Humans”
Vendor system → Intake (archive + digest) → Mail (humans review weekly)

Noisy Systems to On-Call

Section titled “Noisy Systems to On-Call”
Multiple systems → Infra (classifier/router) → Alerts (on-call)

One Source, Many Topics

Section titled “One Source, Many Topics”
GitLab → Infra (classifier) → Alerts (security) + Alerts (deploy) + Intake (audit)

Public Contact to Internal

Section titled “Public Contact to Internal”
Website form → Mail (collaborative inbox) → Internal triage → Intake (optional archive)

Cross-Tenant Bridge

Section titled “Cross-Tenant Bridge”
Tenant A Infra → Bridge router → Tenant B Alerts

Pages in This Section

Section titled “Pages in This Section”
  • Mail — Human-facing distribution lists and shared inboxes
  • Intake — Machine report ingestion and audit feeds
  • Alerts — On-call alarms and urgent events
  • Infra — Automation routers and fan-out