SFTP.
Recurring file transfer. No human in the loop.
Recurring direct mail programs ingest lists from CRMs, EHRs, DMS platforms, data warehouses, and ERP systems on a continuous cadence. SFTP is the standard mechanism the source systems already speak. DirectMail.io provisions per-account SFTP credentials with key-pair authentication and PGP encryption, watches the upload directory continuously, routes files into hygiene or suppression or campaign workflows by directory or filename pattern, and reports processing status back to the dashboard. Programs that historically required a human to upload every list every morning run as set-and-forget pipelines.
Five steps. Per-account credentials. End-to-end encryption.
- 01
Per-account SFTP credentials provisioned per program
Each account or program gets its own SFTP credentials — username, key-pair authentication, and an isolated upload directory. Credentials never share across accounts; access is scoped to exactly the data the credential is authorized for.
- 02
Files arrive on schedule or on-demand
Lists, suppression files, configuration updates, or campaign assets push to the SFTP endpoint on whatever schedule the source system supports — hourly, daily, weekly, event-triggered. The platform watches the directory continuously.
- 03
PGP encryption supported end-to-end
For sensitive data, files encrypt with PGP before upload and decrypt server-side after the SFTP transfer completes. The platform manages key generation and key rotation; teams manage their side of the keypair.
- 04
Files trigger downstream campaign workflows
A list arriving via SFTP can route into hygiene, into a campaign queue, into a suppression update, or into a CRM sync — depending on the configured handler. The same SFTP endpoint can serve multiple workflows by file type or directory.
- 05
Status, errors, and processing logs report back
Every file gets a processing record: arrival timestamp, validation result, downstream actions taken, error details if any. The team monitors the SFTP automation through the same dashboard as the rest of the campaign infrastructure.
Why bulk file transfer is still the primary integration pattern.
API integrations get the marketing attention; SFTP runs the actual production load. The reason is structural: most direct mail programs operate on lists exported from systems built before REST APIs were standard, and those export workflows are mature, reliable, and already configured. Replacing them with API-based per-record sync is engineering work that produces no marginal value over a properly-configured SFTP pipeline. The SFTP pattern that worked in 2010 still works in 2026 — and it scales to data volumes per-record API patterns struggle with.
The compounding advantage is reliability. SFTP transfers are atomic — the file either lands in full or fails to land. There's no half-uploaded list in the queue, no partial sync state to reconcile. Failed transfers retry from the source with full file integrity, and processing is idempotent: re-uploading the same file produces the same result. The operational simplicity is what makes SFTP the integration pattern compliance and IT teams actually approve.
And the security posture is mature. PGP encryption, SSH key-pair authentication, and per-account directory isolation are decades-old patterns with battle-tested implementations. For regulated verticals — healthcare, financial services — SFTP with PGP is frequently the only file-transfer mechanism the compliance team accepts. The platform supports the pattern natively rather than as a "legacy alternative" to a preferred API path.
Where SFTP earns its keep.
-
Recurring CRM list exports
Salesforce, HubSpot, and other major CRMs export lists to SFTP on a configurable schedule. The platform ingests the file, runs hygiene, and queues the campaign — no human in the loop after initial setup.
-
Healthcare patient list ingestion
EHR systems export patient lists to SFTP for service reminder and appointment campaigns. PGP encryption preserves PHI compliance throughout the transfer; downstream campaign processing respects the consent flags on each record.
-
Automotive DMS integration
CDK, Reynolds & Reynolds, and Dealertrack export equity, lease, and service-history data to SFTP for variable-data direct mail. The dealer's team configures the DMS export once; campaign triggers fire on every subsequent file.
-
Suppression list maintenance
Compliance teams push updated suppression files (do-not-mail, opt-outs, do-not-contact) to SFTP on a recurring schedule. The platform updates the suppression layer for every subsequent campaign automatically.
Questions teams ask before deploying.
Short answers. For implementation specifics on file routing rules, PGP key management, or large-file chunked upload, book a demo.
-
Why use SFTP instead of just uploading lists through the web UI?
Two reasons. First, recurring programs need automation — a healthcare network ingesting a new patient list nightly cannot have a human upload the file every evening. SFTP is the standard mechanism for system-to-system file transfer, supported natively by every major CRM, EHR, ERP, marketing automation, and data warehouse platform. Second, SFTP integrates cleanly with the source system's existing export workflow — the team configures the export once and the file lands in DirectMail.io continuously without further intervention.
-
What authentication and encryption does the platform support?
Standard SFTP with key-pair authentication (no password-based auth on production accounts). PGP encryption supported for sensitive data — the platform manages keys per account and supports standard rotation cadence. SSH keys can be rotated on demand or on schedule. All transfers encrypt in transit; data at rest in the SFTP directory encrypts to the same standard as the rest of the platform.
-
How are SFTP files routed to the right downstream workflow?
File routing configures per directory or per filename pattern. A file landing in /lists/imports routes into list ingest and hygiene. A file in /suppression updates the suppression layer. A file in /campaigns/launch queues for the configured campaign workflow. Multiple routes can fire from the same SFTP endpoint — the team configures the routing rules once and they apply on every subsequent file.
-
What file formats are supported?
CSV, TSV, fixed-width, JSON Lines, Parquet, and Excel for list and data files. The platform parses standard formats automatically; custom formats can be configured with a per-program parsing spec. For encrypted files, the same formats apply post-decryption — encryption is a transport layer concern, not a data layer one.
-
How does SFTP coordinate with the platform API?
SFTP and API are complementary, not exclusive. SFTP handles bulk file transfer (large lists, recurring exports, system-to-system batch moves). API handles per-record real-time operations (single-record lookups, individual campaign launches, real-time event posts). Programs that need both run both — the platform doesn't force a choice between bulk and real-time integration patterns.
-
How is SFTP billed and what are the file size limits?
SFTP access is included in DirectMail.io platform pricing for accounts at the relevant plan tier — no separate per-file or per-byte fee. File size limits are generous (multi-gigabyte files supported); for very large transfers the platform supports chunked upload with resume on failure. Plan tiers and volume detail live on the pricing page.
-
What happens when an SFTP file fails validation or processing?
Failed files quarantine to an isolated directory with a detailed error log. The platform notifies the configured contacts (email, webhook, dashboard alert) on processing failures. The original file persists for diagnostic and reprocessing — failure does not delete data. After the issue is resolved, the file can reprocess from the quarantine directory without re-upload.
Configure an SFTP integration for a recurring program.
Bring an existing CRM, DMS, or EHR export. We’ll provision the SFTP credential, configure the routing, and walk through the first file processing end-to-end — in 30 minutes.