Designing a notification system helped me think about delivery guarantees, not just messages

How to design a notification system by thinking in delivery guarantees, user experience, and real-world system constraints

If you approach the problem of designing a notification system as a simple pipeline that takes an event and sends a message to a user, you will likely end up with an architecture that works in controlled environments but breaks down quickly under real-world conditions. The reason is not that sending notifications is inherently complex, but that the expectations around delivery, timing, and user experience are far more nuanced than they appear at first glance.

A notification system is not just about delivering messages. It is about delivering the right message to the right user, at the right time, through the right channel, without overwhelming them or violating implicit expectations. This means the system must balance reliability, scalability, personalization, and user control, all while operating under constraints such as rate limits, third-party dependencies, and unpredictable traffic patterns.

The shift that matters most is moving from thinking in terms of message sending to thinking in terms of delivery guarantees and user experience. Once you internalize that, the rest of the design becomes less about building a queue and more about orchestrating a system that behaves predictably under uncertainty.

The nature of notification systems

To design a notification system properly in your System Design interview, it helps to understand the environments in which these systems operate. Notifications are triggered by events, but they are consumed by users who have varying expectations and tolerances. Some notifications are critical and must be delivered immediately, while others are informational and can be delayed or batched.

This creates a system where not all messages are equal. The system must classify, prioritize, and route notifications based on their importance and context.

The table below highlights how notification systems differ from typical backend systems:

This distinction matters because it changes how you reason about system behavior. A failed API request can be retried immediately, but a failed notification may result in a missed opportunity to engage the user or deliver critical information.

Types of notifications and their implications

Not all notifications are created equal, and a well-designed system must account for different types of notifications with varying requirements. For example, a password reset email has very different expectations compared to a promotional push notification.

Understanding these differences is part of the fundamentals of System Design because it influences how the system prioritizes, schedules, and delivers messages.

The table below outlines common notification types:

The key insight here is that a single system must support multiple delivery models. Treating all notifications uniformly can lead to inefficiencies, such as overloading the system with low-priority messages or delaying critical alerts.

A representative problem: designing a large-scale notification system

Consider a system that needs to send notifications across multiple channels such as email, SMS, and push notifications. At a high level, the system must ingest events, process them, and deliver notifications through the appropriate channels.

The table below outlines the core components of the System Design:

At first glance, this architecture appears straightforward, but the complexity emerges when you consider how these components behave under load and failure conditions.

Event ingestion and fan-out

Notification systems are inherently event-driven. Events can originate from multiple services, such as user actions, system updates, or scheduled triggers. These events must be ingested reliably and processed in a way that supports fan-out, where a single event can generate multiple notifications.

For example, a new comment on a post may trigger notifications for multiple users. This means the system must scale not just with the number of events, but with the number of recipients per event.

This introduces challenges in handling burst traffic. A single high-impact event can generate millions of notifications in a short period, overwhelming downstream systems if not managed properly.

Queueing and backpressure

Queues play a central role in notification systems because they decouple event processing from delivery. By buffering messages, queues allow the system to handle spikes in traffic without overwhelming delivery services.

However, queues introduce their own challenges. If the rate of incoming messages exceeds the rate of processing, the queue can grow indefinitely, leading to increased latency and potential data loss.

The system must implement backpressure mechanisms to handle these scenarios. This may involve throttling incoming events, prioritizing critical notifications, or scaling processing capacity dynamically.

The table below outlines common queue-related challenges:

These challenges highlight the importance of designing queues as more than just buffers. They are critical components that influence system behavior.

Delivery guarantees and trade-offs

One of the most important decisions in designing a notification system is choosing the appropriate delivery guarantees. In most cases, systems aim for at-least-once-delivery, which ensures that messages are delivered but may result in duplicates.

Achieving exactly-once delivery is significantly more complex and often not necessary for notifications, where duplicate messages are less harmful than missed ones.

This trade-off must be considered carefully. For critical notifications, such as security alerts, the system may implement additional safeguards to minimize duplication while ensuring delivery.

Multi-channel delivery complexity

Supporting multiple delivery channels introduces significant complexity. Each channel has its own characteristics, limitations, and failure modes. For example, email delivery may be delayed due to spam filtering, while SMS delivery may be subject to carrier restrictions.

The system must abstract these differences while providing a consistent interface for sending notifications.

The table below compares common channels:

What makes this challenging is that failures in one channel may require fallback strategies. For example, if a push notification fails, the system may send an SMS as a backup.

Personalization and user preferences

A notification system must respect user preferences, which adds another layer of complexity. Users may choose to receive certain types of notifications while opting out of others, or they may prefer specific channels.

This requires a preference service that stores and retrieves user settings efficiently. The system must evaluate these preferences in real time to determine whether a notification should be sent and through which channel.

The challenge is that preference evaluation must not become a bottleneck. It must scale with the number of users and the frequency of events.

Rate limiting and throttling

Sending too many notifications can degrade user experience and lead to issues such as spam complaints or app uninstalls. To prevent this, the system must implement rate limiting and throttling mechanisms.

This involves tracking the number of notifications sent to each user and enforcing limits based on predefined rules. These rules may vary depending on the type of notification and user preferences.

The goal is to strike a balance between engagement and user satisfaction.

Handling failures in notification systems

Failures in notification systems are inevitable, and the design must account for them explicitly. Unlike other systems, where failures may be isolated, here they can lead to missed or duplicate notifications.

The table below outlines common failure scenarios:

What makes these scenarios challenging is that they often involve external dependencies that are beyond the system’s control.

Scaling the notification system

Scaling a notification system involves handling both high throughput and high fan-out. The system must process large volumes of events and deliver notifications to potentially millions of users.

The table below outlines common scaling challenges:

Each of these challenges requires careful design to ensure that scaling does not compromise reliability or user experience.

Observability and monitoring

Observability is critical in notification systems because failures may not be immediately visible. A user may not report a missed notification, but the impact on engagement can be significant.

The system must include metrics for delivery success rates, latency, and error rates. It must also track user engagement to evaluate the effectiveness of notifications.

Without this visibility, it becomes difficult to identify issues or optimize the system.

Structuring your design approach

When designing a notification system, it is important to structure your approach around the flow of events. Start by defining the requirements and constraints, then describe how events are ingested, processed, and delivered.

Instead of focusing solely on infrastructure, emphasize how the system handles delivery guarantees, user preferences, and failure scenarios. This demonstrates a comprehensive understanding of the problem.

Final perspective

Designing a notification system requires a shift in mindset from simple message delivery to orchestrating a complex system that balances reliability, scalability, and user experience. It requires an understanding of how events propagate, how messages are prioritized, and how systems behave under real-world constraints.

If you approach the problem with this perspective, the design becomes more coherent. Instead of building a system that simply sends messages, you build a system that delivers value to users in a reliable and predictable way.