Transactional Email Servers
High-throughput SMTP relay servers for OTP, password reset, receipts, invoices — with REST APIs, webhook callbacks, suppression lists, and per-tenant rate limiting.
Private Mail Server Development
Self-Hosted Mail Infrastructure for Sovereignty & Deliverability
We design, deploy, and operate private email infrastructure — self-hosted SMTP relay servers, full IMAP/JMAP mailbox platforms, transactional email APIs, and admin consoles — with DKIM, SPF, DMARC, MTA-STS, TLS-RPT, and deliverability tuning that keeps your mail out of spam folders and inside your perimeter.
DKIM · SPF · DMARC · MTA-STS · TLS 1.3 · IP warming
SMTPIMAP · JMAP · SUBMISSION
DKIMSPF · DMARC · BIMI
TLS 1.3MTA-STS · DANE
100%Your data, your servers
Mail Servers We Build
From high-throughput transactional relays to full IMAP/JMAP mailbox platforms — engineered for deliverability, sovereignty, and security.
Bulk & Marketing Mail Infra
Dedicated marketing mail infrastructure — IP warming, segmentation, bounce processing, complaint feedback loops, and unsubscribe automation aligned to RFC 8058 and CAN-SPAM.
Full Mailbox Platforms
Self-hosted IMAP and JMAP mailbox platforms — user management, quotas, sieve filtering, calendars, contacts, and webmail (Roundcube, SOGo, JMAP clients) for enterprise email sovereignty.
Deliverability & Reputation
DKIM, SPF, DMARC, MTA-STS, TLS-RPT, BIMI setup; warming new IPs; postmaster outreach; deliverability monitoring — so your emails reach the inbox, not the spam folder.
Anti-Spam & Anti-Phishing
Rspamd or SpamAssassin integration, Bayes training, RBL/DNSWL lookups, ARC sealing for forwards, ClamAV scanning, and DMARC-aligned anti-phishing on inbound flows.
Admin Console & APIs
Bespoke admin consoles for user provisioning, sending stats, bounce reports, deliverability dashboards, and webhook subscriptions — your ops team can run it without SSH access.
Industries We Serve
Mail infrastructure for BFSI, healthcare, government, education, and enterprises where email sovereignty is a strategic requirement.
FinTech & BFSI
Healthcare
Retail & E-Commerce
EdTech
Logistics
Real Estate
Manufacturing
Professional Services
Mail Stack & Tooling
Battle-tested open-source MTAs, IMAP/JMAP servers, anti-spam, and signing tools — selected per scale, residency, and operations posture.
PostfixMTA
HarakaMTA
OpenSMTPDMTA
DovecotIMAP
Cyrus IMAPIMAP
Stalwart JMAPJMAP
RspamdAnti-Spam
ClamAVAnti-Virus
OpenDKIMSigning
PostalTransactional
MailcowSuite
Roundcube / SOGoWebmail
Our Mail Server Process
A six-step rhythm engineered so your mail reaches inboxes from day one — not after months of reputation repair.
Requirements & DNS Audit
We profile your volumes, residency requirements, sender reputation, and existing DNS — and document the architecture (relay vs full mailbox, single vs multi-region, IP planning).
Architecture & Hardening Plan
Server layout, MX records, DKIM/SPF/DMARC policy roadmap, MTA-STS, TLS-RPT, firewall design, and disaster-recovery plan — written up for sign-off before any provisioning.
Provision & Deploy
Provisioned on your cloud (AWS, Azure, GCP, Hetzner) or on-prem; full stack deployed via Ansible/Terraform; encrypted volumes; firewall rules; backup pipelines from day one.
Hardening & Deliverability
TLS 1.3, opportunistic DANE, MTA-STS, DKIM rotation, DMARC reporting setup, IP warming if needed, postmaster registration, and inbox testing with Gmail/Outlook/Yahoo.
Admin Console & APIs
A bespoke admin console for user provisioning, sending stats, bounces, and deliverability dashboards; REST APIs and webhooks for application integration.
Operate & Monitor
Monitoring on queue depths, deferred mails, blacklist status, TLS errors, and DMARC failures; on-call rotation; quarterly deliverability reviews; CVE response.
Why Choose Hendoi for Private Mail
Six commitments that decide whether self-hosted mail becomes a strategic asset — or a deliverability disaster.
True Email Sovereignty
Your servers, your IPs, your data, your DNS — not a SaaS provider with seat-based pricing and unclear data-residency. Particularly valuable for BFSI, healthcare, and government workloads.
Deliverability Obsessed
DKIM, SPF, DMARC, MTA-STS, TLS-RPT, BIMI, ARC sealing, IP warming, and postmaster outreach — we treat inbox placement as the actual product, not a side effect.
Lower TCO Than SaaS
For high-volume sending or large mailbox estates, self-hosting often pays back within 6-12 months versus Mailgun, SendGrid, Postmark, or hosted Microsoft 365 seats.
Hardened by Default
TLS 1.3, DANE where possible, strict DMARC policies, anti-phishing on inbound, malware scanning, and full audit logs — built for security teams that need to actually approve.
Senior Engineers Only
Mail is a deceptively complex domain — small misconfigurations cause large reputation damage. Our engineers have shipped and operated production mail platforms for years.
Operate or Hand Over
We can hand over fully to your team with runbooks and training, or operate the platform under a retainer with SLAs. Your choice — no lock-in either way.
Engagement Models
Pick the shape that matches whether you need transactional setup, a full mailbox platform, or long-term mail operations.
Transactional Mail Setup
Fixed-scope deployment of a transactional SMTP relay with REST API, webhooks, suppression lists, DKIM/SPF/DMARC, and a basic admin console — typically 3-5 weeks.
- SMTP relay + REST API
- DKIM/SPF/DMARC
- Bounce + complaint handling
Full Mailbox Platform
Deploy a full IMAP/JMAP mailbox platform with webmail, calendars, contacts, anti-spam, anti-virus, deliverability hardening, and an admin console — for enterprise email sovereignty.
- IMAP + JMAP + Webmail
- Anti-spam + anti-virus
- Admin console + provisioning
Mail Ops Retainer
Predictable monthly retainer covering monitoring, deliverability reviews, IP warming, CVE response, DMARC alignment, and on-call incident response for production mail.
- Deliverability reviews
- CVE + security patches
- On-call incident response
Real-World Use Cases
Representative private mail deployments across NBFC, hospital, D2C, government, edtech, and logistics use cases.
NBFC Transactional Email
Dedicated transactional mail relay for an NBFC sending statements, OTPs, and loan notifications — with strict DMARC, encrypted attachments, and full audit logs for RBI inspections.
Hospital Patient Mail
Self-hosted IMAP and SMTP for a hospital chain — patient discharge summaries, reports, and clinician mail kept inside the hospital's data perimeter with HIPAA-aligned logging.
D2C Marketing & OTP Split
Two separate mail infrastructures for a D2C brand — transactional on warmed IPs for OTP and order receipts, marketing on a different IP pool tuned for promotional campaigns.
Government Department Mail
Full on-prem mailbox platform for a state government department — air-gapped from the public internet for sensitive correspondence, with relay to public networks via a controlled bridge.
EdTech Parent Communication
Self-hosted mail platform for an EdTech sending lakhs of parent communications monthly — engagement tracking, suppression management, and granular per-school sending stats.
Logistics PoD Email
Proof-of-delivery email service for a logistics platform — with DKIM-signed delivery confirmations, attachment support, and webhook callbacks back into their tracking app.
Frequently Asked Questions
Common questions IT leaders and security teams ask before adopting a private mail platform.
Why run a private mail server instead of using Gmail, Microsoft 365, SendGrid, or Mailgun?
Data sovereignty (your servers, your IPs, your control), TCO at scale (self-hosting often pays back within 6-12 months for high volumes), and security posture (no third-party access to mail content). For regulated industries (BFSI, healthcare, government), this often is the only acceptable approach.
Will my email actually reach the inbox?
Yes — with proper DKIM, SPF, DMARC, MTA-STS, TLS-RPT, IP warming, postmaster outreach, and content hygiene. Deliverability is a discipline. We treat it as the product, not a side effect, and continuously monitor blacklists and inbox placement at Gmail, Outlook, Yahoo, and Zoho.
What does DKIM, SPF, DMARC actually do?
SPF says which servers can send for your domain. DKIM signs each message with a cryptographic key. DMARC tells receivers what to do if SPF and DKIM disagree, and gets you aggregate reports of what is happening with your domain. Together they prevent spoofing and improve inbox placement.
Can the mail server be deployed entirely on-premise?
Yes — on-prem, in your own VPC, or on bare-metal providers like Hetzner. We have deployed mail in air-gapped government environments with controlled relays for public-internet egress.
How much does a private mail server cost?
For transactional setups, INR 3-8 lakh build cost plus modest hosting (typically a few thousand INR/month). Full mailbox platforms scale with users and storage. We share transparent build and run-cost estimates after a discovery call.
Can you migrate from Microsoft 365, Google Workspace, or Zoho Mail?
Yes — we handle IMAP migration, calendar/contact migration, DNS cutover with zero downtime, and parallel-running for a verification window. End users keep their mail history intact.
What about anti-spam and anti-phishing?
Rspamd or SpamAssassin with Bayes training, RBL/DNSWL lookups, ARC sealing for forwards, ClamAV malware scanning, and DMARC-aligned anti-phishing on inbound. Quarantine queues with admin review and end-user release.
Do you operate the server after launch?
Your choice. We can hand over fully with runbooks, monitoring dashboards, and training; or operate under a retainer with SLA-backed incident response. Mixed models are common — your team handles BAU, we cover deliverability reviews and CVE response.