Feature scope

Detection and management stack

Every cluster node runs the full detection stack locally. No cloud lookups, no third-party latency, no data hand-off.

Anti-spam with ML

Spam scanner with multi-class Bayes classifier (6 classes: spam, ham, phishing, newsletter, marketing, transactional) + neural backend, reputation scoring (URL and IP score), greylisting, rate limit. Per-domain score overrides supported. State is synchronised across all cluster nodes in real time.

DKIM signing

Automatic key generation per domain, yearly rotation with a 30-day DNS lead time, operator-confirmed activation. RSA 2048 or ed25519.

DMARC reporting

Daily aggregate reports to the RUA addresses configured in DMARC DNS. Forensic reports (RUF) optional. Inbound DMARC reports are parsed and visualised in the dashboard.

Quarantine digest

Daily email to every recipient with all quarantined mail from the last 24 hours. Direct release/discard via single-click token. Native MTA quarantine, no extra DB layer.

Threat intelligence

OpenPhish, URLhaus, PhishTank feeds (hourly), URL-shortener resolver (bit.ly + 25 more), DACH phishing keyword list, self-learning suspicious-TLD list with hysteresis.

Multi-domain

Per-domain quarantine threshold, detection policies, DKIM keys, header stripping, allow/block lists. Tenants only see their own data.

Audit log

Gapless trail of every admin action, quarantine release and policy change. JSON logs to systemd-journald, syslog forwarding, Prometheus metrics out of the box.

REST API

Every UI function available via API. API keys with scope, per-token rate limit, OpenAPI spec as a living contract, webhook hooks for quarantine and reputation events.

More layers

Active by default — no configuration needed

  • SPF validation — hard-fail and soft-fail handling configurable per domain
  • ARC headers — for forwarding setups, fully RFC 8617
  • RBL/URIBL — Spamhaus, Surbl, ivmsip, ivmuri by default
  • HFilter — 11 sub-symbols for header-anomaly detection
  • Virus scanner — daily-refreshed signatures with fallback mechanism
  • Attachment sandbox — isolated detonation environment for unknown Office/PDF/archive files
  • Greylisting — against unsophisticated spammers without retry logic
  • Rate limit — per recipient, per sender domain, per IP
  • SMTP submission auth — outbound via SASL for authorised clients
  • TLS 1.3 — inbound + outbound with DANE validation
  • SNI multi-cert — Let's Encrypt automatic per domain
  • Pre-queue filter — botnet connects are dropped before mail acceptance

Ready for a test run?

Install MailGuard on a test system and route a test domain via MX record — fully reversible.

Pricing & plans Request a demo