Skip to content
OS Domains
Outbound stack · Recurring infrastructure

SMTP relay for ESPs and agencies who outgrew shared pools — and the patience for them

An SMTP relay is a managed mail-transfer service that accepts authenticated outbound email over SMTP and delivers it to recipient servers while handling IP reputation, authentication and queueing. OS Domains runs EU-resident SMTP relay infrastructure on dedicated IPs for ESPs, white-label email platforms, cold-email agencies and high-volume transactional senders that have outgrown shared pools and want deliverability control without operating their own mail servers.

You already run MailWizz, Acelle, Mautic, Sendy or your own MTA front-end. What you need is a relay that does not torch your reputation when the sender three rows over decides to import a scraped list. We do not have a free tier. The pool you join has been pre-vetted, the IPs were audited against six blacklists in the 24 hours before you got them, and the engineer who answers your ticket is the same one who tunes the queues. From €299 per month.

In short

  • Authenticated SMTP submission on ports 587, 2525 and 465, plus 25 for server-to-server, with SPF, DKIM and DMARC alignment set per sending domain.
  • Plans run €299/mo (Starter), €599 (Growth) and €1,299 (Pro) up to custom Scale pricing — all on dedicated IPs, with no shared free tier.
  • Every dedicated IP is audited against six blacklists in the 24 hours before assignment, so you never inherit a poisoned address.
  • EU-resident infrastructure under an Austrian entity: the SMTP leg raises no Schrems II transfer question for your compliance review.
  • A drop-in path off PowerMTA licensing or a US-headquartered relay — point your existing SMTP credentials at our host, with no application rewrite.
Why this exists

The SMTP relay market sells you a noisy neighbor and calls it shared infrastructure

Most SMTP relays priced under €100 a month are built on top of Amazon SES. They wrap the API, layer on a dashboard, charge you a small markup, and route your sends through the same shared IP pool as everyone else who signed up that week, including the guy who just imported a list scraped from Sales Navigator and the side project sending password resets to a list of 12,000 addresses harvested from a leaked database. Your IP reputation is a function of the worst sender in the pool. That is the whole game.

You see this pattern most clearly when something breaks. Open rate drops twenty points in a Tuesday. You check your sending: clean. You check your list: clean. You check your content: clean. You raise a ticket. The first-line agent runs the same boilerplate troubleshooting they ran for the last three customers and tells you to warm up your IPs. Your IPs are warm. They have been warm for eight months. The agent does not have access to the actual reputation data because they sit one layer above the actual MTA operator, who is in a different company. After three days of back and forth you realize the problem: another customer in your pool sent 2 million messages to a list that was 40% spamtraps, the pool got listed on Spamhaus DBL, and your perfectly clean campaign got dragged down with it.

This is the noisy neighbor problem and it is structural to the cheap SMTP relay model. There is no fix at €19/month. The economics do not allow for proper screening of who joins the pool, and the pool is too small to absorb shocks anyway. The fix is to charge enough that the customer base is filtered by ability to pay, run the IPs in tiered pools where reputation is isolated by sender quality, and audit IPs against blacklists before assigning them — none of which is hard to do. It is just hard to do at €19.

Our entry tier is €299 a month. That is not because the cost of running a relay is €299. The cost of running our relay is comfortably under €100 per customer per month at our current scale. The €299 is a filter. It filters out the senders who would otherwise contaminate the pool, and it filters in the kind of sender who has revenue at stake and pays attention to deliverability. The result is a pool that behaves like a dedicated IP would behave if you had built and warmed one yourself, but with the operational simplicity of a shared service.

There is no free tier. There is no €19 starter plan. There is no trial. We get this question often, "do you have something cheaper for us to test with", and the honest answer is no. The premise of the product is a clean reputation pool, and a clean reputation pool requires excluding senders who cannot afford €299 a month. Saying that out loud is uncomfortable but it is the truth, and pretending otherwise is how shared SMTP pools turn into Spamhaus targets.

Worth saying once more: if you are sending under 100K a month and your concern is cost, you are not our buyer. Use SMTP2GO, Brevo, Mailgun Foundation. Those products exist for a reason and they serve their audience well. Come back when your sending profile changes.

For everyone else, the rest of this page covers exactly what we sell, who we sell it to, what the IPs look like, what the sub-account model does, and what the four tiers cost. There is no hidden complexity and no contact-sales gate, except on the Scale tier where the volume range is too wide for fixed pricing. Read the comparison table further down, sanity-check our claims against your current provider, and book a discovery call if it looks right. Most discovery calls last 25 minutes.

The send path

What happens between your app and the inbox?

Your application authenticates to the relay over submission SMTP; the relay signs the message with the sending domain's DKIM key, queues it on a dedicated IP whose reputation it manages, and delivers to the receiving provider with per-destination rate control. The diagram traces that path from your stack to the inbox.

Your app / ESP authenticated SMTP :587 / :2525 STARTTLS OS Domains relay per-domain DKIM signing dedicated IP pool queue and reputation control rate-controlled Receiving MX Gmail and Microsoft 365 Inbox

A submission test against the relay returns a queued message ID on a successful authenticated STARTTLS session:

$ swaks --server smtp.osdomains.com:587 --tls \
        --auth LOGIN --auth-user [email protected] \
        --from [email protected] --to [email protected]

  -> STARTTLS
  <- 220 2.0.0 Ready to start TLS
  -> AUTH LOGIN
  <- 235 2.7.0 Authentication successful
  -> MAIL FROM:<[email protected]>
  <- 250 2.1.0 Ok
  -> DATA
  <- 250 2.0.0 Ok: queued as 4F3aQ12kZ9
Who buys this and why

Five sender profiles where €299 minimum makes obvious sense

The pricing floor exists to filter the audience. The audience that does pass the filter looks like this. If you do not see yourself in any of these profiles, the most honest thing we can say is that we are probably not the right fit and we will tell you that on the discovery call. Saves everyone time.

Profile 01

Cold email agencies running 50+ client domains

You manage outbound for clients on retainer. Each client has 3 to 5 sending domains and 3 to 5 mailboxes per domain. You are sending 1 to 5 million messages a month across the book. Your differentiation versus other agencies is deliverability, the replies-per-1000-sent number that justifies your retainer. Shared pools are a constant source of pain. You have been considering buying your own IP block but the operational overhead does not pencil out yet. We are the bridge: dedicated reputation behavior at a multi-tenant operational footprint.

Profile 02

White-label ESP operators selling email-as-a-SaaS

You run MailWizz or Acelle as a multi-tenant CMS, sell sub-accounts to your own customers as a private Mailchimp, and the only thing standing between you and 70% gross margins is finding an SMTP backend that does not turn your customer reputation into your reputation problem. Our sub-account API maps directly to your MailWizz customer groups, the reputation pools are isolated per tier, and the white-label dashboard removes our brand entirely. Common pattern with operators who graduated past the "manage one shared SMTP for everyone" architecture.

Profile 03

High-volume transactional senders past the API tier

You are doing 5M+ a month, you have a dedicated IP, you have been on Mailgun or SendGrid for years, the bill keeps creeping up, and the value the API tier adds versus pure SMTP is shrinking — your application already speaks SMTP fine. Switching to a relay-only model with the same dedicated IP behavior cuts the bill significantly and gives you control over the actual MTA configuration (retry policy, throttling per receiver, queue prioritization) that the API providers abstract away from you.

Profile 04

EU enterprise replacing US-headquartered relays for compliance

Procurement flagged Mailgun (Sinch with US ops), SendGrid (Twilio San Francisco), or Postmark (ActiveCampaign US) as Cloud Act exposed. You need a relay with the same operational behavior plus a clean Schrems II story. We are EU-only down to the sub-processor list. The migration is one DNS change and one credential rotation. Most enterprise compliance reviews close in under three weeks once they see the DPA.

Profile 05

Multi-tenant SaaS sending on behalf of customers

Your product sends mail for your customers. Newsletter platforms, helpdesk SaaS, e-commerce backends, anything where the From address is your customer's domain and the reputation impact lands on them. You need sub-account isolation that scales — when one customer behaves badly, the rest of your customers should not feel it. Our reputation tiering does that structurally, and the API for sub-account creation is fast enough to provision a new tenant in under 200ms.

Profile 06

PowerMTA shops migrating off the licensing tax

You have been running PowerMTA for years. The licensing renewal came in higher than last year. Your team is comfortable with the configuration but the procurement conversation gets harder every cycle. We run KumoMTA in production at scale and we can take your sending traffic and your IP reputation strategy without the licensing cost. The migration is typically two weeks because we have to map your existing virtual MTA configuration onto our queue model, but the operational behavior on the customer side is identical. Most customers do not notice the day of the cutover. The procurement team notices the next renewal.

What you actually get with us that you do not get elsewhere

Six structural differences that show up in your delivery numbers, not in marketing copy

Most SMTP relay marketing pages list the same features (SPF, DKIM, DMARC, webhooks, dashboard, SLA). Below are six things that are actually different about how we run the service — verifiable, structural, and showing up in placement metrics if you measure them.

IPs audited against six blacklists in the 24 hours before assignment

Every dedicated IP we hand over has been checked against Spamhaus SBL, Spamhaus PBL, Spamcop, Barracuda, SORBS and UCEPROTECT in the 24 hours before assignment. If your block has any history at any of them, you get a different one — no quiet recycling of burnt IPs. We document the audit timestamp in your onboarding email so you have evidence. Most providers cannot show you this because they are not actually doing it.

No free tier means the pool you share is filtered for you

Every shared pool we operate consists of paying senders only. The minimum bar of entry is €299 a month, which structurally excludes the high-volume low-quality senders that contaminate cheaper pools. We are not the cheapest. The trade is a pool that behaves better. Most senders measure this wrong — they price-shop and end up paying for the lower price in deliverability tax later. The €299 entry is the deliverability tax priced explicitly.

Reputation tiering across pools, not just dedicated vs shared

New senders start in a tier-1 pool with strict throughput limits. After 30 days of clean sending behavior they graduate to a tier-2 pool with higher limits and better reputation footprint. Senders who experience a complaint spike or bounce anomaly get rotated into a quarantine pool until things normalize. Most providers do dedicated-or-shared and that is the whole reputation model. Ours has four pools running in parallel, with movement between them based on observed sending behavior. This is the same architecture Gmail uses internally for its IP allocation.

The engineer who answers your ticket is the engineer who tunes the queue

There is no first-line support tier. When you open a ticket, an engineer with KumoMTA and PowerMTA production experience reads it. Average first-response time on tickets in 2025 was 18 minutes during business hours. We use this in copy because it differentiates us, but it is also operationally why incident MTTR is short — you do not have to escalate three times to reach someone who can read a Received chain. This costs us more than running a tiered support team. We charge accordingly.

EU sovereign by construction, not by Frankfurt-region wash

OS Domains GmbH is a Austrian entity headquartered in Vienna. The MTA, the DNS, the IP space and the entire customer-facing infrastructure run on EU-only sub-processors. There is no US parent that can be served a Cloud Act warrant. There is no "EU region" that quietly fails over to North Virginia. For regulated EU buyers in financial services, healthcare, or public sector, this is often the deciding factor over the technical features.

Sub-account API designed for multi-tenant ESPs out of the gate

Sub-accounts are not an enterprise add-on. They are baked into the architecture. Create a tenant via API in under 200ms with its own SMTP credentials, its own log scope, its own reputation isolation. White-label the dashboard with your domain and brand colors. Map sub-account IDs to your MailWizz customer groups or Acelle workspaces with one webhook. Common feedback from ESPs on Mailgun: "we want to do this and we cannot." We designed for it from day one.

How onboarding works

How fast can a new SMTP relay account go live?

Most accounts reach their first authenticated send within 24 to 72 hours. Onboarding a relay customer is mostly DNS, IP allocation and credential issuance, and the variable is your DNS change cycle. We have onboarded customers in 4 hours when they own their DNS; we have seen 5 days when there is a corporate change-management board involved. The phases below are what happens on our side.

01

Discovery and IP allocation

A 30-minute call to confirm scope, sending profile (transactional, marketing, mixed cold outbound), expected volume curve, current provider you are migrating from, and any special requirements (sub-accounts, white-label, dedicated IP block size). We confirm which tier fits, allocate IPs from our reserve, and run the pre-assignment audit against the blacklists. You receive an onboarding email with the IP list, audit timestamp and SMTP credentials within 24 hours of the discovery call.

Outcome IP allocation document, signed by the operations lead, with audit evidence and credential bundle.
02

DNS and authentication setup

You publish SPF, DKIM and DMARC records for the assigned IPs and domains. We give you the exact records and a verification endpoint that confirms each in real time — push the record, hit Verify, see green within 30 seconds. DKIM keys default to 2048-bit. DMARC starts at p=none with reports flowing to a default address you can override. If you need a custom SPF flattening strategy or subdomain delegation, we work through that during this phase.

Outcome All authentication records verified clean. Test send succeeds end-to-end with proper alignment.
03

Sub-account provisioning (if applicable)

For ESP and white-label customers, we provision the sub-account structure. This is API-driven on Pro and Scale tiers — your platform creates tenants programmatically and we provision the corresponding SMTP credentials and reputation isolation in real time. For Starter and Growth tiers without API provisioning, sub-accounts are created via the dashboard. Either way, white-label branding (your logo, your domain on the dashboard, your support email) is configured here.

Outcome Sub-account architecture live, mapped to your platform's customer model, white-label active.
04

Migration cutover and warming (where applicable)

If you are migrating from another provider, we coordinate the cutover. New dedicated IPs (Growth tier upward) require warming — we run a 14 to 21 day curve managed by our system, with progress visible in the dashboard. You can start sending real traffic on day 1, but the volume ramps gradually to avoid triggering receiver-side filters. For senders coming from a clean dedicated IP at another provider with a warmed reputation, we can sometimes skip warming on Pro and Scale tiers — talk to us during onboarding.

Outcome Production traffic flowing, warming progress visible, dashboard confirming reputation curves trending positive.
05

Steady state and quarterly review

After the warming completes, the engagement runs as steady-state operation. Webhook events flow into your endpoint. Logs retained according to your tier. Monthly invoice in EUR. Quarterly review call with the engineering team to discuss any anomalies, planned volume changes, or reputation events worth flagging. We do not auto-upsell. The relationship continues monthly until you decide otherwise.

Outcome Steady operation, quarterly review on calendar, no surprise.
What the relay actually supports

Which SMTP ports and protocols does the relay support?

The relay accepts SMTP submission on ports 25, 465, 587 and 2525, with TLS 1.2 as the floor and TLS 1.3 preferred. Below is a complete list of what the relay accepts and how it behaves. If a protocol is on this list, it is implemented and tested in production. If something you need is not on this list, ask — we may have it on the roadmap or we may have decided it is out of scope for this product.

01

SMTP protocol support

  • SMTP submission on ports 25, 465 (SMTPS), 587 (STARTTLS), 2525 (alternative)
  • TLS 1.2 minimum, TLS 1.3 preferred, opportunistic and required modes both supported
  • STARTTLS with proper certificate validation, including client-side cert pinning on request
  • AUTH PLAIN, LOGIN, CRAM-MD5, and XOAUTH2 (for customers integrating with Google or Microsoft as upstream auth)
  • 8BITMIME, BINARYMIME, CHUNKING, PIPELINING, SIZE extensions all enabled
  • DSN (Delivery Status Notification) with full granularity — bounces, deferrals, expansions, relayed
02

Authentication and alignment

  • SPF record generation with auto-flattening for customers near the 10-lookup limit
  • DKIM with 2048-bit keys by default, automatic selector rotation on a 12-month cycle
  • DMARC reporting (rua) integration with our managed-DMARC product on request
  • ARC (Authenticated Received Chain) for forwarded mail preservation
  • MTA-STS publication with TLS-RPT for inbound integrity reporting
  • Per-tenant domain authentication isolated within sub-accounts
03

Throughput and rate control

  • Per-receiver throttling tuned per major mailbox provider (Gmail, Microsoft 365, Yahoo, Apple iCloud, ProtonMail, GMX, Free.fr, Strato, regional EU providers)
  • Per-tenant rate limits enforced at the queue level, not at acceptance — your application can submit faster than the receiver can accept and we queue properly
  • Retry policy with exponential backoff up to 72 hours, with configurable per-tenant overrides
  • Queue prioritization — transactional traffic gets priority over bulk by default, configurable per sub-account
  • Throughput targets up to 1.5 million messages per hour on a Pro tier with /29 dedicated block
04

Observability and webhooks

  • Eight webhook event types: queued, sent, delivered, opened, clicked, bounced, complained, deferred
  • HMAC-SHA256 signed webhook payloads with rotatable signing key
  • At-least-once delivery with retry up to 24 hours and manual replay from dashboard
  • Log retention: 14 days on Starter, 30 days on Growth, 90 days on Pro, custom on Scale
  • Real-time status dashboard with per-receiver delivery latency and acceptance rate
  • Metrics export via Prometheus endpoint for customers running their own observability stack
05

Integrations with the tools you already run

  • MailWizz: documented configuration for Delivery Server with HMAC-signed bounce processing webhook
  • Acelle Mail: native sending domain configuration, customer-group to sub-account mapping
  • Mautic: SMTP transport plugin with feedback loop integration
  • Sendy: standard SMTP setup with optional dedicated bounce mailbox
  • n8n, Zapier, Make: SMTP and HTTP connector templates published
  • WHMCS for hosting resellers: API integration for automated sub-account provisioning per customer
  • Custom MTAs: any tool that speaks SMTP can submit. We do not require a specific client.
Four tiers, no free entry, no surprise overages

How much does a dedicated SMTP relay cost?

Plans run from €299/mo on Starter through €599 on Growth and €1,299 on Pro, with custom Scale pricing above that. Pricing is fixed per tier, billed monthly in euros, prorated mid-month if you upgrade. There is no free tier and there is no trial — that is a feature, not an oversight. Above-quota volume is billed at €0.20 per 1,000 emails on Starter and Growth, €0.15 per 1,000 on Pro. Annual contracts save 15%.

Starter

Entry point for serious senders. Tier-1 shared dedicated pool, no free-tier neighbors.

€299 / month

Live in 24 to 48 hours

Ideal for

Cold email agencies with 10 to 50 client domains, mid-size newsletters, MailWizz operators sending 200K to 500K a month.

  • 500,000 emails per month included
  • Tier-1 shared dedicated pool (paying senders only)
  • Up to 10 sending domains
  • Up to 5 SMTP credential sets
  • 14-day log retention
  • Webhook events with HMAC signing
  • SPF / DKIM / DMARC setup
  • Email and ticket support, 8h business response
Book Starter

Growth

For senders who need a dedicated IP without the operational overhead of buying a block.

€599 / month

Live in 48 to 72 hours, dedicated IP warmed in 14 days

Ideal for

Agencies with 50+ client domains, ESPs in early growth, multi-tenant SaaS hitting €5M ARR.

  • 2,000,000 emails per month included
  • One dedicated IP (warmed, audited, yours)
  • Tier-1 shared pool as overflow
  • Up to 25 sending domains
  • Up to 25 SMTP credential sets
  • 30-day log retention
  • Sub-account API access (up to 25 sub-accounts)
  • Custom rDNS / PTR records
  • Email and chat support, 4h business response SLA
Book Growth
Most chosen by ESPs

Pro

A full /29 IP block with sub-account isolation. The tier most ESP and white-label operators land on.

€1,299 / month

Live in 5 to 7 business days, IP block warmed in 21 days

Ideal for

Established ESPs, agencies running 100+ client domains, multi-tenant SaaS at €10M+ ARR, white-label resellers.

  • 10,000,000 emails per month included
  • /29 dedicated IP block (5 IPs in your pool)
  • Up to 100 sending domains
  • Unlimited SMTP credential sets
  • 90-day log retention
  • Unlimited sub-account API access with reputation tiering
  • White-label dashboard (your brand, your domain)
  • Custom queue prioritization per sub-account
  • Dedicated account engineer in shared Slack
  • Priority support, 1h business response SLA
  • Quarterly review with senior engineer
Book Pro

Scale

Multi-region, multi-block, signed SLA, 24/7 incident response.

Custom annual

Onboarding 10 to 15 business days

Ideal for

Senders above 10M/month, regulated industries with formal SLA needs, ESPs with hundreds of customers.

  • 10M+ emails per month, no upper bound
  • /28 or /27 dedicated IP block in multi-region setup
  • Multi-region failover (Vienna primary, Frankfurt and Strasbourg secondary)
  • Unlimited sending domains and credentials
  • Custom log retention up to 7 years
  • Signed SLA with service credits
  • Named technical account manager
  • Slack Connect direct line to operations team
  • 1-hour incident response SLA, 24/7
  • Custom contractual structures (sub-DPAs, white-label legal)
Talk to sales

Above-quota volume billed at €0.20 per 1,000 messages on Starter and Growth, €0.15 per 1,000 on Pro. Plans are not hard caps — overages flow without throttling. Annual prepay saves 15%. Bring-your-own-domain is included on every tier. Dedicated IP warming is included; pre-warmed IPs from our reserve pool available on Pro and Scale at small premium for fast-launch use cases.

How we stack against the obvious alternatives

Direct comparison with Mailgun, SendGrid SMTP and SocketLabs at comparable volume

A direct comparison at 2 million messages per month, which is where most growing ESPs and agencies operate. The numbers are public list pricing as of early 2026. We checked.

Attribute OS Domains Mailgun SendGrid SocketLabs
Monthly price at 2M messages €599 (Growth) $215 base + dedicated IP $59 = $274/mo (≈ €255) $249 (Pro 1.5M, overage at $0.85/1k) $119 base + add-ons typically push it past $300/mo
Dedicated IP included? Yes, included on Growth and up Add-on $59/mo Pro tier and up only Add-on $89/mo
Pre-assignment IP audit against blacklists? Yes, six blacklists, documented in writing Not advertised Not advertised Not advertised
Sub-account API for multi-tenant ESP? Yes, native on Growth and up Add-on at Scale tier and up Subuser API on Pro and up Server API supports it
EU sovereign (no US parent)? Yes, Austrian GmbH, no US group No, Sinch with US operations No, Twilio (San Francisco) No, US-headquartered
Free tier (and the noisy neighbor problem)? No, on purpose Yes, 100 emails/day free Yes, 100 emails/day free Yes, 40K free for 30 days
Engineer-level first-response on tickets? Yes, no first-line tier Pro tier and up only Premier tier only Custom tier only
White-label dashboard included? Yes, on Pro tier and up Custom enterprise only Not offered Add-on at higher tiers
Real questions from agency owners and ESP operators

What buyers ask before they sign

Why is the entry tier €299 a month? That is much more than Mailgun or SMTP2GO.

Because the cheaper providers run shared pools that include senders who pay €19 a month, and those senders contaminate the pool. The math is structural — at €19 you cannot screen entry, and you cannot afford the operational team that runs IP audits and reputation tiering. Our €299 is a filter that excludes the worst senders from your pool by construction. If you measure deliverability honestly, the difference shows up. If you do not measure deliverability, you should probably not be paying us anyway.

We are doing 200K a month. Is Starter overkill?

It is. If you are at 200K a month and stable, you are below the volume where the noisy neighbor problem materially affects you, and your headroom on Starter is wasted. Use Mailgun Foundation or Brevo Business and revisit when you are past 500K consistently. We will say this on a discovery call too — we are not optimizing for catching every prospect, we are optimizing for not having underutilized customers in the pool.

Can we run our MailWizz instance and use you only as the SMTP backend?

That is exactly the deployment we see most. MailWizz on a VPS you control, OS Domains as the SMTP backend. The MailWizz "delivery server" config takes our credentials, and the customer-group structure in MailWizz maps onto our sub-account model on Growth and Pro tiers via webhook. We have a documented integration guide for MailWizz, Acelle Mail, Sendy and Mautic — they all work the same way.

Do you run on PowerMTA, KumoMTA or something else?

Both. KumoMTA is the default for new customers because it is faster, more modern, and the open-source model means no licensing tax we have to pass through. PowerMTA is available for customers whose procurement specifically requires a commercial MTA license — typically regulated industries or government suppliers where the audit needs to see a vendor name on the MTA. MailerQ also runs in production for a small subset of customers with RabbitMQ-heavy stacks. We do not push a specific MTA — we run all three and pick the right one for your stack.

How does the IP audit before assignment actually work?

Before any IP is assigned to a new customer, we run automated checks against six blacklists: Spamhaus SBL, Spamhaus PBL, Spamcop, Barracuda Reputation, SORBS, and UCEPROTECT Level 1. If the IP shows up on any of them, it goes back to the rotation queue and we pick the next one. The check is performed in the 24-hour window before assignment. Your onboarding email includes the audit timestamp and the clean status of each list at that time — written evidence in case you ever need to show it to a customer or auditor.

What happens if our dedicated IP gets listed on a blacklist after assignment?

On Growth tier and up, we monitor your dedicated IP continuously across the same six blacklists. If a listing happens, we open a delisting request to the blacklist operator on your behalf and we work with you to identify the cause (specific campaign, list segment, complaint pattern) so the listing does not recur. The success rate on first-time delistings is around 85% within 5 business days. Recurring listings indicate a behavioral pattern that needs addressing on your sending side, and we will tell you that directly. Pretending the IP was unlucky does not solve it.

Can we get a /27 IP block? Or do we need a /29?

Yes, /28 and /27 blocks are available on Pro and Scale tiers. The /29 (5 IPs) is what comes with Pro by default because that is what most senders at that volume need — enough IPs for traffic shaping and isolation, not so many that you struggle to keep them all warm. /28 (13 IPs) and /27 (29 IPs) are typical for senders past 50M a month who need traffic distribution across receivers, or for white-label resellers who allocate one IP per customer.

How does sub-account isolation actually work?

Each sub-account has its own SMTP credentials, its own log scope, its own throttling profile, and its own reputation tier. When sub-account A behaves badly — complaint spike, bounce anomaly — only sub-account A gets rate-limited and only sub-account A's reputation footprint is affected. Sub-accounts B through Z keep sending normally. The mechanism is queue-level isolation in the MTA, not a soft tag in the database. This is the difference between "logical sub-accounts" (most providers, where one bad tenant can still affect the pool) and "isolated sub-accounts" (us, where the blast radius is structurally contained).

Do you offer white-label?

Yes, on Pro and Scale tiers. White-label includes a dashboard hosted on your domain (relay.yourbrand.com), your logo, your brand colors, your support email as the from-address on system notifications. Your customers do not see the OS Domains brand at any point. We retain technical contact for the underlying infrastructure but the customer-facing surface is yours. About 30% of Pro and Scale customers use white-label.

What does migration off another provider look like?

For most senders: one to three working days. Day 0 you sign and receive credentials. Day 1 you publish authentication records and run a small percentage of traffic through us in parallel with the old provider. Day 2 you watch the metrics, ramp to higher percentages if everything looks clean. Day 3 you cut over to 100%. Old provider stays as a paid standby for 14 days as rollback insurance, then cancelled. For complex multi-tenant ESP setups with thousands of sub-accounts, the migration is typically two weeks because we have to coordinate sub-account provisioning rather than just credential rotation.

How does pricing work if we are way over the included volume?

Above-quota volume is billed at €0.20 per 1,000 messages on Starter and Growth tiers, €0.15 per 1,000 on Pro. There is no hard cap and no throttling for going over — you pay the overage at month end. The dashboard shows projected month-end overage in real time so you can decide whether to upgrade tier or pay overage. Most senders upgrade tier when overage approaches 25% of plan price; below that, overage is usually cheaper than upgrading.

What if our reputation tanks because of a customer of ours behaving badly?

On Pro tier with sub-account isolation, this should not happen — the bad customer's sends affect their sub-account and not yours. If you are on Starter or Growth and using a single SMTP credential for multiple of your customers (which we discourage), then yes, the noisy neighbor problem applies to you internally. The fix is to use sub-accounts even on Growth tier, which is included up to 25 sub-accounts. We help you set this up during onboarding if you tell us about your customer model.

Are you GDPR-compliant for relay traffic on behalf of EU customers?

Yes. We are a Austrian GmbH with EU-only sub-processors. Relay traffic — meaning the message content, the recipient addresses, the metadata — passes through our EU infrastructure exclusively. We sign a DPA on Growth tier and up. Your customers can rely on you for GDPR compliance because the data path stays inside the EU. The full sub-processor list is public. For Pro and Scale customers in regulated industries (finance, healthcare, public sector), we sign custom DPAs with your specific compliance terms.

Can we resell your service to our own customers?

Yes, with the white-label feature on Pro and Scale tiers. We do not impose customer-of-customer terms — your customers are your customers. We do require that your AUP includes the same prohibitions ours does (no phishing, no malware, no list-bombing, no scams) because if a customer of yours violates these, the impact lands on the underlying IP block. If something goes wrong on a downstream customer, we work with you to handle it — we will not bypass you to talk to your customer directly unless there is a legal obligation to do so.

What is your stance on cold email and outbound prospecting?

Legitimate B2B outbound is welcome. We work with cold email agencies and ESPs that handle outbound traffic professionally. What we do not work with: list-bombing, scraped consumer lists without basis for processing, financial scams, phishing infrastructure, anyone whose volume is built on purchased lists from data brokers without consent provenance. The AUP is short and we enforce it. We would rather lose the deal than lose the netblock.

How do you handle bounce processing and complaint feedback loops?

Bounce processing is automatic. Hard bounces are suppressed within minutes of receipt and propagated across all sub-accounts of the same parent. Soft bounces follow a configurable retry curve before being upgraded to hard or dropped. Feedback loops are registered with all major mailbox providers (Gmail, Yahoo, AOL, Microsoft, Comcast, regional EU providers like ProtonMail and GMX). Complaint events fire a webhook to your endpoint within 60 seconds of receipt. The complete suppression list is exposed via API so you can sync it into your own database. We do not retain a global suppression list across customers because that would leak signal between sub-accounts. Each customer holds their own.

Can we send mail signed with our own DKIM key, not yours?

Yes, on every tier. The standard configuration uses our infrastructure key for DKIM signing, but customers who manage their own DKIM (typically because they want to keep the private key in their own HSM or already have a published selector they want to keep) can submit messages already signed and we will not re-sign or strip the signature. SPF works the same way: you include our IPs in your SPF record (or delegate a subdomain to us), and the rest works automatically. The level of control is up to you. Most customers let us handle it; some prefer to retain it.

Three ways to start

Talk to engineering, see the comparison data, or pick a tier

Most senders who land on this page already know roughly what they need. The discovery call is 30 minutes and we will tell you which tier is right based on your real volume and sending profile. If you would rather see live data on how our pools have performed for similar customers, we can share that under NDA. If you have already decided, pick a tier and we will be live in 24 to 72 hours.

Phone +43 1 205 11 80 Mon–Fri · 9–18 CET
Email [email protected] Avg response 4h business
Office Fleischmarkt 1, 1010 Wien By appointment