All encryption is client-side. We store only ciphertext — we literally cannot read your emails, even under legal compulsion.
Manage multiple domains, users, quotas, DKIM/DMARC, and delivery settings from a single, clean dashboard.
Share content with non-47mail recipients via expiring, encrypted links. No account required for the recipient.
Generate hide-my-email aliases via PassVault integration. Protect your real address on every signup.
Host unlimited custom domains with per-domain settings, catch-all rules, and user-level quotas.
Standard protocol support means your existing email clients work out of the box. Sieve filters for power users.
On first login, your encryption keys are derived client-side from your passphrase using Argon2id.
Your email is encrypted in the browser before it leaves your device. Subject lines can be encrypted too.
Encrypted payload transits via our relay. External recipients get a secure link; 47mail users get E2EE delivery.
The recipient's browser decrypts with their private key. No plaintext ever touches the server.
No hidden fees. No automatic upsell. Cancel any time.
Self-hosted deployment for a single domain with one admin user.
Multi-domain deployment with team accounts and admin dashboard.
Full 47mail stack on your server. Helm chart or Docker Compose.
Get early access to 47mail — or explore the full 47Network ecosystem.
Zero-knowledge email for teams where data confidentiality is a requirement, not a preference.
Law firms, medical practices, and regulated organisations where email content is privileged. E2EE ensures only sender and recipient can read — not the mail server, not us, not anyone who breaches the server.
Host email for your entire organisation: per-user inboxes, shared aliases, domain catch-all, and admin visibility over delivery — without violating per-user E2EE.
Paired with PassVault, 47mail generates per-service email aliases. Sign up for external services with a unique address — receive mail, revoke it any time, your real address stays private.
47mail authenticates via 47ID SSO — the same identity layer used by PassVault, 47Comms, and every other 47Network product. IMAP/SMTP compatible with any standard email client.
All products →47mail fits between a basic SMTP relay and a full marketing platform — privacy-first, audit-ready, and built for teams that send transactional and team email.
SaaS products that send account confirmation, password reset, invoice, and notification emails. 47mail stores delivery receipts, open events (pixel-free), and bounce history in a tamper-evident log. Essential for GDPR data-subject requests.
Small companies migrating away from Gmail for privacy or sovereignty reasons. 47mail supports custom domains, aliases, and team shared inboxes — with DKIM, SPF, and DMARC configured and maintained automatically.
PassVault users who generate a unique alias per service (mask@47m.io). 47mail powers the alias routing, catch-all forwarding, and reply-from-alias capability — so the real address is never exposed to third parties.
Applications where email is a primary communication channel: booking systems, notification platforms, two-sided marketplaces. The 47mail API supports sending, template management, list hygiene, and webhook delivery events.
Technical deep-dives on the architecture and decisions behind 47mail.
47mail configures SPF, DKIM, and DMARC for every domain out of the box. This post explains what each does, what happens when they fail, and why alignment matters for deliverability.
47mail authenticates via 47ID (Keycloak). This guide covers the full realm setup, OIDC client configuration, and MFA enforcement.
Every 47mail delivery event — sent, bounced, opened — is logged in an append-only audit trail. How SHA-256 chaining and Object Lock make these records forensically sound.