Your mail is private, encrypted in transit, and built to land in the inbox.
Every domain you connect gets full sender authentication configured automatically — SPF, DKIM (both Ed25519 and RSA signatures) and DMARC. We also align reverse DNS and FCrDNS so receiving servers like Gmail and Outlook recognise and trust your mail.
Connections use TLS — webmail over HTTPS, and IMAP/SMTP over implicit or STARTTLS. Sensitive credentials and signing keys are encrypted at rest with AES‑GCM. Your mailbox password authenticates you directly against the mail server; the web dashboard never needs it.
Inbound mail is filtered for spam and malware before it reaches your inbox. Outbound is rate‑limited and tied to active accounts, which protects the reputation of every domain on the platform — so one bad actor can't hurt your deliverability.
We don't read, sell or mine your email for advertising. You can export or move your mail anytime with a standard client over IMAP, and delete mailboxes or your whole account whenever you choose. See our Privacy Policy for the full picture.
For teams that want maximum control, running the entire Xendly Mail stack on your own infrastructure is on the roadmap — total data ownership, your servers.