Enterprise Email Security Platform
Your Inbox,
Fortress-Grade Protected
MailSentri is a multi-tenant email security platform that stops spam, phishing, and malware before they reach your users — backed by AI-powered threat analysis, full email authentication, and a self-service quarantine your team will actually use.
Email Is Still the #1 Attack Vector
Over 90% of cyberattacks begin with a phishing email. Legacy filters miss the sophisticated threats your organisation faces every day.
Phishing Gets Smarter
Attackers use AI-generated content, lookalike domains, and social engineering that slips past basic keyword filters and SPF-only checks.
Outbound Risk Is Ignored
A compromised mailbox or rogue printer sending spam can tank your domain reputation overnight. Most filters only look inbound.
Users Hate Quarantine
If releasing a quarantined email requires an IT ticket, users find workarounds. Shadow mailboxes. Personal forwarding. The filter becomes shelfware.
Protected in Three Steps
Point your MX records at MailSentri, configure your outbound relay, and let your users manage their own quarantine. That's it.
Route Your Mail
Update your domain's MX record to MailSentri. Our onboarding wizard generates the exact DNS records and verifies propagation automatically.
We Filter Everything
Every inbound and outbound message passes through multi-layer scanning — Bayesian analysis, heuristics, AI rescoring, ClamAV, DKIM, DMARC, and custom rules.
Users Stay in Control
Clean mail is delivered instantly. Suspicious messages land in quarantine with daily digest emails. Users release, block, or allow senders in one click — no IT tickets.
Everything You Need to Secure Email
From inbound threat detection to outbound relay control, MailSentri covers the complete email security lifecycle.
Inbound Threat Protection
Multi-engine scanning combines rspamd heuristics, Bayesian classification, fuzzy hashing, and real-time blocklists to catch spam, phishing, and BEC attacks.
AI-Powered Analysis
Borderline messages get a second opinion from a locally-hosted AI model. No data leaves your infrastructure — the model runs on a dedicated server within your private network.
Quarantine & Self-Service
Users get a personal quarantine portal and configurable digest emails. One-click release, allow-listing, and block-listing — without waiting on IT support.
Outbound Relay & DKIM
Secure outbound relay for printers, applications, and mail servers. IP-based and SMTP AUTH modes with per-client rate limits and automatic DKIM signing.
Custom Filter Rules
A three-tier rule engine lets you create rules at the tenant, domain, or individual recipient level. Match on sender, subject, body, IP, country, attachment, and more.
Full Authentication Stack
SPF, DKIM, DMARC, ARC, MTA-STS, DANE, and TLS-RPT — the complete modern email authentication stack, verified on every inbound message and enforced on every outbound one.
Multi-Tenant Management
Manage dozens or hundreds of organisations from a single admin panel. Per-tenant branding, policies, DKIM keys, and billing — with watertight data isolation.
LDAP & AD Sync
Automatically sync mailboxes from Active Directory or OpenLDAP. Scheduled or on-demand — your directory is always the source of truth.
First-Contact Warnings
When a sender emails your organisation for the first time, MailSentri injects a configurable warning banner with AI analysis, virus scan results, and one-click trust or report actions.
Seven Layers of Protection on Every Message
MailSentri doesn't rely on a single detection method. Every inbound message passes through a multi-stage scanning pipeline that combines statistical analysis, heuristic rules, real-time threat intelligence, and AI verdict — all in under two seconds.
- Bayesian classification trained on your organisation's actual mail patterns
- Fuzzy hash matching against global spam and phishing corpora
- ClamAV antivirus scanning with twice-daily signature updates
- Attachment policy enforcement — block macros, password-protected archives, hidden executables
- URL extraction and phishing-link analysis from message bodies and attachments
- GeoIP-based sender country rules — block or flag by origin
- AI-powered second opinion for borderline-scored messages
To: accounts@acme.com
Subject: Urgent: Invoice #4821 Overdue
━━━ Scan Results ━━━
■ PHISHING score: 28.4 / 12.0 threshold
+8.0 MAILSENTRI_QUARANTINE_PHISH
+6.0 FUZZY_DENIED (known phishing template)
+5.5 R_SPF_FAIL (SPF check failed)
+4.2 DMARC_POLICY_REJECT
+2.7 PHISHING_URL (lookalike domain)
+2.0 FORGED_SENDER (From ≠ envelope)
AI verdict: phish (confidence: 0.94)
Action: ■ QUARANTINED
High-confidence phishing. Sender domain is a typo-squat of "paypal.com" registered 3 days ago. SPF and DMARC both fail. Body contains urgency language and a URL pointing to a credential-harvesting page on a newly-provisioned host.
A Second Opinion That Keeps Your Data Private
When a message's score falls in the borderline range — not obviously spam, not obviously clean — MailSentri calls a locally-hosted AI model for a deeper analysis of the message content, headers, URLs, and attachments.
The AI model runs on a dedicated server inside our private network. No message content is ever sent to an external API. No data egress. No third-party dependency.
- Five-tier verdict system: ham, uncertain, spam, phish, definitely phish
- Per-tenant and per-mailbox AI budget controls
- Under 12-second analysis latency — the user never notices
- Configurable thresholds — you decide when AI kicks in
- Full reasoning text visible in the first-contact analysis page
Protect Your Domain Reputation on Every Message Out
MailSentri isn't just an inbound filter. Your printers, applications, IoT devices, and mail servers relay outbound through the platform — with full content scanning, DKIM signing, and per-client rate limits that stop compromised senders before they burn your domain.
- IP-based, SMTP AUTH, combined, or mTLS client authentication
- Automatic DKIM signing with ed25519 + RSA dual signatures
- Per-tenant and per-client hourly rate limits enforced at the SMTP level
- Outbound spike detection — automatic hold on suspicious bursts
- Sender restriction policies per relay client — control exactly who can send as what
- Separate inbound and outbound IPs per node for reputation isolation
Client: Konica-MFP-3F
Auth: IP-based (123.123.123.123/32)
Allowed senders: @acme.com
Rate limit: 200/hour
Status: ● Active
━━━ Today's Activity ━━━
✓ 143 messages sent (all scanned + DKIM signed)
✓ 0 rate limit hits
✓ 0 content flags
DKIM: dkim=pass d=acme.com
SPF: spf=pass
DMARC: dmarc=pass (p=reject)
The Full Modern Authentication Stack
MailSentri verifies every inbound message and signs every outbound one using the complete set of modern email authentication protocols.
POST /v1/tenants
POST /v1/domains
POST /v1/domains/{id}/verify-dns
POST /v1/relay-clients
POST /v1/filter-rules
GET /v1/messages?from=&to=&score=
POST /v1/messages/{id}/release
PATCH /v1/branding
Auth: Bearer token (Sanctum)
Rate: 600 req/min per token
Scope: Per-ability, per-tenant isolation
One Panel for Every Organisation You Manage
Whether you're securing email for a single company or managing hundreds of tenants as a service provider, MailSentri's admin portal gives you granular control with complete tenant isolation.
- Multi role system: tenant admin, domain admin, end user
- Per-tenant branding — logo, accent colour, support email, portal title (Upcoming feature)
- LDAP / Active Directory mailbox sync — scheduled or on-demand
- Full audit trail with tamper-evident hashing on every action
- REST API for provisioning automation and billing integration (Upcoming feature)
- Mandatory MFA (TOTP + WebAuthn) for all admin roles
- Built-in diagnostic tools — ping, traceroute, dig, SMTP probe, test email
Quarantine That Users Actually Use
The best filter in the world is useless if users can't manage their quarantine. MailSentri gives every user a personal quarantine portal and configurable daily digest emails — with one-click actions that don't require logging in.
- Daily digest emails with signed one-click release, allow, and delete links
- Links are JWT-signed with 7-day expiry and single-use enforcement
- Configurable digest schedule — multiple times per day, specific days
- Per-user or admin-consolidated digest modes
- Blocked-extension attachments can't be released — safety policy respected even by end users
- Replicated quarantine storage — message available from any node for instant release
MailSentri Quarantine Digest
Hi Sarah, 3 messages are being held in quarantine since your last digest:
Tailored to Your Organisation
MailSentri is priced per protected domain and mailbox count, with volume discounts for service providers. Every deployment includes the full feature set — no feature-gating, no surprise add-ons.
- Free proof-of-concept deployment for qualified organisations
- Full feature set on every plan — no tiers, no upsells
- Guided MX migration with DNS verification wizard
- Dedicated onboarding support and technical setup assistance
- Service provider / reseller pricing available
Get in Touch
We typically respond within one business day. Your data stays between us — no mailing lists, no third parties.