Bolt-on service
If your mail server sits on a residential IP, a small ISP, shared hosting, or anywhere with iffy reputation, large mailbox providers may quietly reject or spam-folder your outbound mail. Route your outbound through MxGuard's reputable UK and EU infrastructure and your messages land in the inbox where they belong.
The problem
Mailbox providers like Gmail and Microsoft are increasingly strict about which mail servers they accept mail from. If any of these apply to you, your outbound mail is at risk:
Spamhaus, Barracuda, or Microsoft SNDS lists your IP or your IP's neighbourhood. Gmail silently spam-folders; Microsoft outright rejects.
Most consumer and many business broadband providers block outbound port 25 to prevent abuse. Your mail server can't talk to the world at all.
Your mail server is on a residential IP, a shared-hosting IP, or rotates through a NAT pool. Receivers treat all of these as low-trust by default.
Missing reverse DNS, misaligned SPF, no DKIM signature — every modern receiver checks for these. Failures look like spam.
The fix
Instead of your mail server trying to deliver directly to Gmail, Microsoft, and the rest, it hands the mail to mx1.mxguard.uk over an authenticated TLS connection. We scan it lightly, sign it with DKIM if you'd like, and relay it out using the same UK + EU IPs we use to deliver scanned inbound mail.
How it works
Setting up smarthost takes about five minutes. After that, your mail server just sends mail the way it always has — we sit transparently in the middle.
Open the domain you want smarthost for, switch on outbound relay, and pick your auth mode: SMTP authentication (username + password) or IP allowlist.
Configure your mail server's smarthost (or "send-via host" in Plesk, "smart host" in Exchange, "relayhost" in Postfix) to smtp.mxguard.uk:587 with the credentials we generated.
Outbound mail starts flowing through MxGuard immediately. Every message is logged in your dashboard alongside your inbound mail, with the same visibility into verdicts and metrics.
Authentication
Pick whichever fits your mail server better. You can have both active at once if you need it.
We generate a unique username and password for the domain. Your mail server presents them on every connection.
You give us the static IP(s) your mail server sends from. No username or password needed — we trust the source IP.
What happens to your mail
Outbound is a different problem from inbound. We don’t run the full inbound pipeline on your outbound mail — that would be the wrong model and cost real money for no benefit. Instead:
Every attachment is scanned. If a customer’s account gets compromised and starts blasting malware, we stop it before it leaves — protecting both their reputation and the recipients.
2,000 messages/day soft limit per account by default. If you go over, we contact you — usually a sign of either a real spike worth a plan upgrade, or a compromised account worth investigating.
If you’d like us to sign your outbound mail with DKIM, give us the selector name and we’ll publish a public key in our zone for you to CNAME to. Most customers already DKIM-sign at their mail server, so this is optional.
Every outbound message appears in your dashboard alongside your inbound mail, tagged outbound. You see who sent what, when, where to, and whether it was accepted at the far end.
What we deliberately don’t do: run our inbound LightGBM or Claude AI classifier on your outbound. Those models are trained to spot mail people send to you, not mail you send to others. Applying them backwards would generate false positives on your legitimate business mail. Outbound gets the right tools for the job, not the wrong ones.
Pricing
Smarthost is an opt-in bolt-on to any MxGuard plan. Add it to the domains that need it — the rest stay on direct outbound.
Billed monthly, cancel any time
Need more than 2,000 messages/day on a single account? Contact us — we’ll work out a custom limit. We’d rather talk to high-volume senders than surprise-bill them.
Frequently asked
No. The default is direct outbound — your mail server sends mail to the world directly, as normal. Smarthost is opt-in per account. Add it only where it solves a real problem.
Almost certainly not. M365 and Workspace send from reputable IPs already — routing their outbound via us wouldn’t help and could actually cause issues. Smarthost is for self-hosted mail servers and small ISP setups.
The rate limiter catches it first — we’ll throttle the sending account and email you within minutes. If volume is dramatic we pause outbound for that account entirely until you confirm it’s back under control. Your inbound mail continues normally throughout.
There’ll be a Received: header showing the path through mx1.mxguard.uk, like any normal mail hop. Most receivers don’t surface this to end users. If you’d like to brand the hostname differently we can route via a CNAME you control, on the higher tier.
Yes. Add include:_spf.mxguard.uk to your SPF record so receivers know our IPs are authorised to send mail for your domain. We give you the exact text when you enable smarthost.
Yes. Both mx1 (UK) and mx2 (EU) accept submissions. If one node is down, your mail server’s smarthost connection just succeeds on the other. No manual failover.
Any time, from the dashboard. We bill monthly, so you stop being charged from the next billing cycle. Disabling smarthost reverts the domain to direct outbound — no other config changes.
Smarthost is included free during your MxGuard trial. After that it’s £8.95 per month per account, on top of your plan. No commitment.
No card required. We'll email your access key.