Does MXPAW read email content?

No. MXPAW analyzes envelope metadata only — timestamps, sender accounts, sending IPs, SMTP response codes, bounce rates, and similar signals. No subject lines, no bodies, no attachments. This is architectural, not a configuration toggle.

Do I need to route mail through MXPAW?

No. MXPAW sits alongside your infrastructure, not inline. Lightweight collectors or event feeds send metadata to the control plane. No relay changes, no DNS updates.

What happens when abuse is detected?

MXPAW evaluates six detection signals — volume spikes, recipient domain bursts, error rate inversions, new senders, auth failures, and IPv6 prefix drift — then applies your configured policy. Alert-only in Monitor mode, operator-approved actions in Assist mode, or automatic containment in Enforce mode. Every action has a full audit trail with hash-chained integrity.

Can I white-label MXPAW for my MSP customers?

Yes. Growth and Provider plans include white-label options: custom domain, branded dashboard and alerts, and per-customer tenant isolation.

Is there a free trial?

Deploy the free agent in Monitor mode — full detection, no containment actions, no credit card required. See what MXPAW finds on your infrastructure before committing to a paid plan. Paid plans start at $99/month.

Now in early access

Stop Outbound Email Abuse Without Reading a Single Message

MXPAW detects compromised accounts, contains abuse, and generates audit-ready evidence across your server fleet — using only envelope metadata. Deploy in minutes with zero MTA changes.

Deploy free agent Request demo

Metadata-onlyIPv6-readyWhite-label5-min setup

< 2 min detection

6 signals

0 content access

Built forMSPs & managed ITHosting providersWeb & digital agencies

The cost of unmanaged outbound email

If you manage shared mail infrastructure, you've lived through at least one of these.

Blacklists cascade fast

One compromised WordPress site starts sending spam at 3 AM. By morning, your entire /24 is on Spamhaus and 200 clients can't send email. Delisting takes days — if you're lucky.

Abuse tickets with no context

Your upstream sends a vague complaint. You dig through logs across 40 servers trying to find who, what, when. Hours later, you're still not sure you caught everything.

Compliance is a spreadsheet

Auditors ask for evidence of your abuse monitoring program. You have ad-hoc scripts and tribal knowledge. Every audit cycle is a scramble to piece together what happened and when.

Metadata-only detection. Zero content inspection.

MXPAW works entirely from envelope metadata — timestamps, sender accounts, sending IPs, SMTP response codes, bounce rates, and authentication signals. No inline proxies, no content scanning. Your customers' email content never enters the system.

Detection

Spot compromised senders and spam surges through metadata pattern analysis — before blacklists hit.

Containment

Rate-limit, hold, or disable abusive senders based on your policies — every action logged and auditable.

Reputation

Track sending reputation at prefix level across your full IPv4 and IPv6 estate (/64, /48) with composite scoring based on volume, errors, auth failures, and new senders.

Evidence

Export timestamped audit packs with action logs, timelines, and policy decisions for compliance workflows.

85% fewer blacklist events — NovaCrest Hosting

40+ tenants monitored — Pinnacle MSP

90% false positive reduction — Relay Digital

Real-time cross-provider correlation — CloudPost

Case studies

How it works

Three steps from install to containment. No infrastructure changes required.

Deploy & collect

Install the MXPAW agent on your mail servers or connect cloud API and SMTP event feeds. The agent tails logs from Postfix, Exim, cPanel/WHM, Plesk, Zimbra, PowerMTA, and OpenSMTPD — or ingests events from Microsoft 365, Google Workspace, AWS SES, Mailgun, and SendGrid. Hashes PII with HMAC-SHA256 and streams metadata to the ingestion API. No MTA changes, no DNS updates.

Detect & score

Six detection signals — volume spikes, recipient domain bursts, error rate inversions, new senders, auth failures, and IPv6 prefix drift — are evaluated against EWMA baselines every 5 minutes. Each sender receives a composite risk score from 0 to 100.

Contain & document

Policy-driven containment actions — rate limiting, queue holds, account disabling, IP blocking — execute via signed requests verified by your agents. Every action produces a hash-chained audit trail and exportable evidence packs (PDF, JSON, CSV).

See the full data flow

Works with your existing stack

Connect through lightweight collectors or event feeds. No relay changes. No DNS updates. No single point of failure.

Postfix

Available

Exim

Available

cPanel / WHM

Available

Plesk

Beta

Zimbra

Available

PowerMTA

Available

OpenSMTPD

Available

Microsoft 365

Available

Google Workspace

Available

View all integrations

Your brand. Your portal. Our engine.

Offer outbound abuse control as a native part of your managed service. MXPAW runs behind the scenes — your clients only see your name, your domain, and your dashboards.

Custom domain

Branded portal on your own domain with your logo and colors

Branded alerts

Every email notification and PDF report carries your branding

Tenant isolation

Per-customer policies, dashboards, and access controls

MSP console

Centralized view across all tenants with drill-down per client

Learn about the MSP program

YourBrandMail Security Portal

Client: Acme CorpHealthy

Client: Widgets IncRate limited

Client: GlobalTechHealthy

Your clients see your brand — never ours

SOC 2 alignedISO 27001 alignedGDPR / CCPA alignedAudit pack exportsHash-chained audit logs

Compliance details·Plans from $99/mo

Frequently asked questions

See what's happening on your outbound mail

Get a free Outbound Risk Snapshot — a personalized assessment of your blacklist exposure, sending reputation, and containment gaps. No commitment. No credit card.

Deploy free agent Request demo