MxGuard Smarthost is an outbound mail relay: route your server's outgoing mail through MxGuard's reputable UK and EU infrastructure so your messages actually arrive, instead of being silently rejected or spam-foldered by the big mailbox providers. A standalone bolt-on you can add to any domain that needs it.
What a smarthost is
A smarthost is a trusted relay that sends your mail on your behalf. Rather than your own mail server trying to deliver directly to Gmail, Microsoft and Yahoo, it hands each message to MxGuard over an authenticated TLS connection. We relay it out from clean, well-established IP addresses that already have sending reputation — so the receiving side trusts it and delivers to the inbox.
Why your outbound mail might not be arriving
- Poor IP reputation — if Spamhaus, Barracuda or Microsoft SNDS list your IP (or its neighbourhood), Gmail quietly spam-folders and Microsoft outright rejects.
- Blocked port 25 — most consumer and many business ISPs block outbound port 25, so your server can't talk to the world directly at all.
- Dynamic or shared IP — residential, shared-hosting or NAT-pool IPs are treated as low-trust by default.
- Missing PTR, SPF or DKIM — without proper reverse DNS, aligned SPF and a DKIM signature, modern receivers treat your mail as spam.
How it works
Your mail server hands outbound mail to smtp.mxguard.uk over an authenticated, encrypted connection (port 587 with STARTTLS). We scan it lightly, optionally DKIM-sign it, rate-limit it, and relay it out over the same reputable UK and EU IPs used to deliver scanned inbound mail. Configuration takes about five minutes; after that your mail server sends exactly as it always has, with MxGuard sitting transparently in the middle.
Setup in three steps
- Enable outbound relay for the domain in the dashboard and pick your auth mode.
- Point your mail server's smarthost / relayhost / "send-via host" at smtp.mxguard.uk:587 with the generated credentials.
- Done — outbound mail flows through MxGuard immediately, logged in your dashboard.
Two ways to authenticate
- SMTP authentication (SASL) — a unique username and password per domain; works from any IP, can be rotated freely, and constrains the sender domain so no one can spoof others. Recommended.
- IP allowlist — give us your static sending IP(s) and we trust the source with no credentials. Simplest config for fixed-IP datacentre servers.
Light-touch handling — the right tools for outbound
- ClamAV virus scanning on every attachment, so a compromised account can't blast malware out under your name.
- Rate limiting at 2,000 messages/day per account by default — if you exceed it we contact you rather than surprise-bill.
- Optional DKIM signing on request (most customers already sign at their own server).
- Full logging — every outbound message appears in your dashboard tagged outbound, showing who sent what, when, to whom, and whether it was accepted.
- We deliberately do not run the inbound AI spam classifier on your outbound mail — those models are trained to judge mail sent to you, not by you, and applying them backwards would false-positive your legitimate business mail.
Reliable by design
Active-active high availability across both gateways — mx1 (UK) and mx2 (EU) both accept submissions. If one node is down, your server's connection simply succeeds on the other, with no manual failover.
Who it's for
Self-hosted mail servers and small-ISP setups suffering deliverability problems. If you're on Microsoft 365 or Google Workspace you almost certainly don't need it — those already send from reputable IPs. When you enable smarthost we give you the exact SPF include (include:_spf.mxguard.uk) to authorise our IPs for your domain.
Billed monthly per account, cancel any time — disabling it simply reverts the domain to direct outbound with no other config changes. Included free during your MxGuard trial.
