Mailhardener Service Level Agreement (SLA)

1. Agreement Overview

This Agreement represents a Service Level Agreement (”SLA” or ”Agreement”) between Mailhardener B.V. (”Mailhardener”, ”we”, ”us”) and the Customer for services and service levels in connection to the Email Hardening Suite ("Service").

This Agreement outlines the parameters of all services covered as they are mutually understood by the primary stakeholders. This Agreement does not supersede current processes and procedures unless explicitly stated herein.

To use the Mailhardener Email Hardening Suite, the Customer must agree with the Mailhardener Terms of Service, and has familiarized itself with the Mailhardener Privacy Statement.

2. Service Description

The Mailhardener Email Hardening Suite can be considered a plugin for a domain, which aims at improving the Quality of Service (QoS) for the email sent from, or delivered to the domain. The Customer maintains its own email service of choice, no email is routed through the Mailhardener infrastructure. Except for the Mailhardener MTA-STS policy hosting offering, the use of Mailhardener services cannot cause email deliverability issues for the Customer.

The Mailhardener Email Hardening Suite consists of the following products:

New products and services may be added to the Email Hardener Suite in future releases.

3. Service Availability Targets

The Service for processing reports, and accessing data (the Dashboard) will be available to the Customer on a 24x7 basis except for maintenance windows or other scheduled or application specific maintenance outlined herein.

It is our aim to ensure that the services supporting the Service are deemed reliable in terms of availability and performance. Therefore, we will measure the reliability using Mean Time Between Failures (MTBF) and compute the average (by month and year) time between each ‘failure’.

A failure is defined as any infrastructure related incident causing the Service to be unavailable. This can also include severe performance degradation. Failure impacts various parts of the Mailhardener Suite in different ways, we therefore prioritize the various services differently.

Service Target Availability Failure impact
rfc8461 MTA-STS policy hosting 99.9% Reduced protection against downgrade attacks after caching period (2 weeks) expires
BIMI asset hosting 99.9% Failure to display BIMI mark for receivers, unless cached
Frontend HTTP webservices 99.9% Inability to access Mailhardener dashboard and inspection tools
rfc7489, rfc8460 reporting endpoints 99.9% Delayed delivery of reports, loss of reports
Mailhardener API 99.9% Inability to use Mailhardener dashboard to review reports
rfc7489, rfc8460 report processing 99% Delayed processing of rfc7489, rfc8460 reports
Domain inspection workers 99% Delayed warning on detected DNS changes

4. Performance Monitoring

The Supplier shall implement all measurement and monitoring tools and procedures necessary to measure, monitor and report on the Supplier’s performance of the provision of the Services against the applicable Service Levels at a level of detail sufficient to verify compliance with the Service Levels.

The Supplier shall notify the Customer in writing if the level of performance of the Supplier of any element of the provision by it of the Services during the term of the Contract is likely to or fails to meet any Service Level Performance Measure.


5. Service quotas

5.1 Report volume

Mailhardener recognizes that estimating rfc7489, rfc8460 report volume is hard, if not impossible. Therefore, Mailhardener does not enforce quotas on report volume for all paid tiers.

Tier Report data quota
Mailhardener Free Fair use 1
Mailhardener Standard Unlimited
Mailhardener Large Unlimited
Mailhardener for Enterprise Unlimited
MSP customers Unlimited

1: Mailhardener Free is intended for evaluation, or personal, non-commercial use. Domains that create a large volume of reports are considered commercial. Mailhardener may reject reports for domains that are using the Mailhardener Free tier.

5.2 Number of domains

Instead of limiting on report volume (which is hard to estimate) Mailhardener limits the number of domains to be used per tier.

If a subdomain that is used as an email domain (that is: the subdomain is used behind the '@' sign in email), then the subdomain is considered a separate domain which counts toward the quota.

Tier Domains
Mailhardener Free 1
Mailhardener Standard 10
Mailhardener Large 100
Mailhardener for Enterprise configurable 1
MSP customers configurable 2

1: The number of domains for enterprise accounts will be defined in the quotation.
2: MSPs can configure the domain limit per customer.

5.3 Data retention

The minimum report (rfc7489 and rfc8460) data retention is defined per tier:

Tier Report data retention
Mailhardener Free 1 month, on best effort basis
Mailhardener Standard 3 months guaranteed
Mailhardener Large 12 months guaranteed
Mailhardener for Enterprise contract duration
MSP customers 12 months guaranteed

On account termination, breach of contact, or in case of failure to fulfill payments, Mailhardener may irreversibly delete the aggregated report data.

6. Security

6.1 Security measures

We have put in place all appropriate technical and organizational measures as required by applicable legal provisions (in particular article 32 of the General Data Protection Regulation (GDPR)) to ensure an appropriate level of security and, in particular, to prevent any accidental or unlawful destruction, loss, alteration, disclosure, intrusion of or unauthorized access to these data.

6.2 Management of security incidents

There is no such thing as ‘zero risk’ and even if we implement all the security measures recognised as appropriate, unforeseen things can happen. We have specific procedures and resources in place to manage security incidents under the best possible conditions. We have also set up a specific procedure for assessing possible breaches of security that could lead to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to Customer data, for notifying the competent supervisory authority within the period stipulated by applicable law, and for warning the Customer when a breach is likely to result in a high risk of disclosure of Customer data. Tests are carried out periodically to verify the functioning of the security installations and adequacy of the procedures and devices deployed.

7. Support

Office hours are monday till friday, 9:00 AM till 17:00 PM CEST.

7.1 Response times

Typical support and incident response times are as follows:

Request type During office hours Outside of office hours
Product support within 1 day Next working day
Email Hardening related support within 1 day Next working day
Security incidents within 1 hour Within 1 day

7.2 Contact channels

The preferred method of contacting support is via email.

Request type Email address
Product support
Sales inquiries
Business inquiries
Security incidents

For enterprise customers, an account manager will be appointed.

8. Service maintenance

Mailhardener uses a Continuous Integration (CI) strategy for deployment of updates and new features. During day-to-day operation, this approach should result in a zero-downtime service deployment.

However, for certain operations, such as database migrations, (partial) loss of service may occur. In case of scheduled downtime for maintenance, this may be announced via our website, social media and email.

9. Document signatures

The persons signing this Agreement below declare that they are authorized to act on behalf of the respective Contracting Party to the extent necessary to conclude this Agreement.

Supplier Customer
Party: Mailhardener B.V.                                                      
Name of signatory:
Position of signatory:

10. Document updates

This Agreement remains valid until superseded by a revised agreement mutually endorsed by the stakeholders.

Version Since Changes
1.0 01-01-2020 Initial document release
1.1 01-10-2021 Added BIMI asset hosting
1.2 01-03-2022 Added DANE/TLSA to feature list
1.3 03-05-2022 Added Mailhardener MSP package description
1.3.1 06-03-2023 Increased MTA-STS caching period from 1 to 2 weeks
1.4 28-03-2024 Updated to reflect new legal entity Mailhardener B.V.