A Swedish email infrastructure operator. 23 years on, still doing the same work.
We're a small Stockholm company that runs email infrastructure for other people's products. The doors opened in 2003. They've stayed open through every shift in this business that mattered: SPF moved from "nice to have" to mandatory; DKIM went from a Yahoo experiment to baseline; DMARC stopped being optional the day Gmail and Yahoo turned on the 2024 enforcement; Spamhaus published the cold-email piece in June 2025 and the rules changed again; Google rolled RETVec into the Gmail spam classifier and the filtering math moved another step under everyone's feet. We were trading through every one of those. The pitch hasn't changed in 23 years — dedicated infrastructure, prices we can read out loud, the operational-discipline part where the work is the work.
Founded in 2003. Refined into an email infrastructure operator the slow way.
The company started in 2003 as a small Stockholm hosting outfit serving customers who wanted boring servers — the kind that just keep working, not the kind that ship features nobody asked for. It was an unremarkable positioning at the time. It has aged better than most. Providers in this segment that optimized for the next funding round, or the next acquisition, mostly aren't around any more. The ones who optimized for serving the same customers over decades tend to still be open. We're in the second category. The customer relationships built over twenty years compound in ways a five-year-old provider can't easily replicate, no matter how well-funded.
That's the easy part of the story. The harder part is the 23 years themselves. We opened in 2003 — same year PowerMTA 2.0 shipped — and traded continuously through every deliverability shift since. When SPF was still being argued over. When DKIM was a Yahoo project and nobody quite believed in it. When DMARC was the optional layer that Gmail and Yahoo finally made mandatory in 2024. When Spamhaus drew the cold-email line in June 2025. When Google deployed RETVec inside the Gmail spam classifier and the spam-score math moved under everyone's feet. We were operating through every one of those. None of it was abstract. Each shift changed how the work gets done day-to-day, and operators who were there have pattern recognition for the next shift that operators who weren't, simply don't.
The third part is what the work has narrowed into. Today there are six product lines, and they exist because they answer six different operational questions: SMTP Relay for applications that already speak SMTP and shouldn't be rewritten. Email API for product engineering teams that want webhooks and idempotency built in. Managed PowerMTA Servers for routing volume that stresses simpler stacks. Dedicated Email Servers for teams that bring their own MTA onto bare metal. Cold Email Infrastructure for outbound work that takes Spamhaus seriously. Managed Deliverability for the human-expertise layer around any of those. Every entry plan ships with dedicated IPs in the box. The pricing is on the website — not behind a "talk to sales" gate, not advertised cheap with the dedicated-IP add-ons quietly added back at signup.
Why operating from Sweden actually matters
It's not a marketing accent. There are three concrete operational reasons we're still in Stockholm. First, the legal environment is genuinely stable for infrastructure businesses — no surprise legislation, no jurisdictional drift that breaks compliance over a quarter. Second, the GDPR posture is genuinely simpler when both the operator and the data centres are EU-based: no Standard Contractual Clauses, no Schrems II workaround, no transfer-mechanism dance that US-headquartered providers have to choreograph. And third — this is harder to put in a brochure — Nordic engineering culture leans operational rather than marketing-led, which fits the work. Stockholm also sits in a useful time-zone window: full European business hours, with the late-day overlap into the early US morning that lets retainer work cover both sides cleanly. Default sending locations are Sweden and Germany. US and Asia-Pacific are available on Custom plans when latency or regulation actually justifies them.
Why the timeline matters when you're choosing this kind of provider
Infrastructure buyers don't pick on features alone. The conversation gets serious around continuity (will the provider still exist in three years), responsiveness (when an IP gets listed at 4am on a Saturday, who picks up the phone), and whether the people running it understand what happens after launch. A provider that has been trading since 2003 has cycled through every generation of this work — pre-SPF, pre-DKIM, the move to PowerMTA, the rise of ESPs, the receiver-tightening waves of 2016 and 2020, the 2024 enforcement reset, the cold-email pivot in 2025. Each one broke a lot of senders. The reason long-tenured operators are useful isn't that we can recite the history — anyone with a Wikipedia tab can do that. It's that current problems tend to rhyme with old ones, and we've seen the rhyme before.
What the work has narrowed into
Six product lines, organized by operational shape rather than by tier: SMTP Relay where the application already speaks SMTP and shouldn't be touched. Email API where the engineering team wants delivery logic in product code with proper webhooks. Managed PowerMTA Servers for routing volume that has outgrown simpler MTAs. Dedicated Email Servers for teams that bring their own MTA expertise onto bare metal. Cold Email Infrastructure for outbound work that takes Spamhaus, suppression lists and warming seriously. Managed Deliverability for the human-expertise layer wrapped around any of those. They're separated because they answer different questions, not because we're upselling tiers. Every entry plan ships with dedicated IPs from the start. The pricing is on the page. The services page has a decision-aid table for picking among them.
How a generalist hosting shop turned into an email-only operator
What "Stockholm-based" actually means when you're the customer
It's not just where the office is. The Swedish base shapes how the work gets done in three practical ways that customers notice. If you're European, the GDPR posture is genuinely simpler — operator in the EU, data centres in the EU, no Schrems II workaround needed, no Standard Contractual Clauses to negotiate every renewal. If you're in North America, our morning is your morning's morning; tactical support requests land while we're awake instead of waiting for someone in a different timezone to rotate in. If you're in Asia-Pacific, you get extended hours on retainer and the option of US-East or Singapore data centres on Custom plans where latency actually matters.
The cultural part is harder to put into a brochure but matters more than it sounds. Swedish business culture leans toward shipping things that work over telling stories about things that will work. The trade-off is real: it's a slower way to grow, and it's a worse fit for VC narratives. But it produces the kind of customer relationships that compound — and over enough years, that compounding is the whole business. 23 years of independent operation didn't happen by accident.
Where the servers actually are
Sweden and Germany for sending infrastructure, by default. Both EU jurisdictions, both with the regulatory stability infrastructure businesses need, both with the peering arrangements that get mail to the major receivers without weird routes. Sweden's free cooling helps with power efficiency at scale (the climate does some of the work that would otherwise need bigger HVAC). Germany's network position covers southern and western Europe more cleanly. For Custom plans we'll deploy US-East (Virginia) or Singapore/Tokyo if there's a reason — receiver-side latency that genuinely matters, a regulatory requirement, a customer running a pan-regional product. The decision should be driven by what your sending profile needs, not by what's convenient for us to operate.
The actual stack — software, hardware, who decided what
"Modern infrastructure" doesn't mean anything. So instead of saying that, here's the specific software and hardware behind each of the six product lines, why we picked it, and what the trade-offs are. The relevant trade-offs are documented on each service page too, but the executive version lives here.
Which MTA runs which product, and why
SMTP Relay and Email API both sit on top of PowerMTA in a managed multi-tenant configuration. PowerMTA gets the slot for one boring reason: twenty years in, nothing else has matched it for predictability under load. Per-domain throttling that actually does what the docs say. Delivery logs you can trust. A performance envelope that doesn't surprise you on a Tuesday afternoon. Managed PowerMTA Servers is the same engine in single-tenant configuration — your own dedicated PowerMTA instance with the license, hardware and operations bundled into one bill. Dedicated Email Servers is the bare-metal variant where you bring the MTA: most customers pick KumoMTA (open source, Lua-scripted, shipped in 2024 by a team of ex-PowerMTA engineers — and yes, it's good); some stay on Postfix because their stack already does; some run Exim if they're on cPanel territory; a few bring their own PowerMTA license and prefer to manage it themselves. Cold Email Infrastructure runs on PowerMTA again, but with per-cousin-domain vMTA isolation and dedicated warming infrastructure — the cold-email shape needs operational tooling that doesn't really exist outside the commercial product.
What the receiver-side work actually involves
Managed Deliverability is the human-expertise layer, and it lives on the receiver side of the relationship. That means: Google Postmaster Tools wired up properly so the Gmail reputation signal is actually visible. Microsoft SNDS for Outlook and Hotmail. Yahoo Sender Hub, which most senders forget exists. Continuous monitoring across 50+ DNSBLs — every Spamhaus zone (SBL, XBL, CSS, DBL), plus Barracuda, SURBL, SORBS, URIBL, the usual suspects. DMARC aggregate reports get processed monthly on retainer engagements; if you've ever stared at a folder of unparsed RUA XML and given up, you know why someone needs to do this. BIMI work, including VMC certificate guidance through DigiCert or Entrust, sits on the Strategic tier. Feedback loops with AOL, Yahoo, Hotmail, Microsoft, Comcast and the others are part of the retainer baseline. The framing for all of this is the current reality — Gmail and Yahoo's 2024 bulk-sender guidelines (0.1% complaint rate target, mandatory DMARC), Spamhaus's June 2025 cold-email position, and the RETVec deployment inside Gmail (38% better spam detection, 19.4% fewer false positives, per Google's own numbers). The 2026 work is calibrated to receiver-side reality, not to sender-side tricks that were already old in 2018.
The hardware, briefly
Bare metal. Real Intel Xeon CPUs — E-2388G (8C/16T) on Standard, Gold 6326 (16C/32T) on Pro, Gold 6338 (32C/64T) on Enterprise. ECC RAM, 32 / 64 / 128 GB depending on tier. NVMe storage, 1 / 2 / 4 TB. Ten, twenty, or thirty dedicated IPs included. The reason for physical CPUs instead of vCPUs is operational, not marketing — a noisy neighbour on a hypervisor breaks mail throughput in ways that look like ghost problems on the application side. ECC RAM matters for the same kind of reason: a single bit-flip in queue state during a busy hour produces an incident that you'll spend half a day chasing before realising it was hardware. Default data centres in Sweden and Germany. Outbound port 25 is permitted there, which is not the default on AWS EC2, DigitalOcean, Azure or Google Cloud — those providers block port 25 outbound and you can apply for an exception, but you can't actually run a sending operation on them comfortably. US East and Asia-Pacific are available on Custom plans when there's an actual reason.
Who's actually operating this
The leadership has been stable for fourteen years. Mikael Vainiomaa joined in 2012 and has been CEO since; the core operations team's institutional memory goes back to the 2003 founding. That continuity is the entire point. Email infrastructure is a pattern-recognition discipline — knowing how Gmail's filtering actually behaves under load, recognising which Spamhaus listings are real concerns versus noise, and having a working sense of which operational moves produce results versus theatre. None of that knowledge is in a runbook. It lives in the heads of the people who've been doing this for years, and it gets transmitted by working alongside them.
The trade-off is honest: we can't onboard new engagements at the speed a self-serve SaaS can. There's no automated funnel, no hands-off signup. The CEO and core operators are in the room for every scoping conversation. That's slower. It's also why customers who fit our shape tend to stay for a long time. If you want pure self-serve automation with zero operator touch, our shape is wrong for you — Postmark, SendGrid and Mailgun have all built that experience well, and we'll send you to them honestly.
Same CEO since 2012. Same company since 2003.
The CEO is Mikael Vainiomaa, who joined in 2012 and has run the place since. Both timelines matter for different reasons. The 2003 founding is the company's; the 2012 leadership transition is Mikael's; together they cover the entire arc of modern deliverability — from the DKIM rollout, through the 2024 DMARC enforcement at Gmail and Yahoo, through Spamhaus's 2025 cold-email position, through the RETVec deployment inside Gmail's spam classifier. Fourteen years of CEO tenure is unusual in this category. For perspective, Mailgun cycled through Rackspace, Thoma Bravo and Sinch in roughly the same window. When we say "operational continuity," that's the specific evidence we mean.
Mikael is on LinkedIn if you want to verify any of this independently. The way the team works reflects the way the product is priced — dedicated IPs at the entry tier, no free-tier bait-and-switch, the Spamhaus and RETVec citations on the Cold Email and Managed Deliverability pages, honest answers when honesty costs the sale. The other path — marketing-led product, headline-cheap pricing with surprise add-ons, inbox-magic promises that don't survive a Gmail filter update — is faster to scale in the short term and much harder to survive in the long term. 23 years of independent operation is the evidence that the chosen approach works. The alternative would have closed the doors a long time ago.
"There have always been two kinds of operator in this segment — the ones optimising for the next funding event, and the ones optimising for the same customers staying with them for ten years. We've been the second kind since I joined in 2012, and the founders ran it that way before me. Nordic discipline, EU jurisdiction, prices on the website, dedicated infrastructure in the box, the same core team across every customer. It's the harder way. It's the way that works when someone's revenue depends on email actually reaching the inbox."