23 years from Stockholm
About Authorize Hosting · Operating since 2003

A Swedish email infrastructure operator. 23 years on, still doing the same work.

We're a small Stockholm company that runs email infrastructure for other people's products. The doors opened in 2003. They've stayed open through every shift in this business that mattered: SPF moved from "nice to have" to mandatory; DKIM went from a Yahoo experiment to baseline; DMARC stopped being optional the day Gmail and Yahoo turned on the 2024 enforcement; Spamhaus published the cold-email piece in June 2025 and the rules changed again; Google rolled RETVec into the Gmail spam classifier and the filtering math moved another step under everyone's feet. We were trading through every one of those. The pitch hasn't changed in 23 years — dedicated infrastructure, prices we can read out loud, the operational-discipline part where the work is the work.

Foundational story

Founded in 2003. Refined into an email infrastructure operator the slow way.

The company started in 2003 as a small Stockholm hosting outfit serving customers who wanted boring servers — the kind that just keep working, not the kind that ship features nobody asked for. It was an unremarkable positioning at the time. It has aged better than most. Providers in this segment that optimized for the next funding round, or the next acquisition, mostly aren't around any more. The ones who optimized for serving the same customers over decades tend to still be open. We're in the second category. The customer relationships built over twenty years compound in ways a five-year-old provider can't easily replicate, no matter how well-funded.

That's the easy part of the story. The harder part is the 23 years themselves. We opened in 2003 — same year PowerMTA 2.0 shipped — and traded continuously through every deliverability shift since. When SPF was still being argued over. When DKIM was a Yahoo project and nobody quite believed in it. When DMARC was the optional layer that Gmail and Yahoo finally made mandatory in 2024. When Spamhaus drew the cold-email line in June 2025. When Google deployed RETVec inside the Gmail spam classifier and the spam-score math moved under everyone's feet. We were operating through every one of those. None of it was abstract. Each shift changed how the work gets done day-to-day, and operators who were there have pattern recognition for the next shift that operators who weren't, simply don't.

The third part is what the work has narrowed into. Today there are six product lines, and they exist because they answer six different operational questions: SMTP Relay for applications that already speak SMTP and shouldn't be rewritten. Email API for product engineering teams that want webhooks and idempotency built in. Managed PowerMTA Servers for routing volume that stresses simpler stacks. Dedicated Email Servers for teams that bring their own MTA onto bare metal. Cold Email Infrastructure for outbound work that takes Spamhaus seriously. Managed Deliverability for the human-expertise layer around any of those. Every entry plan ships with dedicated IPs in the box. The pricing is on the website — not behind a "talk to sales" gate, not advertised cheap with the dedicated-IP add-ons quietly added back at signup.

Why operating from Sweden actually matters

It's not a marketing accent. There are three concrete operational reasons we're still in Stockholm. First, the legal environment is genuinely stable for infrastructure businesses — no surprise legislation, no jurisdictional drift that breaks compliance over a quarter. Second, the GDPR posture is genuinely simpler when both the operator and the data centres are EU-based: no Standard Contractual Clauses, no Schrems II workaround, no transfer-mechanism dance that US-headquartered providers have to choreograph. And third — this is harder to put in a brochure — Nordic engineering culture leans operational rather than marketing-led, which fits the work. Stockholm also sits in a useful time-zone window: full European business hours, with the late-day overlap into the early US morning that lets retainer work cover both sides cleanly. Default sending locations are Sweden and Germany. US and Asia-Pacific are available on Custom plans when latency or regulation actually justifies them.

Why the timeline matters when you're choosing this kind of provider

Infrastructure buyers don't pick on features alone. The conversation gets serious around continuity (will the provider still exist in three years), responsiveness (when an IP gets listed at 4am on a Saturday, who picks up the phone), and whether the people running it understand what happens after launch. A provider that has been trading since 2003 has cycled through every generation of this work — pre-SPF, pre-DKIM, the move to PowerMTA, the rise of ESPs, the receiver-tightening waves of 2016 and 2020, the 2024 enforcement reset, the cold-email pivot in 2025. Each one broke a lot of senders. The reason long-tenured operators are useful isn't that we can recite the history — anyone with a Wikipedia tab can do that. It's that current problems tend to rhyme with old ones, and we've seen the rhyme before.

What the work has narrowed into

Six product lines, organized by operational shape rather than by tier: SMTP Relay where the application already speaks SMTP and shouldn't be touched. Email API where the engineering team wants delivery logic in product code with proper webhooks. Managed PowerMTA Servers for routing volume that has outgrown simpler MTAs. Dedicated Email Servers for teams that bring their own MTA expertise onto bare metal. Cold Email Infrastructure for outbound work that takes Spamhaus, suppression lists and warming seriously. Managed Deliverability for the human-expertise layer wrapped around any of those. They're separated because they answer different questions, not because we're upselling tiers. Every entry plan ships with dedicated IPs from the start. The pricing is on the page. The services page has a decision-aid table for picking among them.

Timeline

How a generalist hosting shop turned into an email-only operator

2003

Doors open in Stockholm

A small hosting business with a small customer list. Most of them want one thing — servers that don't fall over — and we spend the first year just being good at that.

2005

The work expands sideways

Customers start asking for help moving between hosts, getting cPanel installed properly, recovering from backups that turned out to be incomplete. The day shifts from "running servers" to "running infrastructure for people who don't want to run their own."

2008

Shared hosting stops being enough

The bigger customers grow out of $5/month plans. They want their own VPS, then their own dedicated box, then root access on it. We follow them up the stack.

2011

The email tickets start to dominate

Password resets going to spam. Order confirmations not arriving. WordPress sites that send a contact form to the void. The email category quietly takes over the support queue.

2014

"Can we have our own IP?"

The question we hear most that year. Customers in healthcare, finance, anything sensitive — they don't want their reputation tangled up with someone else's promotional newsletter. We build out the dedicated-IP side of the business in earnest.

2016

Authentication stops being optional

SPF and DKIM had been around for years, but 2016 is when receivers actually start enforcing. DMARC reports flood in. The job description quietly adds "deliverability engineer." We stop calling these "side topics."

2018

The cold-email crowd shows up

Outbound sales teams start asking for "warmer" infrastructure. Most of them want the same shared IP everyone else is using and a promise it'll work. It won't. The conversations get longer. We start charging for the conversations.

2020

PowerMTA becomes a real conversation

The bigger sending customers — the ones doing five, ten, twenty million a month — outgrow what generic Postfix or Exim setups can do for them. Routing flexibility, vMTAs, per-domain throttling. We end up doing managed PowerMTA as a service almost by accident.

2023

The catalogue gets a haircut

For years the website tried to be a generalist. By 2023 it was clear nobody buys generalist hosting from us any more — they buy the email parts. So we cut everything else. Six product lines, each with a clear job. Easier to explain. Easier to buy.

2026

The site you're reading now

Same Stockholm office. Same kind of work. Same answer when someone asks what we do — "email infrastructure, the boring kind." This version of the site just makes that easier to read.

Operating from Sweden, serving globally

What "Stockholm-based" actually means when you're the customer

It's not just where the office is. The Swedish base shapes how the work gets done in three practical ways that customers notice. If you're European, the GDPR posture is genuinely simpler — operator in the EU, data centres in the EU, no Schrems II workaround needed, no Standard Contractual Clauses to negotiate every renewal. If you're in North America, our morning is your morning's morning; tactical support requests land while we're awake instead of waiting for someone in a different timezone to rotate in. If you're in Asia-Pacific, you get extended hours on retainer and the option of US-East or Singapore data centres on Custom plans where latency actually matters.

The cultural part is harder to put into a brochure but matters more than it sounds. Swedish business culture leans toward shipping things that work over telling stories about things that will work. The trade-off is real: it's a slower way to grow, and it's a worse fit for VC narratives. But it produces the kind of customer relationships that compound — and over enough years, that compounding is the whole business. 23 years of independent operation didn't happen by accident.

Where the servers actually are

Sweden and Germany for sending infrastructure, by default. Both EU jurisdictions, both with the regulatory stability infrastructure businesses need, both with the peering arrangements that get mail to the major receivers without weird routes. Sweden's free cooling helps with power efficiency at scale (the climate does some of the work that would otherwise need bigger HVAC). Germany's network position covers southern and western Europe more cleanly. For Custom plans we'll deploy US-East (Virginia) or Singapore/Tokyo if there's a reason — receiver-side latency that genuinely matters, a regulatory requirement, a customer running a pan-regional product. The decision should be driven by what your sending profile needs, not by what's convenient for us to operate.

Technical posture

The actual stack — software, hardware, who decided what

"Modern infrastructure" doesn't mean anything. So instead of saying that, here's the specific software and hardware behind each of the six product lines, why we picked it, and what the trade-offs are. The relevant trade-offs are documented on each service page too, but the executive version lives here.

Which MTA runs which product, and why

SMTP Relay and Email API both sit on top of PowerMTA in a managed multi-tenant configuration. PowerMTA gets the slot for one boring reason: twenty years in, nothing else has matched it for predictability under load. Per-domain throttling that actually does what the docs say. Delivery logs you can trust. A performance envelope that doesn't surprise you on a Tuesday afternoon. Managed PowerMTA Servers is the same engine in single-tenant configuration — your own dedicated PowerMTA instance with the license, hardware and operations bundled into one bill. Dedicated Email Servers is the bare-metal variant where you bring the MTA: most customers pick KumoMTA (open source, Lua-scripted, shipped in 2024 by a team of ex-PowerMTA engineers — and yes, it's good); some stay on Postfix because their stack already does; some run Exim if they're on cPanel territory; a few bring their own PowerMTA license and prefer to manage it themselves. Cold Email Infrastructure runs on PowerMTA again, but with per-cousin-domain vMTA isolation and dedicated warming infrastructure — the cold-email shape needs operational tooling that doesn't really exist outside the commercial product.

What the receiver-side work actually involves

Managed Deliverability is the human-expertise layer, and it lives on the receiver side of the relationship. That means: Google Postmaster Tools wired up properly so the Gmail reputation signal is actually visible. Microsoft SNDS for Outlook and Hotmail. Yahoo Sender Hub, which most senders forget exists. Continuous monitoring across 50+ DNSBLs — every Spamhaus zone (SBL, XBL, CSS, DBL), plus Barracuda, SURBL, SORBS, URIBL, the usual suspects. DMARC aggregate reports get processed monthly on retainer engagements; if you've ever stared at a folder of unparsed RUA XML and given up, you know why someone needs to do this. BIMI work, including VMC certificate guidance through DigiCert or Entrust, sits on the Strategic tier. Feedback loops with AOL, Yahoo, Hotmail, Microsoft, Comcast and the others are part of the retainer baseline. The framing for all of this is the current reality — Gmail and Yahoo's 2024 bulk-sender guidelines (0.1% complaint rate target, mandatory DMARC), Spamhaus's June 2025 cold-email position, and the RETVec deployment inside Gmail (38% better spam detection, 19.4% fewer false positives, per Google's own numbers). The 2026 work is calibrated to receiver-side reality, not to sender-side tricks that were already old in 2018.

The hardware, briefly

Bare metal. Real Intel Xeon CPUs — E-2388G (8C/16T) on Standard, Gold 6326 (16C/32T) on Pro, Gold 6338 (32C/64T) on Enterprise. ECC RAM, 32 / 64 / 128 GB depending on tier. NVMe storage, 1 / 2 / 4 TB. Ten, twenty, or thirty dedicated IPs included. The reason for physical CPUs instead of vCPUs is operational, not marketing — a noisy neighbour on a hypervisor breaks mail throughput in ways that look like ghost problems on the application side. ECC RAM matters for the same kind of reason: a single bit-flip in queue state during a busy hour produces an incident that you'll spend half a day chasing before realising it was hardware. Default data centres in Sweden and Germany. Outbound port 25 is permitted there, which is not the default on AWS EC2, DigitalOcean, Azure or Google Cloud — those providers block port 25 outbound and you can apply for an exception, but you can't actually run a sending operation on them comfortably. US East and Asia-Pacific are available on Custom plans when there's an actual reason.

Who's actually operating this

The leadership has been stable for fourteen years. Mikael Vainiomaa joined in 2012 and has been CEO since; the core operations team's institutional memory goes back to the 2003 founding. That continuity is the entire point. Email infrastructure is a pattern-recognition discipline — knowing how Gmail's filtering actually behaves under load, recognising which Spamhaus listings are real concerns versus noise, and having a working sense of which operational moves produce results versus theatre. None of that knowledge is in a runbook. It lives in the heads of the people who've been doing this for years, and it gets transmitted by working alongside them.

The trade-off is honest: we can't onboard new engagements at the speed a self-serve SaaS can. There's no automated funnel, no hands-off signup. The CEO and core operators are in the room for every scoping conversation. That's slower. It's also why customers who fit our shape tend to stay for a long time. If you want pure self-serve automation with zero operator touch, our shape is wrong for you — Postmark, SendGrid and Mailgun have all built that experience well, and we'll send you to them honestly.

Leadership

Same CEO since 2012. Same company since 2003.

The CEO is Mikael Vainiomaa, who joined in 2012 and has run the place since. Both timelines matter for different reasons. The 2003 founding is the company's; the 2012 leadership transition is Mikael's; together they cover the entire arc of modern deliverability — from the DKIM rollout, through the 2024 DMARC enforcement at Gmail and Yahoo, through Spamhaus's 2025 cold-email position, through the RETVec deployment inside Gmail's spam classifier. Fourteen years of CEO tenure is unusual in this category. For perspective, Mailgun cycled through Rackspace, Thoma Bravo and Sinch in roughly the same window. When we say "operational continuity," that's the specific evidence we mean.

Mikael is on LinkedIn if you want to verify any of this independently. The way the team works reflects the way the product is priced — dedicated IPs at the entry tier, no free-tier bait-and-switch, the Spamhaus and RETVec citations on the Cold Email and Managed Deliverability pages, honest answers when honesty costs the sale. The other path — marketing-led product, headline-cheap pricing with surprise add-ons, inbox-magic promises that don't survive a Gmail filter update — is faster to scale in the short term and much harder to survive in the long term. 23 years of independent operation is the evidence that the chosen approach works. The alternative would have closed the doors a long time ago.

"There have always been two kinds of operator in this segment — the ones optimising for the next funding event, and the ones optimising for the same customers staying with them for ten years. We've been the second kind since I joined in 2012, and the founders ran it that way before me. Nordic discipline, EU jurisdiction, prices on the website, dedicated infrastructure in the box, the same core team across every customer. It's the harder way. It's the way that works when someone's revenue depends on email actually reaching the inbox."