Posthawk is a self-hosted email infrastructure platform that lets you send, schedule, and receive emails through a simple REST API. It uses AWS SES under the hood for reliable delivery.

Is Posthawk really free?

Yes. Posthawk is free to self-host. You only pay for your own AWS SES usage, which starts at $0.10 per 1,000 emails. No platform fees, no hidden costs.

How do I self-host Posthawk?

You can deploy Posthawk with a single Docker Compose command. The setup takes under 10 minutes — connect your AWS SES credentials, configure your domain, and you are ready to send.

What email providers does Posthawk support?

Posthawk currently supports AWS SES as the email transport. We chose SES for its high deliverability, low cost, and battle-tested infrastructure used by thousands of companies.

Can I use my own domain?

Absolutely. Posthawk supports custom sending domains with full SPF, DKIM, and DMARC configuration. You can verify and manage multiple domains through the dashboard.

How does inbound email processing work?

Posthawk receives incoming emails via SES and forwards them to your application through webhooks. You get the full email body, headers, and attachments parsed and ready to use.

Is there a rate limit?

There are no rate limits imposed by Posthawk itself. Your sending rate is determined by your AWS SES account limits, which you can increase by requesting a sending limit increase from AWS.

Where can I get support?

Join our GitHub Discussions for community support, file issues on GitHub for bugs, or check our documentation at docs.posthawk.dev. We also have a Discord server for real-time help.

Legal

Acceptable Use Policy

Last updated — April 12, 2026

The short version

Posthawk exists to help developers send legitimate email — transactional messages, product notifications, receipts, password resets, and opt-in communications people actually want. This policy describes what we do not allow. It applies to every email sent through Posthawk's cloud service, whether via the HTTP API, SMTP submission, or any SDK. By using Posthawk you agree to follow it. If you break these rules we may suspend or terminate your account without refund, and in serious cases we will cooperate with law enforcement.

Prohibited content

You may not use Posthawk to send, distribute, promote, or link to any of the following:

Unsolicited bulk email, also known as spam — messages to recipients who have not given clear, informed consent to receive them
Phishing, credential harvesting, impersonation of a brand or person, or any form of email fraud
Malware, ransomware, spyware, viruses, trojans, or links to any of the above
Content that sexually exploits or endangers minors (CSAM) — we will report this to NCMEC and the appropriate authorities immediately
Content that harasses, threatens, defames, or incites violence against individuals or groups
Illegal gambling, unregistered securities, pyramid schemes, multi-level marketing recruitment, or "get rich quick" offers
Illegal drugs, unapproved pharmaceuticals, or controlled substances
Pirated software, cracked games, stolen media, or stolen credentials
Cryptocurrency pump-and-dump schemes, fake airdrops, rug pulls, or unsolicited token promotions
Content that infringes copyright, trademark, trade secrets, or other intellectual property rights
Hate speech or content that promotes discrimination based on race, ethnicity, religion, gender, sexual orientation, disability, or similar characteristics

Prohibited practices

Even if your content is legitimate, the way you send it matters. The following practices are not allowed:

Sending to purchased, rented, scraped, or harvested email lists — no exceptions
Sending to recipients who have unsubscribed, bounced, or marked your mail as spam
Forging, disguising, or obscuring the sender identity, the originating domain, the Return-Path, or any header to mislead recipients or filters
Using misleading, deceptive, or clickbait subject lines that do not reflect the content of the message
Operating on behalf of a third party whose content would violate this policy — you are responsible for your customers
Running open relays, open redirects, or services that let strangers send mail through your Posthawk account
Sharing your API keys publicly, committing them to source control, or letting untrusted code send through them
Circumventing rate limits, reputation controls, or suspension decisions by rotating accounts, domains, or IPs

Consent and list hygiene

Every recipient on your list must have given clear, provable consent to receive the type of mail you are sending. A transactional receipt for a purchase is different from a weekly marketing digest — both require a legitimate basis, but marketing mail requires explicit opt-in. You should keep records of when and how each recipient consented, and produce them on request. You must honor unsubscribe requests within ten days, and you must not send further marketing mail to anyone who has opted out. You are also expected to remove hard bounces promptly and stop sending to addresses that repeatedly mark your mail as spam. Good list hygiene is the difference between a deliverable program and a suspended account.

Sender reputation thresholds

Posthawk tracks bounce and complaint rates at the account level. If your metrics exceed the thresholds below, we will pause sending and contact you before any further damage is done to your reputation or the shared infrastructure:

Hard bounce rate above 5% — we will review the account
Hard bounce rate above 10% — sending is paused automatically
Spam complaint rate above 0.1% — we will review the account
Spam complaint rate above 0.3% — sending is paused automatically

Security and abuse

You must not use Posthawk to attack, scan, probe, or disrupt any system you do not own or have explicit permission to test. You must not use Posthawk to send mail bombs, reflection attacks, distributed denial-of-service traffic, or to exhaust the resources of any recipient. If we detect that your account is being used in an attack — whether by you, a compromised key, or a third party — we will suspend it first and ask questions afterward. You are responsible for securing your API keys and for any mail sent under them.

Enforcement

When we find a violation, our response depends on severity, intent, and history. We generally follow this escalation path, but we reserve the right to skip steps for serious violations:

Warning — we email you, explain the problem, and ask you to fix it within a defined window
Throttling — we reduce your sending rate or cap your daily volume while you remediate
Suspension — sending is paused; you retain access to logs and data while we investigate
Termination — your account is closed, API keys revoked, and data retained only as required by law

No refunds for violations

If we suspend or terminate your account because you violated this policy, you are not entitled to a refund for the remainder of your billing period, any add-ons you have purchased, or any unused sending capacity. Posthawk exists as a shared resource — one bad sender can damage deliverability for everyone — and the cost of cleaning up abuse is borne by us and by our other customers.

Reporting abuse

If you received an email sent through Posthawk that you believe violates this policy, please report it to abuse@posthawk.dev. Include the full message with headers so we can trace the sender. We read every report, we act quickly on valid ones, and we do not share reporter identities with the sender. If the message is a phishing attempt impersonating your brand and you are the legitimate owner, we will prioritize takedown and work with you directly.

Governing law

Posthawk is operated by a company registered in the United Kingdom. This Acceptable Use Policy is governed by the laws of England and Wales, without regard to conflict-of-law principles. Where local law in your jurisdiction imposes stricter requirements on senders — for example the CAN-SPAM Act in the United States, CASL in Canada, GDPR in the European Union, or the UK PECR and Data Protection Act — you are expected to comply with those too. The stricter standard always applies.

Changes to this policy

We update this policy when the sending landscape changes or when we notice gaps. Material changes will be announced by email to account owners at least seven days before they take effect, except where a change is required to address an active abuse vector, in which case we may update it immediately. Continued use of the Service after changes take effect means you accept the updated policy.

Questions

If you are not sure whether your intended use is allowed, ask before you start sending — it is always cheaper than a suspension. Reach us at abuse@posthawk.dev for enforcement questions, or support@posthawk.dev for general clarification. We would much rather help you set up a compliant sending program than clean up after a suspended one.