Run production SMTP verification on your own infrastructure. Docker deployment in 30 minutes. One-time license, no per-email fees. Validate millions for the same price as thousands.
After enough volume, the SaaS model becomes a recurring tax on your business — and the data you're paying to clean lives on someone else's server.
Leading SaaS validators start at roughly $0.009 per email at low volumes, with blended rates around $0.008 at scale. At 1 million validations per year, that's $8,000–10,000 you pay every year, forever.
Every email address you validate is sent to a third party, processed on their servers, and stored in their logs. For agencies, regulated industries, and EU businesses subject to GDPR, this is a serious problem.
Major SaaS providers market 99.6% accuracy. Independent testing shows real-world accuracy of 93–97%, with an 8.1% false positive rate on catch-all domains where SMTP returns 250 OK regardless.
Need a custom rule, a private disposable list, white-labeling for clients, or an unusual integration? You can't have it. SaaS is take-it-or-leave-it. Self-hosted is yours.
A self-hosted email validation platform is software you install on your own servers to verify whether email addresses are real and deliverable — without sending any mail. It runs the same checks as leading cloud SaaS validators: syntax validation, MX record lookup, SMTP handshake, catch-all detection, and disposable-domain filtering.
The difference is where the work happens. With self-hosted, every email address you check stays on your infrastructure. Every API request hits your servers. Every result is yours. You pay once for the license, then validate as much as you want without per-email fees, throttled APIs, or surprise overage charges.
This makes self-hosted the right call when validation volume gets serious, when data residency matters, when you're building it into a product you sell to clients, or when you simply don't want a recurring cost compounding for the next decade.
The trade-off used to be ease versus control. With Docker-deployable platforms like MXGuard, you keep the control without the operational burden.
Pay once for the license, validate as much as you want forever. At even modest volume — 100,000 emails a year — self-hosted breaks even against SaaS within 12 months and saves money every year after.
Pays for itself in monthsEvery email validated stays in your infrastructure. Your processor agreements get simpler, GDPR posture improves, and you never have to explain to a client why you're shipping their list to a third country.
Cleaner GDPR postureAdd custom rules, private disposable-domain databases, integrations with your CRM, custom scoring logic, branded dashboards. The platform bends to your stack, not the other way around.
Yours to modifyAgencies and ESPs can resell validation to clients under their own brand. With a source license, rebuild the entire UI to match your platform — turn validation into a billable product line.
New revenue streamSaaS APIs throttle. Their rate limits are their problem, not yours. Self-hosted runs at the speed of your hardware — scale by adding worker nodes, not by upgrading to a higher pricing tier.
No tier upgradesSaaS providers raise prices, change pricing models, get acquired, or shut down. With self-hosted, your validation infrastructure is yours — it can't be taken away or repriced under you.
Future-proofEvery validation platform — SaaS, open source, or self-hosted — runs the same five stages. The differences are in retry logic, proxy rotation, and how each stage handles ambiguity.
RFC 5322 format validation. Filters out malformed addresses before any network call.
DNS query for the domain's mail servers. No MX = the domain can't receive mail.
Connect, send HELO, MAIL FROM, RCPT TO. Never DATA — no message sent.
Probe with a randomly generated address. If accepted, the domain is catch-all and flagged risky.
Combine signals into a deliverability score: Deliverable, Risky, or Undeliverable.
The complete email validation platform you run on your own infrastructure. Docker deployment in 30 minutes. One-time license. No per-email fees, ever.
MXGuard runs the same SMTP verification, catch-all detection, and disposable filtering as the leading SaaS validators — but on hardware you control. Every address you validate stays on your servers. No third-party data processor. No per-email costs that compound forever.
From a fresh Ubuntu VPS to validating your first list — it's a single Docker stack with a guided setup wizard.
Not all "email validation platforms" are the same product category. Here's the real trade-off across the major options in 2026.
| MXGuard Self-hosted | ZeroBounce Cloud SaaS | NeverBounce Cloud SaaS | Reacher OSS, AGPL | |
|---|---|---|---|---|
| Deployment | Docker on your VPS | Cloud SaaS | Cloud SaaS | Self-hosted |
| Cost model | $7,990 one-time | ~$0.009/email | ~$0.008/email | Free (with strings) |
| Cost at 1M / yr | $7,990 year 1, ~$0 after | $4,000–9,000 / yr | $4,000–8,000 / yr | Free + engineering |
| Data residency | Your servers | Their servers | Their servers | Your servers |
| Real-world accuracy | 95–98% | 96–97% | 93–97% | Varies (DIY tuning) |
| Catch-all scoring | Confidence-scored | AI-scored 0–10 | Binary safe/not-safe | Yes |
| SOCKS5 proxy rotation | Built-in | Their problem | Their problem | DIY |
| Web dashboard | Yes | Yes | Yes | No |
| Commercial license | Standard, build on it | Yes (their TOS) | Yes (their TOS) | AGPL — opens your code |
| White-label / resell | Yes (source license) | No | Limited | AGPL blocks most cases |
| Setup time | ~30 min | 5 min | 5 min | 2–4 hours + tuning |
Competitor names blurred for legal courtesy. All third-party trademarks are property of their respective owners. Pricing and feature comparisons based on publicly available information as of 2026.
Most teams who try to build their own validation start with an open-source library and hit a wall within weeks. These are the four blockers MXGuard solves out of the box.
AWS, DigitalOcean, Linode, and most major cloud providers block outbound port 25 by default. SMTP verification uses port 25. You either need to file support tickets, or pick a provider that allows it.
→ MXGuard ships with Hetzner deployment guideSpamhaus PBL automatically lists residential and dynamic IP ranges. The moment you probe a major mailbox provider from one, you're blocked. You need clean dedicated IPs with valid PTR/rDNS records.
→ Built for clean datacenter IPsYahoo, Gmail, Outlook detect bulk RCPT TO probing and throttle, greylist, or temp-block your IP. Without per-destination rate limiting and proxy rotation, your probes get blocked within hours.
→ Built-in SOCKS5 proxy poolMicrosoft 365 and Google Workspace tenants are commonly catch-all configured. Naive SMTP probing returns 250 OK on every address — leading to false positives that wreck sender reputation.
→ Random-probe detection with scoringDrag the sliders. See your annual SaaS validation cost — and how much self-hosting saves you over 3 years.
Compare 3-year cost of MXGuard self-hosted vs equivalent SaaS validation.
Real answers to the questions teams ask before committing to a self-hosted email validation platform.
The most popular open-source email validators are licensed under AGPL-3.0. If you use AGPL software inside a product served over a network — which most commercial use cases do — the license requires you to publish the source code of your entire application under AGPL too. That makes it a non-starter for SaaS products, agencies offering it to clients, or any business deployment.
MXGuard ships under a standard commercial license you can build on freely. White-label it, embed it in your product, resell access — none of that triggers any open-source obligations.
Other open-source options have different limitations: some are language-specific libraries rather than full platforms, some deliberately skip SMTP probing for privacy reasons, and several haven't been actively maintained in years.
It can — if you do it wrong. Mailbox providers detect bulk RCPT TO probing and respond with throttling, greylisting, or outright blacklisting. Residential and dynamic IPs are typically pre-listed on Spamhaus PBL before you send a single probe.
A production self-hosted platform mitigates this with SOCKS5 proxy rotation, per-destination rate limiting, valid rDNS records, and clean dedicated IPs. MXGuard ships with all of this built in. You don't probe from your main server's IP — you probe through the proxy pool.
A well-built self-hosted platform achieves 95–98% accuracy on most domains, which matches or beats real-world SaaS performance. Major SaaS providers market 99.6% accuracy, but independent benchmarks consistently show 93–97% in practice.
The single biggest accuracy gap across all platforms — SaaS or self-hosted — is on catch-all domains, where the SMTP server returns 250 OK regardless of mailbox existence. Honest platforms flag these as "Risky" rather than reporting them as Valid.
Minimum: a single VPS with 4 vCPU, 8GB RAM, 80GB SSD. Handles up to 200,000 validations per day. Production: 8 vCPU + worker nodes, 16GB RAM, 200GB SSD. Handles 1M+ daily.
The hard requirement is outbound port 25 access. AWS, DigitalOcean, GCP, and most major cloud providers block this by default — you'd need to file a support ticket. Hetzner, OVH, and most European/Asian providers allow it without issue.
Yes, but you'll need to file a request with the provider to unblock outbound port 25. AWS and DigitalOcean require an account-level review. GCP allows it on certain instance types. The path of least resistance is Hetzner (€4–€20/mo, port 25 open by default) or OVH.
The software itself doesn't process or store data — you do, on your own infrastructure. That makes your GDPR posture significantly cleaner: no third-party processor agreements for validation, no Schrems II third-country transfer concerns, no DPA negotiations with vendors.
You're still responsible for your own GDPR obligations as the data controller (lawful basis for processing, retention policies, data subject rights). But validation no longer adds an extra layer of compliance complexity.
Yes — but you'll want the source license ($24,990) for full white-label rights. The Docker license is for running the platform yourself; the source license includes the right to modify the UI, rebrand it, and resell access under your own brand.
Common patterns: agencies offering "validation" as a billable service line, ESPs adding it as a paid tier, cold email tool builders embedding it as a feature.
Docker license ($7,990): the full platform Docker image, web dashboard, API, SOCKS5 proxy infrastructure, disposable domain database, deployment guides, and 12 months of updates.
Source license ($24,990): all of the above plus full source code across all repos, white-label rights, and the right to modify and resell. Add-on bundle: +$5,000 for 3 months of dedicated launch support.
The Docker license includes 12 months of updates. After that, you can either keep running the version you have (it'll continue to work indefinitely) or renew updates for an annual fee — currently $1,490/year.
Updates are pulled via Docker. New disposable domain lists ship monthly. Engine updates go out as needed for new mailbox provider quirks (Yahoo policy changes, new Microsoft 365 patterns, etc.).
The detection technique: before validating the actual address, MXGuard probes the same mail server with a randomly generated string at the same domain. If the server accepts that too, the domain is configured catch-all. The result is then flagged with a confidence score — not a binary valid/invalid.
This matters because Microsoft 365 and Google Workspace tenants are often catch-all configured. Naive validation marks every address there as "Valid" when half might bounce. MXGuard tells you the truth: "This domain is catch-all, treat with caution."
One-time license. Deploy in 30 minutes. No per-email fees, ever. Stop renting infrastructure that should be yours.