This Agreement represents a Service Level Agreement (”SLA” or ”Agreement”) between Mailhardener B.V. (”Mailhardener”, ”we”, ”us”) and the Customer for services and service levels in connection to the Email Hardening Suite ("Service").
This Agreement outlines the parameters of all services covered as they are mutually understood by the primary stakeholders. This Agreement does not supersede current processes and procedures unless explicitly stated herein.
To use the Mailhardener Email Hardening Suite, the Customer must agree with the Mailhardener Terms of Service, and has familiarized itself with the Mailhardener Privacy Statement.
The Mailhardener Email Hardening Suite can be considered a plugin for a domain, which aims at improving the Quality of Service (QoS) for the email sent from, or delivered to the domain. The Customer maintains its own email service of choice, no email is routed through the Mailhardener infrastructure. Except for the Mailhardener MTA-STS policy hosting offering, the use of Mailhardener services cannot cause email deliverability issues for the Customer.
The Mailhardener Email Hardening Suite consists of the following products:
draft-blank-ietf-bimi-02)New products and services may be added to the Email Hardener Suite in future releases.
The Service for processing reports, and accessing data (the Dashboard) will be available to the Customer on a 24x7 basis except for maintenance windows or other scheduled or application specific maintenance outlined herein.
It is our aim to ensure that the services supporting the Service are deemed reliable in terms of availability and performance. Therefore, we will measure the reliability using Mean Time Between Failures (MTBF) and compute the average (by month and year) time between each ‘failure’.
A failure is defined as any infrastructure related incident causing the Service to be unavailable. This can also include severe performance degradation. Failure impacts various parts of the Mailhardener Suite in different ways, we therefore prioritize the various services differently.
| Service | Target Availability | Failure impact |
|---|---|---|
| rfc8461 MTA-STS policy hosting | 99.9% | Reduced protection against downgrade attacks after caching period (2 weeks) expires |
| BIMI asset hosting | 99.9% | Failure to display BIMI mark for receivers, unless cached |
| Frontend HTTP webservices | 99.9% | Inability to access Mailhardener dashboard and inspection tools |
| rfc7489, rfc8460 reporting endpoints | 99.9% | Delayed delivery of reports, loss of reports |
| Mailhardener API | 99.9% | Inability to use Mailhardener dashboard to review reports |
| rfc7489, rfc8460 report processing | 99% | Delayed processing of rfc7489, rfc8460 reports |
| Domain inspection workers | 99% | Delayed warning on detected DNS changes |
The Supplier shall implement all measurement and monitoring tools and procedures necessary to measure, monitor and report on the Supplier’s performance of the provision of the Services against the applicable Service Levels at a level of detail sufficient to verify compliance with the Service Levels.
The Supplier shall notify the Customer in writing if the level of performance of the Supplier of any element of the provision by it of the Services during the term of the Contract is likely to or fails to meet any Service Level Performance Measure.
\newpage
Mailhardener recognizes that estimating rfc7489, rfc8460 report volume is hard, if not impossible. Therefore, Mailhardener does not enforce quotas on report volume for all paid tiers.
| Tier | Report data quota |
|---|---|
| Mailhardener Free | Fair use 1 |
| Mailhardener Standard | Unlimited |
| Mailhardener Large | Unlimited |
| Mailhardener for Enterprise | Unlimited |
| MSP customers | Unlimited |
1: Mailhardener Free is intended for evaluation, or personal, non-commercial use. Domains that create a large volume of reports are considered commercial. Mailhardener may reject reports for domains that are using the Mailhardener Free tier.
Instead of limiting on report volume (which is hard to estimate) Mailhardener limits the number of domains to be used per tier.
If a subdomain that is used as an email domain (that is: the subdomain is used behind the '@' sign in email), then the subdomain is considered a separate domain which counts toward the quota.
| Tier | Domains |
|---|---|
| Mailhardener Free | 1 |
| Mailhardener Standard | 10 |
| Mailhardener Large | 100 |
| Mailhardener for Enterprise | configurable 1 |
| MSP customers | configurable 2 |
1: The number of domains for enterprise accounts will be defined in the quotation.
2: MSPs can configure the domain limit per customer.
The minimum report (rfc7489 and rfc8460) data retention is defined per tier:
| Tier | Report data retention |
|---|---|
| Mailhardener Free | 1 month, on best effort basis |
| Mailhardener Standard | 3 months guaranteed |
| Mailhardener Large | 12 months guaranteed |
| Mailhardener for Enterprise | contract duration |
| MSP customers | 12 months guaranteed |
On account termination, breach of contact, or in case of failure to fulfill payments, Mailhardener may irreversibly delete the aggregated report data.
We have put in place all appropriate technical and organizational measures as required by applicable legal provisions (in particular article 32 of the General Data Protection Regulation (GDPR)) to ensure an appropriate level of security and, in particular, to prevent any accidental or unlawful destruction, loss, alteration, disclosure, intrusion of or unauthorized access to these data.
There is no such thing as ‘zero risk’ and even if we implement all the security measures recognised as appropriate, unforeseen things can happen. We have specific procedures and resources in place to manage security incidents under the best possible conditions. We have also set up a specific procedure for assessing possible breaches of security that could lead to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to Customer data, for notifying the competent supervisory authority within the period stipulated by applicable law, and for warning the Customer when a breach is likely to result in a high risk of disclosure of Customer data. Tests are carried out periodically to verify the functioning of the security installations and adequacy of the procedures and devices deployed.
Office hours are monday till friday, 9:00 AM till 17:00 PM CEST.
Typical support and incident response times are as follows:
| Request type | During office hours | Outside of office hours |
|---|---|---|
| Product support | within 1 day | Next working day |
| Email Hardening related support | within 1 day | Next working day |
| Security incidents | within 1 hour | Within 1 day |
The preferred method of contacting support is via email.
| Request type | Email address |
|---|---|
| Product support | support@mailhardener.com |
| Sales inquiries | sales@mailhardener.com |
| Business inquiries | info@mailhardener.com |
| Security incidents | security@mailhardener.com |
For enterprise customers, an account manager will be appointed.
Mailhardener uses a Continuous Integration (CI) strategy for deployment of updates and new features. During day-to-day operation, this approach should result in a zero-downtime service deployment.
However, for certain operations, such as database migrations, (partial) loss of service may occur. In case of scheduled downtime for maintenance, this may be announced via our website, social media and email.
The persons signing this Agreement below declare that they are authorized to act on behalf of the respective Contracting Party to the extent necessary to conclude this Agreement.
| Supplier | Customer | |
|---|---|---|
| Party: | Mailhardener B.V. | |
| Signature: | ||
| Name of signatory: | ||
| Position of signatory: | ||
| Date: | ||
| Location: |
This Agreement remains valid until superseded by a revised agreement mutually endorsed by the stakeholders.
| Version | Since | Changes |
|---|---|---|
| 1.0 | 01-01-2020 | Initial document release |
| 1.1 | 01-10-2021 | Added BIMI asset hosting |
| 1.2 | 01-03-2022 | Added DANE/TLSA to feature list |
| 1.3 | 03-05-2022 | Added Mailhardener MSP package description |
| 1.3.1 | 06-03-2023 | Increased MTA-STS caching period from 1 to 2 weeks |
| 1.4 | 28-03-2024 | Updated to reflect new legal entity Mailhardener B.V. |