Enterprise transactional email and SMTP relay infrastructure built for regulated industries. Strict anti-spam enforcement, UK GDPR compliance, and dedicated deliverability operations.
FortisRelay provides enterprise-grade messaging relay infrastructure. Every account undergoes manual compliance review before activation.
High-throughput relay infrastructure designed exclusively for system-generated, transactional messages. No bulk or marketing traffic permitted.
Hardened SMTP endpoints with mandatory TLS enforcement, authenticated relay access, and per-client credential isolation.
RESTful API with comprehensive sending, status querying, and webhook delivery. Full audit logging on all API operations.
SPF, DKIM, and DMARC configuration support. Mandatory domain verification before any sending is permitted on the platform.
Real-time delivery dashboards, bounce categorisation, complaint tracking, and exportable compliance reports for audit purposes.
Multi-region routing with automatic failover, dedicated IP pool management, and priority queue separation for critical message streams.
FortisRelay operates under strict acceptable use standards. Misuse of our infrastructure results in immediate account suspension.
All recipients must have provided verified, documented consent prior to any message being sent via the FortisRelay platform.
Sending of any unsolicited bulk email, promotional mass mailings, or harvested recipient lists is strictly prohibited and will result in permanent suspension.
Every new account application undergoes a manual review by our compliance team before any sending access is granted.
All clients must complete KYC verification including business registration documents and authorised signatory identification.
Our systems continuously monitor complaint rates, bounce patterns, and sending behaviour. Anomalies trigger automatic throttling and compliance review.
Our infrastructure and operational procedures are designed to support our clients' obligations under UK GDPR and the Privacy and Electronic Communications Regulations.
FortisRelay does not offer self-serve account creation. All clients are onboarded through a structured compliance process.
Submit your account application including business registration details and intended use case.
Our compliance team conducts identity and business verification in accordance with our KYC procedures.
Configure SPF, DKIM, and DMARC records. Verification is required before any sending access is granted.
Upon successful review, your account is activated with monitored sending access and ongoing compliance oversight.
FortisRelay Ltd is a London-registered communication infrastructure provider, incorporated in 2021 with a single mandate: deliver secure, compliance-first messaging infrastructure to organisations that cannot afford operational or reputational risk.
We exist to serve organisations for whom messaging infrastructure is a critical operational dependency, not a commodity. FortisRelay was founded by infrastructure and compliance professionals who identified a significant gap in the market: the majority of email relay providers were either consumer-grade services dressed in enterprise clothing, or deeply complex self-hosted solutions with no compliance guidance.
FortisRelay bridges this gap. We operate dedicated, isolated infrastructure with a compliance team that genuinely understands UK GDPR, PECR, and the deliverability consequences of poor sending practices.
We serve SaaS platforms, financial services firms, regulated healthcare applications, and enterprise software vendors across the United Kingdom and Europe. Every client relationship begins with a rigorous compliance and identity review.
Incorporated at Companies House, London. Initial infrastructure provisioned with a dedicated compliance framework.
First client cohort onboarded through structured KYC review. SMTP relay and API v1 released.
Full UK GDPR data processing agreements and PECR compliance documentation made available to all clients. DPA register established.
IP infrastructure expanded to support dedicated sending pools for enterprise clients. Multi-region routing launched.
API v2 launched with full audit logging, real-time delivery webhooks, and enhanced compliance reporting.
Our leadership team brings extensive experience in infrastructure operations, compliance, and enterprise software.
Chief Executive Officer
Infrastructure and cloud services specialist with prior experience at UK-based hosting and network providers. Oversees strategic direction and client relationships.
Chief Compliance Officer
Data protection and regulatory compliance specialist. Responsible for UK GDPR, PECR, and internal risk assessment procedures. Qualified CIPP/E.
Chief Technology Officer
Systems architect with deep expertise in high-availability mail infrastructure, DNS, and large-scale delivery operations. Leads all technical platform development.
| Legal Name | FortisRelay Ltd |
| Company Number | 14271835 |
| VAT Number | GB 412 8830 51 |
| Jurisdiction | England and Wales |
| Incorporated | 11 March 2021 |
FortisRelay Ltd
4th Floor, 86 โ 90 Paul Street
London
EC2A 4NE
United Kingdom
A complete set of infrastructure services for organisations that require reliable, compliant transactional messaging.
Purpose-built relay infrastructure for system-generated transactional messages. Account confirmations, password resets, order notifications, and security alerts. No promotional or bulk traffic permitted on shared infrastructure.
Hardened SMTP relay endpoints with mandatory TLS enforcement. Per-client credential isolation, IP allowlisting, and SMTP AUTH requirement. Compatible with all major programming languages and mail libraries.
RESTful JSON API for programmatic message dispatch, status querying, and operational management. Full audit trail on all API operations. Supports webhook delivery for real-time event processing.
Comprehensive guidance and tooling for SPF, DKIM, and DMARC configuration. Domain authentication is mandatory for all sending on the FortisRelay platform. Unauthenticated domains cannot be activated.
Comprehensive reporting infrastructure for delivery performance, bounce analysis, and complaint monitoring. All data retained in accordance with UK GDPR data minimisation principles.
Automatic and manual suppression list management. Unsubscribe, bounce, and complaint events are automatically processed and suppressed. Cross-client bounce data is isolated and never shared between accounts.
FortisRelay serves regulated and compliance-sensitive industries across the UK and Europe where messaging infrastructure must meet exacting standards.
FCA-regulated firms and financial technology platforms require messaging infrastructure that meets FCA operational resilience expectations and supports audit trail requirements. FortisRelay provides dedicated IP allocation, full audit logging, and data processing agreements suitable for financial services compliance teams.
Common use cases: Trade confirmations, KYC verification messages, account alerts, two-factor authentication, statement delivery, fraud notifications.
Software platforms with high transactional message volumes require reliable infrastructure with predictable deliverability. FortisRelay's dedicated sending pools and priority queue management ensure time-critical transactional messages are not affected by shared infrastructure congestion.
Common use cases: Account creation, password reset, in-app notifications, billing alerts, user invitations, system status updates.
Healthcare applications operating under UK GDPR and NHS data standards require infrastructure providers who can enter into appropriate data processing agreements and demonstrate compliance with data protection obligations. FortisRelay supports DPA signing and data residency considerations.
Common use cases: Appointment reminders, prescription notifications, patient portal credentials, care coordination messages.
Law firms and regulated professional services organisations require infrastructure with clear data lineage, confidentiality assurances, and compliance support. FortisRelay's isolated client infrastructure and full audit logging meets the expectations of legal sector compliance teams.
Common use cases: Client portal access, document notifications, secure message delivery, time-sensitive legal correspondence.
Retail platforms with significant order volumes require high-throughput transactional infrastructure with strong bounce management and ISP relationships. Only transactional order and account messaging is permitted; promotional mailings require separate compliant platforms.
Common use cases: Order confirmations, despatch notifications, returns processing, account verification.
Public sector bodies require infrastructure that supports their obligations under UK GDPR as data controllers and the Government Functional Standard GovS 007. FortisRelay can provide infrastructure documentation suitable for procurement and security accreditation processes.
Common use cases: Service notifications, appointment confirmations, document issuance, citizen portal communications.
All plans include mandatory compliance review and onboarding. No self-serve account creation. Access is granted following successful KYC verification.
For growing SaaS platforms and development teams.
For established SaaS platforms and mid-market enterprises.
For regulated enterprises with custom volume and compliance requirements.
Technical documentation for FortisRelay's SMTP relay and REST API. All integrations require an approved account.
FortisRelay provides two integration methods: a standards-compliant SMTP relay endpoint and a RESTful JSON API. Both methods require an approved account with verified sending domains.
Before you can begin sending via FortisRelay, the following requirements must be satisfied:
All API requests are authenticated using an API key passed in the Authorization header as a Bearer token.
POST /v2/messages
Host: api.fortisrelay.co.uk
Authorization: Bearer fr_live_xxxxxxxxxxxxxxxxxxxx
Content-Type: application/json
{
"from": "noreply@yourdomain.co.uk",
"to": ["recipient@example.com"],
"subject": "Your account confirmation",
"html": "<p>Thank you for registering.</p>",
"text": "Thank you for registering."
}
Successful submissions return a 202 Accepted response with a message ID for status tracking.
{
"id": "msg_01j8x4vr2k000000abcdef12",
"status": "queued",
"queued_at": "2025-11-14T09:32:11Z"
}
| Parameter | Value |
|---|---|
| Host | smtp.fortisrelay.co.uk |
| Port | 587 (STARTTLS) or 465 (SMTPS) |
| Authentication | Required (SMTP AUTH) |
| Username | Your API key (fr_live_...) |
| Password | Your account password |
| Encryption | TLS required โ plaintext connections are rejected |
| Parameter | Type | Required | Description |
|---|---|---|---|
| from | string | Yes | Verified sender address |
| to | array | Yes | Recipient addresses (max 50) |
| subject | string | Yes | Message subject line |
| html | string | No* | HTML body content |
| text | string | No* | Plain text body content |
| reply_to | string | No | Reply-To address |
| tags | array | No | Message classification tags |
* At least one of html or text is required.
FortisRelay's infrastructure and operational procedures are designed around security and compliance as foundational requirements, not optional features.
All data transmitted to and from FortisRelay infrastructure is encrypted using TLS 1.2 or TLS 1.3. Plaintext connections are refused at the protocol level. SMTP relay endpoints enforce STARTTLS; port 25 (unencrypted) is disabled.
Enterprise and Business plan clients are allocated dedicated sending infrastructure. Client sending queues, credentials, and data are fully isolated. Shared resources are segmented at the application and network level.
SPF, DKIM, and DMARC are mandatory requirements before any sending domain may be activated. Unauthenticated domains are blocked at the platform level. DKIM signatures use 2048-bit RSA keys minimum.
Dedicated IP pools are managed by our deliverability operations team. Reputation is monitored across major blocklist databases in real time. IP pools are pre-warmed before client activation and monitored continuously.
Automated systems continuously monitor complaint rates, bounce rates, sending velocity anomalies, and content patterns. Thresholds that indicate potential abuse trigger automatic rate throttling and internal review escalation.
API keys and SMTP credentials are scoped and rotatable. All authentication events are audit logged. Administrative access to infrastructure requires multi-factor authentication and is restricted to authorised personnel.
FortisRelay operates as a Data Processor under Article 28 UK GDPR when processing personal data on behalf of clients. Data Processing Agreements are available for all plan tiers. We maintain a Record of Processing Activities and conduct Data Protection Impact Assessments for high-risk processing activities.
FortisRelay's platform is designed exclusively for transactional messaging to recipients who have provided explicit opt-in consent or have a legitimate interest under applicable regulations. Our Acceptable Use Policy prohibits all unsolicited electronic communications.
For clients sending to US-based recipients, our platform enforces CAN-SPAM compliant header requirements. Clients are required to ensure their transactional messages comply with applicable laws in all destination jurisdictions.
Every client account undergoes a structured onboarding process that includes business identity verification, review of intended use case, assessment of sending infrastructure, and sign-off by our compliance team. No account is activated without this review.
Our compliance team conducts periodic internal risk assessments of client sending patterns. Accounts exhibiting risk indicators โ such as elevated complaint rates, unusual geographic patterns, or volume anomalies โ are reviewed and may be suspended pending investigation.
Accounts found to be in breach of the Acceptable Use Policy are suspended immediately and without prior notice. FortisRelay reserves the right to retain evidence of policy violations for reporting to relevant authorities where applicable.
Our team typically responds within one business day. All access requests are subject to compliance review.
Available to active clients. 1 business day response on Professional; 4-hour SLA on Business and Enterprise.
For new account requests, pricing discussions, and enterprise enquiries.
For GDPR data subject requests, DPA enquiries, and abuse reports.
FortisRelay Ltd
4th Floor, 86 โ 90 Paul Street
London, EC2A 4NE
United Kingdom
+44 (0)20 3951 4780
Last updated: 1 January 2026 | FortisRelay Ltd (Company No. 14271835)
FortisRelay Ltd ("FortisRelay", "we", "our", "us") is a company registered in England and Wales (Company No. 14271835, VAT No. GB 412 8830 51), with a registered office at 4th Floor, 86 โ 90 Paul Street, London, EC2A 4NE. We are the data controller for personal data collected through our website and in connection with our commercial activities.
We collect personal data in the following circumstances: when you submit an enquiry via our website contact form; when you enter into a commercial relationship with us; when you use our platform as an authorised client user; and when we are required to collect data for KYC compliance purposes.
We process personal data on the following legal bases under UK GDPR: performance of a contract (Article 6(1)(b)); compliance with a legal obligation (Article 6(1)(c)); our legitimate interests in operating and securing our infrastructure (Article 6(1)(f)); and, where applicable, your consent (Article 6(1)(a)).
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. Client account data is retained for the duration of the commercial relationship and for seven years thereafter for legal and compliance purposes. Contact form enquiry data is retained for twelve months.
You have the right to access, rectify, or erase your personal data; to restrict or object to processing; and to data portability where technically feasible. To exercise your rights, please contact our Data Protection Officer at compliance@fortisrelay.co.uk. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
FortisRelay Ltd, 4th Floor, 86 โ 90 Paul Street, London, EC2A 4NE. Email: compliance@fortisrelay.co.uk. Telephone: +44 (0)20 3951 4780.
Last updated: 1 January 2026 | FortisRelay Ltd (Company No. 14271835)
These Terms of Service ("Terms") govern access to and use of the FortisRelay platform and services ("Services") provided by FortisRelay Ltd, a company registered in England and Wales (Company No. 14271835). By accessing our Services, you agree to these Terms.
Access to FortisRelay's Services is subject to a manual compliance review. FortisRelay reserves the absolute right to decline any account application without providing reasons. Account activation does not constitute a waiver of FortisRelay's right to terminate access at any time for policy violations.
The Services may only be used for legitimate transactional messaging purposes to recipients who have provided verified opt-in consent. Use of the Services for unsolicited email, bulk promotional mailings, phishing, or any purpose prohibited under the Acceptable Use Policy is strictly forbidden and will result in immediate suspension and potential legal action.
FortisRelay targets a platform availability of 99.9% measured monthly, excluding scheduled maintenance windows. Service level credits may be available for qualifying downtime events under Enterprise plan agreements. FortisRelay makes no warranty that the Services will be uninterrupted or error-free.
To the fullest extent permitted by applicable law, FortisRelay's aggregate liability to you in connection with the Services shall not exceed the fees paid by you in the three calendar months preceding the event giving rise to liability. FortisRelay is not liable for indirect, consequential, or special loss or damage.
These Terms are governed by the laws of England and Wales. Any disputes shall be subject to the exclusive jurisdiction of the courts of England and Wales.
FortisRelay may amend these Terms at any time. Clients will be notified of material changes with not less than 30 days' notice via the email address registered on their account.
Last updated: 1 January 2026 | FortisRelay Ltd (Company No. 14271835)
FortisRelay's platform is authorised for transactional electronic communications only. A transactional communication is a message that relates to a specific action, transaction, or established relationship between the sender and the recipient. Examples include:
The following are strictly prohibited and will result in immediate account suspension:
All recipients of communications sent via FortisRelay must have provided explicit, documented consent to receive such communications. FortisRelay may request evidence of consent mechanisms at any time. Inability to evidence consent will result in account review and potential suspension.
Accounts exceeding a complaint rate of 0.08% across any rolling 7-day period will be subject to automatic review. Accounts sustaining a complaint rate above 0.1% may be suspended pending investigation. FortisRelay will notify affected clients and provide an opportunity to present mitigating information.
To report suspected misuse of FortisRelay's platform, please contact abuse@fortisrelay.co.uk. We take all abuse reports seriously and investigate every submission.
Acme Corp Ltd ยท Last 30 days ยท Updated: 20 Feb 2026, 09:41 UTC
fr_live_...a9f2 authenticated โ 1,240 messages submittedmail.acmecorp.co.uktransact.acmecorp.co.uk is p=none โ recommend upgrading to p=quarantine