Your subscriber data stays on your servers, in your country, under your control. GDPR compliance isn't an add-on — it's the architecture.
Punchmail isn't a hobby project with a queue bolted on. It's a multi-layered sending engine designed from day one to handle millions of emails without breaking a sweat.
7 priority queues — tracking, sending, campaigns, automations, bounces, imports, default. Each with dedicated workers via Laravel Horizon.
Campaigns split into 500-subscriber batches. Multiple workers process batches simultaneously. Template compiled once, cached in Redis, reused across all batches.
Every open, click, bounce, and unsubscribe stored in ClickHouse with 6 materialized views for instant aggregation. No more slow MySQL GROUP BY on millions of rows.
Redis SETNX locks → MySQL unique index with INSERT IGNORE → job idempotency. Three layers guarantee zero duplicate sends, even during crashes and restarts.
Enterprise email marketing features without the enterprise price tag. Built by someone who's been sending email since before Gmail existed.
Drag-and-drop email builder with 10 block types. Compiles to bulletproof HTML via MJML. Looks perfect in every client — yes, even Outlook.
Nested AND/OR conditions across subscriber fields, tags, engagement history, and campaign activity. "Opened campaign X but didn't click in 90 days" — milliseconds.
Trigger-based workflows with conditions, delays, and actions. Welcome series, re-engagement, cart abandonment. Set it and forget it.
Connect any SMTP provider. Create pools with weighted distribution for IP warmup. Automatic failover. Per-campaign throttling. This is what enterprise ESPs charge thousands for.
Event tracking powered by ClickHouse. Millions of events, instant queries. Full per-campaign reports and per-subscriber activity timeline.
Test subject lines and content with 2-3 variants. Auto-send the winner based on opens or clicks. Data-driven sending.
IMAP/POP3 mailbox polling plus webhook receivers for SES, Postmark, and SendGrid. Automatic hard/soft classification with configurable thresholds.
Multiple suppression lists with email AND domain blocking. Platform-wide suppression for spamtraps and global unsubscribes. Three-layer dedup prevents duplicate sends.
RFC 8058 one-click unsubscribe (Gmail/Yahoo required), in-body unsubscribe, and full preference center. List-Unsubscribe headers automatic on every send.
GDPR compliance isn't just about cookie banners and privacy policies. For email marketing, the core issue is where your subscriber data lives. When you use Mailchimp, Brevo, or ActiveCampaign, your subscribers' personal data — names, email addresses, engagement history, behavioral data — sits on US-based servers controlled by a third party.
The Schrems II ruling invalidated the EU-US Privacy Shield, making transfers of personal data to US companies legally questionable. Standard Contractual Clauses help, but they add complexity and don't eliminate risk. If your Data Protection Officer is nervous about your email marketing stack, they should be — most SaaS email platforms store data outside the EU.
Self-hosting with Punchmail eliminates this problem entirely. Your subscriber data lives on your server, in your data center, in your jurisdiction. There are no transatlantic data transfers, no third-party processors to audit, and no DPA amendments to negotiate. You are the data controller and the processor.
Beyond data location, Punchmail gives you full control over data retention, deletion, and portability. Subscriber deletion is actual deletion — not a soft-delete that leaves data lingering in backup systems you can't access. DSAR requests are handled directly from your own database, not through a vendor's support ticket system.
Host on any EU server provider. Your data never crosses borders, never touches US infrastructure, never leaves your control.
Direct database access for DSAR requests, data deletion, and portability. No support tickets, no waiting for vendor compliance.
You are the controller and processor. No DPAs to negotiate, no sub-processor lists to monitor, no audit requirements.
When you delete subscriber data, it's gone. Not soft-deleted, not lurking in backups. Real deletion from your own database.
We're not competing with Mailchimp's marketing budget. We're competing with their feature set.
| Punchmail | Mailchimp | Brevo | Mautic | |
|---|---|---|---|---|
| Self-hosted in EU | ✓ | ✗ | EU option | ✓ |
| No US data transfer | ✓ | ✗ | ✗ | ✓ |
| Direct database access | ✓ | ✗ | ✗ | ✓ |
| True data deletion | ✓ | ✗ | ✗ | ✓ |
| No third-party DPA needed | ✓ | ✗ | ✗ | ✓ |
| RFC 8058 one-click unsub | ✓ | ✓ | ✓ | ✗ |
| Block email editor | ✓ | ✓ | ✓ | Basic |
| Automation workflows | ✓ | ✓ | ✓ | ✓ |
| ClickHouse analytics | ✓ | ✗ | ✗ | ✗ |
| One-time pricing | ✓ | $350+/mo | $65+/mo | Free |
No PhD required. If you can copy-paste three commands, you can run Punchmail.
Clone the repo, copy the environment file, set your admin credentials.
git clone https://github.com/punchmail/punchmail && cp .env.example .env
One command spins up all 7 containers — app, database, analytics, queue, cache, email renderer. Done.
docker compose up -d
Add your SMTP provider in settings — Amazon SES, Postmark, your own Postfix, whatever. Create pools, set weights, configure failover.
Import subscribers, build your first campaign with the block editor, hit send. Welcome to email freedom.
No subscriber tiers. No send limits. No "contact sales." Just a price that makes sense.
🚀 Launch price for the first 100 customers. Then €99.
Our DPO spent six months auditing our Mailchimp setup for GDPR. With Punchmail on our Hetzner server in Falkenstein, the conversation was over in five minutes. Our data, our server, our jurisdiction.
Your subscribers. Your data. Your server. One price, forever.