Compliance Notice: Authcrest provides infrastructure for opt-in transactional messaging only. Unsolicited bulk email is strictly prohibited.   View Acceptable Use Policy →
Infrastructure — Compliance — Security

Secure Communication Infrastructure for the Enterprise

Authcrest delivers compliance-first transactional messaging infrastructure for SaaS platforms, financial institutions, and enterprise software providers across the UK and Europe.

Request a Demo View Documentation
99.5%
Delivery Rate
0.01%
Complaint Rate
24/7
Abuse Monitoring
authcrest-relay — smtp-uk-1.authcrest.co.uk
Establishing TLS 1.3 connection...
Connection secured (ECDHE-RSA-AES256-GCM-SHA384)
SPF record validated (pass)
DKIM signature verified (2048-bit RSA)
DMARC policy applied (p=reject)
Sender identity: KYC_VERIFIED
IP reputation score: 98/100
Message accepted — routing to delivery pool
Compliance check: PASSED
Delivered in 312ms
🇬🇧 UK-Registered Company
🔒 TLS 1.3 Encrypted Transit
UK GDPR Compliant
🛡️ PECR Adherence
🔍 KYC Verified Onboarding
📋 Manual Compliance Review
Core Infrastructure

Purpose-built for Transactional Messaging

Every component of the Authcrest platform is designed around compliance, deliverability, and security. We serve only verified enterprise clients with legitimate transactional use cases.

📨
Transactional Email Infrastructure
High-throughput, low-latency email delivery infrastructure engineered for password resets, notifications, and system-generated messages.
🔐
Secure SMTP Relay
Authenticated SMTP relay with mandatory TLS enforcement, SASL authentication, and connection rate limiting per client account.
Communication API
RESTful API with HMAC-signed requests, API key rotation, webhook delivery confirmations, and comprehensive audit logging.
🌐
Domain Authentication
Expert guidance and tooling for SPF, DKIM, and DMARC configuration. Mandatory for all sending domains before activation.
🖥️
Dedicated IP Allocation
Dedicated IP addresses with IP warming support, reputation monitoring, and immediate isolation capability in the event of abuse.
📊
Delivery Analytics
Real-time dashboards covering delivery rates, bounce classifications, complaint tracking, and engagement metrics per campaign type.
Compliance First

Strict Anti-Spam Enforcement by Design

Authcrest operates a zero-tolerance policy towards unsolicited bulk email. All accounts undergo manual compliance review and identity verification prior to activation.

🔎
KYC Verification
MANDATORY
📋
Manual Review
ALL ACCOUNTS
🚫
Opt-in Only
ENFORCED
🇬🇧
UK GDPR
COMPLIANT
📡
PECR
ADHERENT
🌍
CAN-SPAM
COMPLIANT
🤖
Abuse Detection
AUTOMATED
Suspension
IMMEDIATE
Onboarding Process

Compliance-First Onboarding

Every new account undergoes a thorough verification process. We do not offer self-service activation. Infrastructure access is granted only after successful review.

01
Application Submission
Submit your business details, use case description, and estimated monthly volume.
02
KYC Identity Check
Provide company registration documents, director ID, and VAT registration where applicable.
03
Compliance Review
Our compliance team manually reviews your sending use case and opt-in practices.
04
Infrastructure Access
Domain authentication is configured, IP allocated, and API credentials issued.
Company

About Authcrest Ltd

A London-based secure communication infrastructure provider, founded in 2021. Registered and operating in England and Wales.

Our Mission

Infrastructure Built on Integrity

Authcrest was established in 2021 by a team of infrastructure engineers and compliance specialists who observed a significant gap in the UK market: enterprise organisations needed a messaging infrastructure partner that placed regulatory compliance at the centre of its offering, not as an afterthought.

We serve SaaS platforms, financial institutions, regulated industries, and enterprise software providers who require messaging infrastructure that can demonstrate compliance with UK GDPR, the Privacy and Electronic Communications Regulations (PECR), and international standards including CAN-SPAM.

Every account activated on the Authcrest platform has been manually reviewed by our compliance team. We do not offer automated self-service onboarding. This deliberate approach ensures the integrity of our shared infrastructure and the deliverability of every client.

Leadership Team

JS
James Stratford
Chief Executive Officer
Former Head of Infrastructure at a FTSE 250 financial services firm. Over 18 years of experience in enterprise messaging systems and compliance architecture.
AN
Amara Nwosu
Chief Compliance Officer
Specialist in UK data protection law, PECR, and cross-border data flows. Previously with the ICO's technical advisory division. CIPP/E certified.
DE
Daniel Eriksson
Chief Technology Officer
Infrastructure architect with deep expertise in SMTP protocol, email authentication standards, and high-availability distributed systems.
SP
Sarah Patel
Head of Security Operations
Leads real-time abuse monitoring, threat intelligence, and IP reputation management. CISSP and CEH certified.
MC
Michael Chen
Head of Enterprise Sales
Focuses exclusively on enterprise and institutional clients across UK and European markets. Background in infrastructure and SaaS sales.
LH
Laura Hughes
General Counsel
Solicitor specialising in technology law, data protection, and commercial contracts. Advises on UK and EU regulatory matters.
Company Registration Details
Legal Entity:Authcrest Ltd
Company Number:13847562
VAT Number:GB 421 8834 07
Incorporated:March 2021
Jurisdiction:England and Wales
Registered Office:4th Floor, 12 Finsbury Square, London, EC2A 1AN
ICO Registration:ZB341092
SIC Code:62090 — Other information technology service activities
Platform

Infrastructure Solutions

A suite of purpose-built services for enterprise transactional messaging, designed around strict compliance and deliverability requirements.

📨 Transactional Email Infrastructure

High-throughput SMTP infrastructure purpose-built for system-generated, one-to-one transactional messages. Supports password resets, account notifications, billing alerts, and system events.

  • Sub-500ms delivery SLA for priority queues
  • Separate routing pools per message category
  • Automatic retry with exponential backoff
  • End-to-end delivery tracking and webhooks

🔒 Secure SMTP Relay

Authenticated relay service with mandatory TLS 1.2+ enforcement. Supports both SASL PLAIN and certificate-based authentication for enterprise integrations.

  • TLS 1.3 enforced for all connections
  • SASL PLAIN with API key credentials
  • Connection rate limiting and throttling
  • Inbound authentication logging

⚡ Communication API

RESTful JSON API with HMAC-SHA256 request signing, supporting single-message dispatch, batch operations, and real-time status querying.

  • HMAC-SHA256 signed requests
  • API key management with scoped permissions
  • Batch send up to 1,000 messages per call
  • Comprehensive audit log via webhook or pull

🌐 Domain Authentication Support

Mandatory SPF, DKIM, and DMARC configuration for all sending domains. Our team provides implementation guidance and ongoing monitoring of authentication record health.

  • SPF record creation and validation
  • 2048-bit DKIM key generation and rotation
  • DMARC policy implementation (p=reject)
  • Continuous DNS record health monitoring

🖥️ Dedicated IP Allocation

Clients on Professional and Enterprise plans receive dedicated IP addresses with IP warming plans, real-time reputation scoring, and immediate isolation capability.

  • Structured IP warming over 4–8 weeks
  • Real-time reputation scoring (Talos, Spamhaus)
  • Automatic isolation on reputation alert
  • PTR/rDNS configuration support

📊 Bounce & Complaint Monitoring

Automated processing of hard and soft bounces, abuse complaint feedback loops, and suppression list management to protect your sender reputation.

  • Hard and soft bounce classification
  • FBL integration with major ISPs
  • Automatic suppression on complaint
  • Exportable suppression lists via API

📡 Enterprise Routing & Failover

Multi-region routing infrastructure with automatic failover, load balancing across delivery pools, and priority-based queue management for critical messages.

  • UK-primary, EU-secondary infrastructure
  • Automatic failover under 30 seconds
  • Priority queue routing (P1–P3)
  • 99.95% infrastructure uptime SLA

🛡️ Identity & Sender Verification

KYC-based onboarding with document verification, continuous sender identity validation, and fraud risk scoring for all accounts.

  • Company registration document verification
  • Director identity verification (UK/EU)
  • Ongoing fraud risk scoring
  • Manual review by compliance team
Sectors

Industries We Serve

Authcrest serves enterprise and regulated organisations where messaging compliance, data protection, and delivery reliability are mission-critical requirements.

🏦

Financial Services

Banks, investment platforms, and fintech companies requiring FCA-aware communication infrastructure with full audit trails and GDPR-compliant data handling.

⚕️

Healthcare & MedTech

Healthcare providers and medical software platforms needing secure, encrypted transactional messaging with data residency controls and NHS Digital alignment.

⚖️

Legal & Professional Services

Law firms, accountancy practices, and regulated professional service organisations requiring confidential, auditable communication infrastructure.

🛒

Enterprise SaaS Platforms

B2B SaaS companies with significant transactional volume requiring reliable, compliant infrastructure to power their product communications at scale.

🏛️

Public Sector & Government

UK public sector organisations and government-adjacent technology providers requiring G-Cloud-adjacent infrastructure and UK data residency assurances.

🛡️

Insurance & Risk

Insurance carriers, brokers, and insurtech platforms with compliance obligations around policyholder communications and regulatory reporting.

🏗️

PropTech & Real Estate

Property technology platforms and estate agency networks requiring compliant tenant, buyer, and vendor communication infrastructure.

🎓

EdTech & Higher Education

Educational technology providers and higher education institutions serving student populations, with FERPA and GDPR-aware messaging requirements.

🔐

Cybersecurity & Identity

Security software vendors and identity platform providers with critical authentication messaging requirements — OTPs, alerts, and incident notifications.

Pricing

Transparent, Volume-Based Pricing

All plans require completed KYC verification and compliance review before activation. Pricing is quoted in GBP excluding VAT.

Growth
£299/month
For early-stage SaaS companies with established opt-in practices and verified transactional use cases.
  • Up to 500,000 messages/month
  • Shared IP infrastructure
  • SPF, DKIM, DMARC support
  • Delivery analytics dashboard
  • Bounce & complaint processing
  • REST API access
  • Suppression list management
  • Email support (48hr SLA)
  • UK GDPR compliance guidance
Apply for Access
KYC verification required · Manual review up to 5 business days
Most Popular
Professional
£799/month
For established businesses and scaling platforms with higher volume requirements and dedicated IP needs.
  • Up to 5,000,000 messages/month
  • 2× dedicated IP addresses
  • IP warming programme included
  • Advanced domain authentication
  • Real-time reputation monitoring
  • Priority routing queues
  • Webhook delivery confirmations
  • Phone & email support (8hr SLA)
  • Quarterly compliance review call
Apply for Access
KYC verification required · Manual review up to 5 business days
Enterprise
Custom pricing
For financial institutions, regulated organisations, and high-volume enterprise clients with bespoke requirements.
  • Unlimited monthly volume
  • Dedicated IP pool (5+)
  • Multi-region routing & failover
  • 99.95% infrastructure SLA
  • Dedicated compliance account manager
  • Custom data retention policies
  • SOC 2 Type II report on request
  • 24/7 priority support (1hr SLA)
  • DPA and custom contract terms
Contact Sales
Enhanced KYC · Legal review · Dedicated onboarding
⚠ Important: Authcrest does not permit unsolicited bulk email, affiliate marketing campaigns, purchased mailing lists, or any communication to recipients who have not provided verified opt-in consent. Violation of our Acceptable Use Policy results in immediate account suspension without refund.
Developer Documentation

API Reference & Integration Guides

Authentication

All requests to the Authcrest API must be authenticated using an API key issued during account activation. API keys are scoped to specific permissions and should be treated as sensitive credentials. Never embed API keys in client-side code or public repositories.

API Key Format

Authcrest API keys follow the format ac_live_<key_id>_<secret>. Keys prefixed with ac_test_ may be used in the sandbox environment without incurring charges or sending real messages.

Request Authentication

Include your API key in the X-Authcrest-Key header on every request. All requests must be made over HTTPS. Requests over plain HTTP will be rejected.

# Example: Send a transactional message curl -X POST https://api.authcrest.co.uk/v1/messages \ -H "X-Authcrest-Key: ac_live_k7x9m_a1b2c3d4e5f6g7h8i9" \ -H "Content-Type: application/json" \ -d '{ "from": "noreply@app.example.co.uk", "to": "user@recipient.com", "subject": "Your account verification code", "text": "Your verification code is 483920. Valid for 10 minutes.", "category": "transactional", "tags": ["auth", "otp"] }'

API Endpoints

POST /v1/messages — Send a single message
POST /v1/messages/batch — Send up to 1,000 messages
GET /v1/messages/{id} — Retrieve message status
GET /v1/analytics/summary — Delivery summary report
GET /v1/suppression — List suppressed addresses
DELETE /v1/suppression/{email} — Remove from suppression

Response Format

All responses are returned as JSON. Successful requests return HTTP 200 or 202 with a response body. Error responses include a machine-readable error_code and human-readable message.

// Success response { "id": "msg_01HZ5X9K2P4M8N3Q7R6T", "status": "accepted", "queued_at": "2026-02-15T14:23:01Z", "estimated_delivery_ms": 312 } // Error response { "error_code": "DOMAIN_NOT_AUTHENTICATED", "message": "The sending domain has not completed authentication setup.", "docs_url": "https://docs.authcrest.co.uk/errors/domain-auth" }

SMTP Relay Credentials

For applications that require SMTP rather than the API, use the following connection details. STARTTLS is mandatory. Plain connections are rejected at the server level.

Host: smtp-uk-1.authcrest.co.uk Port: 587 (STARTTLS — recommended) 465 (SSL/TLS) Username: your_account_id@authcrest.co.uk Password: Your API key (ac_live_...) Encryption: STARTTLS or SSL/TLS (TLS 1.2 minimum)

Rate Limits

Rate limits are applied per API key. Growth plan accounts are limited to 100 requests per second. Professional and Enterprise accounts have limits configured during onboarding. Exceeding rate limits returns HTTP 429 with a Retry-After header.

Trust & Safety

Security & Compliance

Our infrastructure is built on a security-first foundation. Every layer of the Authcrest platform is designed to protect sender reputation, recipient privacy, and platform integrity.

🔐

TLS Encryption in Transit

All connections to the Authcrest platform — both SMTP and API — require TLS 1.2 as a minimum, with TLS 1.3 strongly recommended and enforced where supported. We use ECDHE cipher suites for forward secrecy. Plain-text connections are rejected at the network perimeter.

🌐

Mandatory Domain Authentication

No sending domain is activated on our platform without completed SPF, DKIM, and DMARC configuration. We enforce DMARC with a minimum policy of p=quarantine, and strongly encourage p=reject for enterprise accounts. DKIM keys are 2048-bit RSA with 90-day rotation.

🖥️

Dedicated IP Reputation Management

Each dedicated IP address is monitored in real-time against major industry blacklists including Spamhaus, Talos, Barracuda, and Senderscore. Automated alerting triggers an immediate review and, where necessary, automatic isolation of the affected IP from the delivery pool.

🤖

Real-Time Abuse Monitoring

Our Security Operations team monitors traffic 24 hours a day, 7 days a week. Automated systems flag anomalous sending patterns, unexpected volume spikes, and unusual content signatures. Flagged accounts are queued for immediate human review.

🔎

Compliance-First Onboarding

We do not offer automated self-service account creation. Every account requires KYC identity verification, business registration confirmation, and manual use-case review by our compliance team. Typical review times are 2–5 business days for Growth and Professional plans.

⚖️

Fraud & Risk Assessment

Our internal fraud team conducts risk assessments for all new accounts and performs periodic reviews of existing clients. We share threat intelligence with industry partners and report confirmed abuse to relevant authorities in accordance with UK law.

📋

UK GDPR & PECR Compliance

Authcrest operates as a Data Processor under UK GDPR. We maintain comprehensive records of processing activities, execute Data Processing Agreements with all clients, and provide tools to support Subject Access Requests and Right to Erasure obligations.

🚫

Zero-Tolerance Anti-Spam Policy

Unsolicited bulk email, purchased mailing lists, co-registration schemes, and affiliate mailings are strictly prohibited. Accounts found to be in violation are suspended immediately without prior notice, and refunds are not issued for policy violations.

Certifications & Standards

Recognised Standards & Frameworks

ISO 27001
Information Security Management — in progress
SOC 2 Type II
Available on request for Enterprise clients
Cyber Essentials+
NCSC-backed certification
UK GDPR
ICO registered — ZB341092
PECR
Privacy and Electronic Communications Regs
CAN-SPAM
US compliance for international clients
Contact

Get in Touch

All new account requests undergo manual compliance review. Please include details of your use case and estimated monthly volume.

Request Access / Sales Enquiry

ℹ All applications undergo manual compliance review. We do not accept unsolicited bulk email use cases. Review typically takes 2–5 business days.

Registered Office

🏢Authcrest Ltd
4th Floor, 12 Finsbury Square
London, EC2A 1AN
United Kingdom

Contact Details

📧sales@authcrest.co.uk
📧support@authcrest.co.uk
📧compliance@authcrest.co.uk
📞+44 (0)20 7946 0823

Support Hours

🕐Monday–Friday: 08:00–20:00 GMT
Saturday: 09:00–17:00 GMT
Sunday: Emergency only (Enterprise)

Legal & Compliance

📋Company No. 13847562
VAT No. GB 421 8834 07
ICO Registration: ZB341092

Privacy Policy

Authcrest Ltd — Last updated: 1 February 2026 | Effective from: 1 March 2021

1. Who We Are

Authcrest Ltd ("Authcrest", "we", "our", "us") is a company registered in England and Wales (Company No. 13847562), with its registered office at 4th Floor, 12 Finsbury Square, London, EC2A 1AN. We are the Data Controller in respect of personal data we collect about visitors to this website and prospective clients. For personal data processed on behalf of our clients, we act as a Data Processor.

We are registered with the Information Commissioner's Office (ICO) under registration number ZB341092.

2. Personal Data We Collect

We may collect the following categories of personal data: name and contact details; company information and job title; usage and interaction data relating to our platform and website; technical data such as IP address, browser type, and device information; communications you send to us; and identity verification documents collected as part of our KYC process.

3. Legal Basis for Processing

We process your personal data under the following lawful bases under UK GDPR: contract performance (to deliver our services to you); legitimate interests (to operate, improve, and secure our platform); legal obligation (to comply with applicable law and regulatory requirements); and your consent (where explicitly obtained).

4. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, and in accordance with our legal obligations. Account data is retained for the duration of the contractual relationship and for 7 years thereafter for legal and regulatory compliance purposes.

5. Your Rights

Under UK GDPR, you have the right to: access your personal data; rectify inaccurate data; erasure (right to be forgotten) in certain circumstances; restriction of processing; data portability; and to object to processing. To exercise any of these rights, please contact us at compliance@authcrest.co.uk.

6. International Transfers

We process data within the UK and the European Economic Area. Where transfers outside these areas are necessary, we implement appropriate safeguards in accordance with UK GDPR, including Standard Contractual Clauses.

7. Contact

For any privacy-related queries, please contact our Data Protection contact at: compliance@authcrest.co.uk or write to us at our registered office address above.

Terms of Service

Authcrest Ltd — Last updated: 1 February 2026 | Governing law: England and Wales

1. Agreement

These Terms of Service ("Terms") constitute a legally binding agreement between Authcrest Ltd ("Authcrest") and the entity or individual ("Client") that has applied for and been granted access to the Authcrest platform. By activating or using any Authcrest service, you confirm that you have read, understood, and agree to be bound by these Terms.

2. Service Description

Authcrest provides transactional messaging infrastructure services including SMTP relay, RESTful API access, domain authentication support, delivery analytics, and related services. All services are provided subject to these Terms, the Acceptable Use Policy, and the Privacy Policy.

3. Eligibility & Compliance Requirements

Clients must be a duly incorporated legal entity or a sole trader operating lawfully in their jurisdiction. All accounts require successful completion of our KYC identity verification process and manual compliance review before activation. Providing false or misleading information during the onboarding process is grounds for immediate termination.

4. Prohibited Uses

The following uses are strictly prohibited and will result in immediate account suspension: sending unsolicited bulk email (spam); purchasing, renting, or harvesting email lists; sending to recipients who have not explicitly opted in; affiliate or co-registration mailing; and any use that violates applicable law including UK GDPR, PECR, or CAN-SPAM.

5. Payment Terms

Fees are payable monthly in advance by credit card or bank transfer. All fees are quoted in GBP and are exclusive of VAT. Authcrest reserves the right to adjust pricing with 30 days' written notice. Fees are non-refundable except where Authcrest has materially breached these Terms.

6. Limitation of Liability

To the maximum extent permitted by applicable law, Authcrest's aggregate liability arising from or in connection with these Terms shall not exceed the total fees paid by the Client in the three months preceding the event giving rise to the claim. Authcrest shall not be liable for indirect, consequential, or punitive damages.

7. Governing Law

These Terms are governed by the laws of England and Wales. Any disputes shall be subject to the exclusive jurisdiction of the courts of England and Wales.

Acceptable Use Policy

Authcrest Ltd — Last updated: 1 February 2026 | Applies to all accounts

Authcrest is a transactional messaging infrastructure provider only. We do not permit, support, or enable marketing campaigns, bulk mail, purchased lists, or any form of unsolicited electronic communication. Violations result in immediate account suspension.

1. Permitted Uses

The Authcrest platform is authorised for use only in connection with the following categories of transactional messages, sent only to recipients who have actively opted in or who have a pre-existing relationship with the sender:

  • Account authentication messages (OTPs, password resets, MFA codes)
  • System notifications triggered by a user action
  • Transactional receipts and confirmations
  • Service status and incident alerts
  • Regulatory and compliance notifications
  • Billing and payment notifications to existing customers

2. Strictly Prohibited Activities

The following activities are absolutely prohibited and will result in immediate suspension without notice or refund:

  • Sending unsolicited commercial email (spam) of any kind
  • Sending to purchased, rented, scraped, or harvested email lists
  • Affiliate marketing, lead generation, or co-registration campaigns
  • Bulk promotional or marketing email, regardless of list source
  • Sending to any recipient who has not provided verified opt-in consent
  • Disguising the origin or identity of messages
  • Sending malware, phishing content, or deceptive content
  • Circumventing unsubscribe mechanisms or suppression lists
  • Violating any applicable anti-spam law or regulation

3. Opt-In Requirements

All recipients must have provided clear, unambiguous, and documented consent to receive communications from the sending organisation. Authcrest may request evidence of opt-in practices at any time. Failure to provide adequate evidence is grounds for account suspension.

4. Enforcement

Authcrest employs automated abuse detection systems operating continuously. Accounts that exhibit anomalous sending patterns, sustained complaint rates above 0.08%, or evidence of list purchasing are suspended immediately pending investigation. Authcrest reserves the right to report confirmed abuse to the ICO, the National Cyber Security Centre (NCSC), and other relevant authorities.

5. Volume Limits

Sending volumes are limited to the level specified in your service agreement. Sudden, unexplained increases in volume will trigger an automatic compliance review. Circumventing volume limits through multiple accounts is a violation of these Terms and will result in permanent ban.

6. Reporting Abuse

To report suspected abuse of the Authcrest platform, please contact abuse@authcrest.co.uk. We investigate all reports promptly and take action in accordance with this policy.

Overview Dashboard
Showing data for the last 30 days — Account: Acme Technologies Ltd
All Systems Operational
Total Messages
847,293
↑ 12.4% vs last period
Delivery Rate
99.5%
↑ 0.1% vs last period
Bounce Rate
0.2%
↓ 0.05% vs last period
Complaint Rate
0.01%
Stable — within policy
API Message Volume — Last 14 Days Transactional only
Authenticated Domains 3 active
app.acmeco.co.uk
SPF DKIM DMARC
notify.acmeco.co.uk
SPF DKIM DMARC
billing.acmeco.co.uk
SPF DKIM DMARC
Recent Activity Log Last 50 events
14:23:01
Message delivered — user@recipient.co.uk
Subject: Account verification code · notify.acmeco.co.uk
Sent
14:22:47
DKIM signature verified — billing.acmeco.co.uk
Key rotation required within 12 days
Review
14:21:09
Message delivered — j.smith@enterprise.org
Subject: Your invoice is ready · billing.acmeco.co.uk
Sent
14:19:55
Compliance check passed — batch #4421
847 messages processed, 0 blocked
Pass
14:15:30
Suppression applied — t.jones@example.com
Hard bounce — address no longer exists
Blocked
14:12:18
API key rotated by admin@acmeco.co.uk
Previous key deactivated — new key issued
Auth
Compliance Health Score
96
Excellent
DKIM renewal pending — action required
IP Reputation
Spamhaus Score Clean
Talos Score 98 / 100
Senderscore 94 / 100