Fortivult delivers compliance-first transactional messaging infrastructure for financial institutions, SaaS platforms, and enterprise software providers across the United Kingdom and Europe.
Every component of the Fortivult platform is designed with regulatory compliance, deliverability, and operational security as first principles — not afterthoughts.
Purpose-built relay infrastructure for order confirmations, account notifications, password resets, and other triggered transactional messages.
Authenticated SMTP relay with TLS enforcement, credential rotation support, and granular per-domain sending policies.
RESTful API with comprehensive webhooks, delivery event streams, and SDK support for rapid integration into existing platforms.
Guided SPF, DKIM, and DMARC configuration with continuous monitoring, alignment reporting, and failure alerting.
Dedicated sending IP addresses with controlled warm-up schedules, reputation monitoring, and ISP feedback loop integration.
Real-time delivery analytics, bounce categorisation, complaint monitoring, and exportable compliance reporting for audit purposes.
Intelligent message routing with automatic failover, priority queuing, and geographic redundancy to maintain service continuity.
Automated suppression list management including global unsubscribes, hard bounces, and complaint-based suppressions with API access.
Continuous IP and domain reputation monitoring against major blacklists with proactive alerting and remediation guidance.
Our platform enforces sending policies at the infrastructure layer — not merely at the application layer — ensuring that compliance requirements cannot be bypassed by misconfiguration or integration errors.
Acceptable Use Policy enforcement: Fortivult operates a zero-tolerance policy toward unsolicited commercial email, unauthorised bulk messaging, and any transmission intended to deceive or harm recipients. All accounts are subject to ongoing monitoring and may be suspended without notice in the event of a suspected policy violation.
Account activation at Fortivult follows a structured compliance review process. This ensures that our infrastructure is used exclusively for legitimate, opt-in transactional communications.
Submit your organisation details, intended use case, and estimated sending volumes via our secure application form.
Our compliance team conducts identity verification of the organisation and nominated responsible party before any access is provisioned.
A member of our compliance team manually reviews your use case, sending infrastructure, and recipient acquisition practices.
Sending domains must pass SPF, DKIM, and DMARC configuration checks before messages can be processed through the platform.
Accounts are activated with conservative rate limits, graduated over a structured warm-up period under ongoing compliance monitoring.
A London-based secure communications infrastructure provider, founded in 2021 to serve compliance-driven organisations.
Fortivult was established to address a persistent gap in the UK market: the absence of a transactional messaging infrastructure provider that treats regulatory compliance and sender reputation as primary product requirements rather than secondary considerations.
We operate under the principle that robust deliverability and strict compliance are not competing objectives. Our platform is engineered to achieve both simultaneously, providing enterprise organisations with the infrastructure confidence they require to meet regulatory obligations whilst maintaining high-quality communications with their customers.
Fortivult serves financial institutions, regulated SaaS platforms, and enterprise software providers that operate under heightened data protection and communications compliance obligations.
"Transactional messaging infrastructure should not require a legal team to evaluate before deployment. Fortivult exists to provide compliant infrastructure that organisations can use with confidence."
— Fortivult Founding Team, 2021
Fortivult Ltd incorporated at Companies House, London. Initial infrastructure deployment in UK data centres.
Public platform launch with SMTP relay and API services. First enterprise accounts activated following compliance review.
Secondary infrastructure nodes deployed across EU to support GDPR data residency requirements for European clients.
Dedicated compliance programme for FCA-regulated organisations launched, with enhanced KYC and audit logging capabilities.
Enterprise-grade routing and failover systems deployed. Real-time abuse monitoring team expanded.
Legal Entity
Fortivult Ltd
Company Number
14382916
VAT Number
GB 412 8847 31
Incorporated
September 2021
Registered Office
12 Finsbury Square, 3rd Floor
London, EC2A 1AS
Jurisdiction
England & Wales
Fortivult's platform is composed of discrete, enterprise-grade infrastructure components that can be deployed individually or as an integrated stack.
Our SMTP relay service provides a hardened, authenticated relay endpoint for transactional email delivery. All connections are encrypted with TLS 1.2 or higher, and sending credentials are issued on a per-domain basis to limit blast radius in the event of a credential compromise.
The relay enforces strict validation on the sending domain: messages will be rejected if the authenticated credential does not correspond to an approved sending domain, providing an additional layer of protection against domain spoofing.
The Fortivult API provides a RESTful interface for message submission, delivery tracking, and suppression management. All API requests are authenticated using bearer tokens scoped to specific permissions and sending domains.
Messages submitted via the API are validated against the sending domain allowlist before processing. Attempts to send from domains not explicitly authorised to the account will be rejected with an appropriate error code.
Mandatory domain authentication is a non-negotiable requirement for all Fortivult accounts. Our platform provides guided setup for SPF, DKIM, and DMARC records, with continuous monitoring for configuration drift and DMARC alignment failures.
All outbound messages are signed using DKIM with 2048-bit RSA keys. Key rotation is supported and automated alerts will notify account administrators when key expiry approaches.
Fortivult's compliance-first infrastructure is particularly well-suited to organisations operating under heightened regulatory obligations.
FCA-regulated institutions, challenger banks, and payment service providers require the highest standards of transactional communications infrastructure. Fortivult's platform provides audit-ready delivery logs, mandatory TLS enforcement, and compliance-reviewed onboarding for all financial services accounts.
Relevant: FCA regulations, UK GDPR, PECR, PCI-DSS communications requirements
SaaS platforms that process transactional volumes at scale require infrastructure that can maintain deliverability without compromising compliance. Fortivult provides dedicated IP allocation, domain reputation management, and real-time analytics for SaaS operators managing large sending volumes.
Relevant: UK GDPR processor obligations, data residency, suppression management
Healthcare organisations and clinical platform providers must ensure that patient-facing communications are delivered securely and in accordance with information governance standards. Fortivult supports data residency within the UK and EU, with audit-ready delivery reporting.
Relevant: UK GDPR, NHS Data Security Standards, special category data handling
Law firms, accountancy practices, and regulated professional services firms require communications infrastructure with strong confidentiality and audit trail properties. Fortivult provides message-level delivery confirmation and full event logging for all transmitted messages.
Relevant: SRA Code of Conduct, ICAEW guidance, UK GDPR
High-volume transactional messaging for order confirmations, shipping notifications, and account alerts. Fortivult's dedicated IP infrastructure and suppression management ensures consistent deliverability and compliance with opt-in communication requirements.
Relevant: UK GDPR, PECR, ICO guidance on direct marketing
Educational institutions and EdTech platforms managing student and staff communications benefit from Fortivult's compliant infrastructure, particularly where communications involve individuals under the age of 18 and heightened data protection obligations apply.
Relevant: UK GDPR, Children's Code (Age Appropriate Design Code)
All plans require completion of our compliance review and KYC process before activation. Volume pricing available for enterprise accounts.
Starter overage
£0.90 per 1,000 messages
Professional overage
£0.70 per 1,000 messages
Additional dedicated IPs
£25.00 per IP per month
Extended log retention
£15.00 per additional 90 days
Technical documentation for integrating with Fortivult's SMTP relay and REST API.
Once your account has been activated following compliance review, you may generate API keys from the API Keys section of your client dashboard. Keys are scoped to one or more approved sending domains. A key cannot be used to send from a domain that has not been explicitly added to your account and verified via domain authentication.
Before sending, add your sending domain to your account and configure the required DNS records. The platform will verify SPF, DKIM, and DMARC alignment before the domain is approved for sending. Domain authentication is mandatory and cannot be waived.
With an active API key and a verified domain, you may submit messages via the REST API or via the SMTP relay.
All API requests should be directed to: https://api.fortivult.co.uk/v1/
All requests must include an Authorization header with a bearer token obtained from your dashboard.
| Method | Endpoint | Description |
|---|---|---|
| POST | /v1/messages | Submit a message for delivery |
| GET | /v1/messages/{id} | Retrieve message status and events |
| GET | /v1/messages | List messages with filters |
| GET | /v1/domains | List authenticated sending domains |
| POST | /v1/domains | Add a new sending domain |
| GET | /v1/domains/{id}/verify | Trigger DNS verification check |
| GET | /v1/suppressions | List suppressed addresses |
| POST | /v1/suppressions | Add address to suppression list |
| DELETE | /v1/suppressions/{address} | Remove address from suppression list |
| GET | /v1/stats/overview | Retrieve delivery statistics summary |
| Setting | Value | Notes |
|---|---|---|
| Server | smtp.fortivult.co.uk | Primary relay endpoint |
| Port (STARTTLS) | 587 | Recommended for application use |
| Port (SMTPS) | 465 | TLS from connection initiation |
| Encryption | TLS 1.2 minimum (TLS 1.3 preferred) | Plain connections refused |
| Authentication | SMTP AUTH (PLAIN or LOGIN) | Username format: account credential ID |
| DKIM Signing | Automatic | 2048-bit RSA key per domain |
Fortivult delivers real-time message events to a HTTPS endpoint of your choice. All webhook payloads are signed using HMAC-SHA256. You should verify the signature before processing any webhook payload.
| Event | Description |
|---|---|
| message.sent | Message accepted and transmitted to receiving MTA |
| message.delivered | Confirmed delivery acknowledgement received |
| message.bounced | Hard or soft bounce received from receiving MTA |
| message.complaint | Spam complaint received via ISP feedback loop |
| message.deferred | Delivery temporarily deferred; retry scheduled |
| message.failed | Delivery permanently failed (non-retryable) |
| suppression.added | Address added to suppression list |
Fortivult provides official SDK libraries for common languages and frameworks. All SDKs are open source and available on the Fortivult public repository.
npm install @fortivult/node
Full TypeScript support, Promise-based API, automatic retry with exponential backoff.
pip install fortivult
Sync and async support (asyncio), Pydantic models for request/response validation.
composer require fortivult/fortivult-php
PSR-7 compatible, Laravel integration package available separately.
gem install fortivult
ActiveSupport compatible, Rails Action Mailer adapter available.
Fortivult is designed with security and regulatory compliance as foundational requirements, not features.
Fortivult acts as a data processor for message content and recipient data. Data Processing Agreements (DPAs) are available for all accounts. Processing activities are limited to those required to deliver the contracted service.
All accounts are required to confirm that communications submitted for delivery comply with PECR requirements. The Fortivult platform does not permit submission of unsolicited commercial communications and enforces this at the infrastructure level.
For clients transmitting to recipients in the United States, the platform supports compliance with CAN-SPAM requirements including mandatory unsubscribe processing and suppression list management.
Fortivult operates an internal abuse monitoring team that reviews sending patterns, complaint rates, and bounce rates in real time. Accounts exhibiting indicators of abuse or policy violation are subject to immediate rate limitation or suspension pending investigation.
Every new account undergoes a manual compliance review before activation. Our onboarding process includes identity verification (KYC), use case assessment, and an internal risk assessment before any sending credentials are issued.
All new account enquiries are subject to a compliance review. Please provide accurate information about your organisation and intended use case.
Registered Office
12 Finsbury Square, 3rd Floor
London, EC2A 1AS
United Kingdom
Sales Enquiries
sales@fortivult.co.uk
Technical Support
support@fortivult.co.uk
Compliance & Abuse
compliance@fortivult.co.uk
Telephone
+44 (0)20 7946 0832
Monday–Friday, 09:00–17:30 GMT
Abuse Reports: To report abuse originating from Fortivult infrastructure, please email abuse@fortivult.co.uk with full message headers. All reports are investigated within 24 hours.
Last updated: 1 January 2026 | Fortivult Ltd (Company No. 14382916)
Fortivult Ltd ("Fortivult", "we", "our", "us") is committed to protecting the privacy of individuals who interact with our website and platform. This Privacy Policy explains how we collect, use, and protect personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Fortivult Ltd is the data controller for personal data collected through our website and platform. Our registered office is at 12 Finsbury Square, 3rd Floor, London, EC2A 1AS. You may contact our data protection contact at privacy@fortivult.co.uk.
We collect and process the following categories of personal data:
We process personal data on the following legal bases:
When you use the Fortivult platform to send transactional messages, recipient personal data (such as email addresses) passes through our infrastructure. For this processing, Fortivult acts as a data processor on your behalf, and you are the data controller. A Data Processing Agreement (DPA) is available upon request and is required for enterprise accounts.
Account data is retained for the duration of the contractual relationship and for a period of seven years thereafter, in accordance with UK legal and accounting requirements. Message delivery logs are retained for the period specified in your account plan. API access logs are retained for a minimum of 90 days for security purposes.
Under UK GDPR, you have the right to access, rectify, erase, restrict, port, and object to processing of your personal data. To exercise these rights, please contact privacy@fortivult.co.uk. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
Fortivult's primary processing infrastructure is located in the United Kingdom. Where data is processed in the European Economic Area, we rely on UK adequacy decisions or Standard Contractual Clauses as the transfer mechanism.
Data protection enquiries should be directed to: privacy@fortivult.co.uk or by post to the registered office address above.
Last updated: 1 January 2026 | Fortivult Ltd (Company No. 14382916)
These Terms of Service ("Terms") govern your use of the Fortivult platform and services provided by Fortivult Ltd, a company registered in England and Wales (Company No. 14382916), with its registered office at 12 Finsbury Square, 3rd Floor, London, EC2A 1AS ("Fortivult", "we", "our", "us"). By accessing or using our platform, you agree to be bound by these Terms.
Access to the Fortivult platform is restricted to organisations and individuals who have completed our compliance review and identity verification (KYC) process. Providing false or misleading information during the application process will result in immediate termination of access and may be reported to relevant authorities.
The Fortivult platform is provided exclusively for legitimate transactional messaging: messages sent in direct response to a user action or as part of an ongoing service relationship where the recipient has provided informed consent. You must not use the platform for:
You are solely responsible for ensuring that your use of the platform complies with all applicable laws and regulations, including but not limited to UK GDPR, the Privacy and Electronic Communications Regulations 2003 (PECR), the CAN-SPAM Act (where applicable), and any sector-specific regulations applicable to your organisation.
Fortivult reserves the right to immediately suspend or terminate your account, without prior notice, in the event of a suspected or confirmed policy violation, or where we reasonably believe that continued access poses a risk to our infrastructure, our customers, or third parties. Suspension does not affect our right to pursue any other remedies available to us.
Uptime commitments are as specified in your selected service plan. Scheduled maintenance windows will be communicated with a minimum of 48 hours' notice where practicable.
To the maximum extent permitted by applicable law, Fortivult's total aggregate liability arising from or in connection with these Terms shall not exceed the fees paid by you in the three months preceding the event giving rise to the claim. Fortivult shall not be liable for indirect, consequential, or special damages.
These Terms are governed by the laws of England and Wales. Any disputes shall be subject to the exclusive jurisdiction of the courts of England and Wales.
Last updated: 1 January 2026 | This policy forms part of the Fortivult Terms of Service.
The Fortivult platform is provided exclusively for the following categories of communication:
The following activities are strictly prohibited and will result in immediate account suspension:
Accounts must maintain a spam complaint rate below 0.08%. Accounts exceeding this threshold will be subject to investigation and may be suspended pending review. Complaint rates above 0.3% will result in immediate suspension.
All recipients must have provided explicit, documented opt-in consent to receive communications from you. Consent must be freely given, specific, informed, and unambiguous. Pre-ticked boxes or bundled consent does not satisfy this requirement. You must be able to demonstrate consent records upon request.
Fortivult's abuse monitoring team reviews sending patterns, complaint rates, and bounce rates continuously. Accounts exhibiting indicators of abuse may be suspended immediately, without prior notice. Fortivult cooperates fully with law enforcement investigations and will disclose account information as required by applicable law.
To report suspected abuse originating from Fortivult infrastructure, please contact abuse@fortivult.co.uk with full message headers. All reports are treated as a priority and investigated within 24 hours.
Demo credentials: any email / any password
notifications.acmesoftware.co.uktransact.acmesoftware.comalerts.acmesoftware.io — action recommended| Message ID | From | Category | Status | Time |
|---|---|---|---|---|
| msg_Xp9kQ2rBnT4w | notifications@… | Transactional | Delivered | 09:14 |
| msg_Lm3wPqT7kX9n | notifications@… | Transactional | Delivered | 09:11 |
| msg_Qr8nBxT2mK4p | transact@… | Transactional | Delivered | 09:08 |
| msg_Yv5tRqX8bN3k | notifications@… | Transactional | Deferred | 09:04 |
| msg_Kp2mTxQ9nR7w | notifications@… | Transactional | Delivered | 09:01 |