🛡️ TARGET EXCLUSIVE

The only SMTP that stops you
from sending 'Integration Test #1'
to real customers.

Send-Time Firewall: policy-as-code for every outgoing email.
Block staging→prod leaks. Idempotency. Hold-window. Rate-limit. Content guardrail.

Try it free How it works

The problem

Your customer's app makes a mistake. The SMTP never notices.

HBO Max, Johns Hopkins, Columbia University, SUNY Buffalo, UCSD — they all sent test emails to real customers by mistake.
Have you ever pushed test code to production and woken up to read the fallout?

🐛

Bug → 50,000 broken emails

A poorly rendered template with {{undefined}} and your customer reads "Hi undefined".

🔁

Retry storm → 7 duplicate emails

The queue loops and every customer gets the same email 7 times. No SMTP supports Idempotency-Key.

😱

Push → "Integration Test #1"

The staging key is still active in prod. Your 50k mailing list gets "Test #1 - ignore please".

The solution

Define the rules. Target enforces them before each send.

For each API key you configure JSON policies. The firewall evaluates every email before SMTP delivery.

Policy "staging-safe" — real example

// API key: tm_test_staging_xxxxxxxxxxx
{
  "allowed_recipients": [
    "*@miaazienda.it",
    "*+test@*",
    "qa@mailinator.com"
  ],
  "blocked_patterns": [
    "{{undefined}}",
    "[object Object]",
    "localhost:3000"
  ],
  "idempotency_required": true,
  "hold_window": 30,
  "rate_per_recipient": {
    "max": 5,
    "window_seconds": 86400
  }
}

9 protections no other SMTP offers

Recipient allowlist/denylist

Define exactly who each API key is allowed to email. Staging will never reach real customers.

Hold-window 0-300s

The email is queued for 30 seconds (configurable). You get an atomic window to cancel it via API DELETE.

Idempotency-Key

Just like Stripe Payments. No more duplicates from retry storms: same ID = same send.

Content guardrail

Block patterns like {{undefined}}, localhost:* links, unresolved placeholders.

Per-recipient rate limit

Max N emails to the same address per window X. No more "same email 50 times" from a runaway loop.

Dry-run mode

Log violations without blocking for N days. See what would have happened before turning enforcement on.

HMAC-SHA256 signed audit log

Every violation creates an immutable, cryptographically signed record. Compliance-ready for GDPR/SOX.

Real-time alerts

Email + webhook + Slack when a critical policy blocks a send. No more surprises.

1-click On/Off

Master switch to disable instantly. Your policies stay saved, just not enforced.

Compared to other SMTPs

Target is the only SMTP-as-a-service provider with programmable outbound policies.

Feature	SendGrid	AWS SES	Resend	Postmark	Target SMTP
Email sending	✓	✓	✓	✓	✓
Outbound policy DSL	—	—	—	—	✓
Atomic hold-window	10min (limited)	—	—	—	✓
Idempotency-Key	—	—	—	—	✓
Content guardrail	—	—	—	—	✓
Per-recipient rate limit	—	—	—	—	✓
Signed audit log	—	partial	—	—	✓
Dry-run mode	—	—	—	—	✓
Italian SdI invoicing	—	—	—	—	✓

Real-world use cases

🏦

B2B SaaS

The staging API key can only send to *@mycompany.com and *+test@*. Even if you ship broken code, no real customer will ever receive a test.

💼

E-commerce

When a customer retries an order, the idempotency key guarantees they get ONE confirmation. No more "I got 7 emails for the same order".

⚖️

Law firms / fintech

HMAC-SHA256 signed audit log for every policy decision. Cryptographic proof for compliance, audits and disputes.

🚨

Critical notifications

30s hold-window on mass-broadcast emails. Disaster? Hit "cancel" within 30 seconds and nobody receives it. Atomic, guaranteed.

One price. Every protection.

Optional add-on for any Target SMTP plan. Turn it on or off in one click.

Target Guard

€29/month

or €290/year (save €58)

Unlimited policies per API key
Configurable hold-window 0-300s
Cross-channel Idempotency-Key
Content guardrail + rate-limit
HMAC-SHA256 signed audit log
30-day dry-run mode
Real-time alerts + webhook

Get started

Cancel any time. No lock-in.

Frequently asked questions

What happens if I want to turn it off?

Any time, from the Target panel or by cancelling the Stripe subscription. Your policies stay saved for future reactivation. Emails keep flowing normally, just without the checks.

Does it add latency to emails?

No, unless you configure a hold-window. Policy evaluation adds ~2-5ms per email (vs. the typical 50-200ms of SMTP delivery). For critical OTP/2FA flows you can disable the hold-window on those specific API keys.

Can I test it before paying?

Yes: 14-day free trial. Plus every policy starts in dry-run mode: it logs violations without blocking. See what would have happened in production before turning real enforcement on.

Is it patented? Can I copy it?

The "Send-Time Firewall" is proprietary Target SMTP technology. The combination of policy DSL + atomic hold-window + cross-channel idempotency + signed audit is unique in the SMTP-as-a-service space.

No more "Integration Test #1"
to real customers.

Set up in 5 minutes. 14-day free trial. Cancel any time.

Enable Send-Time Firewall