A command center built for infrastructure operators. Manage API keys, rotate secrets, inspect the relay queue, and monitor rate limits across all tenants; with tenant isolation enforced at every layer and a full per-user audit trail on every action.
Rate limits are enforced using rolling window counters across minute, hour, day, and month windows — tracked in Redis and enforced at the gateway layer before any request reaches the application. Enterprise quota overrides are applied instantly without a redeployment.
| Feature | Free | Starter$4 / mo | Pro$29 / mo | Business$249 / mo | EnterpriseCustom |
|---|---|---|---|---|---|
| Email Accounts (Mailboxes) | 1 | 5 | 25 | 150 | Unlimited |
| API Requests / min | 60 | 300 | 1,000 | 5,000 | Unlimited |
| Sends / day | 0 | 1,000 | 10,000 | 100,000 | Custom |
| Storage | 1 GB | 10 GB | 50 GB | 500 GB | Custom |
| Access Modes | REST + Native | REST + gRPC + Native | All modes | All modes | All modes |
| Webhooks | — | 5 endpoints | 20 endpoints | Unlimited | Unlimited |
| MCP Access | — | — | ✓ | ✓ | ✓ |
| SLA | Best effort | 99.9% | 99.95% | 99.99% | Custom |
Rate limit counters are rolling windows; not fixed-interval buckets. A burst at 11:59 does not carry penalty into 12:00. Enterprise overrides are written to the gateway configuration layer and take effect in under one second.
Hermers ingests DMARC aggregate and forensic reports, enforces MTA-STS policies on every outbound relay, validates DANE TLSA records on delivery, and surfaces everything in the console ; with instant webhook secret rotation when you need it.
Per-domain signing keypairs provisioned at tenant creation. DMARC aggregate and forensic reports ingested continuously and surfaced in the console dashboard.
Every outbound delivery enforces the destination domain's MTA-STS policy. DANE TLSA records are validated per RFC 7671. BIMI logos are resolved, cached, and delivered in the pipeline.
API keys are the boundary of every integration's access. Create keys with explicit scope arrays, inspect what each key has touched, and rotate or revoke any key instantly ; with zero milliseconds of service downtime for compliant integrations.
Keys are provisioned with an explicit scope array. The scope is the key's complete permission boundary ; it cannot be escalated at runtime, regardless of the calling user's privileges.
Inspect outbound relay queues in real time. View pending messages, delivery attempts, and failure reasons. Every admin action ; key creation, tenant change, quota override, relay retry ; is logged in the immutable audit trail.
Monitor the relay queue from the console or via the CLI. Inspect delivery attempts, view bounce reasons, and trigger manual retries or cancellations without touching infrastructure.
Every consequential action in the system emits an audit event. Events are written in the same transaction as the change they describe ; if the change rolls back, the audit event does too.
Tenant isolation is enforced by strict data isolation policies at the infrastructure layer ; not middleware, not application logic. A misconfigured application returns zero rows. A compromised API key cannot reach another tenant's data. There is no code path that bypasses this.
User passwords are hashed with Argon2id ; the winner of the Password Hashing Competition and the modern standard for credential storage. TOTP 2FA is available to all users on all plans.
Team tenants manage members with preset roles and custom per-user privilege JSONB merged at invitation acceptance. Role and privilege changes are audited and immediately effective.
Provision keys, inspect relay queues, review audit logs, and monitor security policy enforcement ; from the console or the CLI. No separate observability tooling required.
Open Console →Unlimited API limits, custom storage, quota overrides applied in under a second, and a direct engineering line for production incidents. No shared infrastructure.
Contact Sales →