1. 1

   Create an account

   Sign up at /register with your email address. The first 14 days are free, no card required.

2. 2

   Add your domain

   Open Admin → Domains and click Add domain. We’ll generate a DKIM key for it on the spot and show you the four DNS records to publish. DNS guide →

3. 3

   Publish DNS and verify

   Add the four records at your registrar (Cloudflare, Namecheap, GoDaddy, Gandi — same flow everywhere), then click Verify. We run live DNS lookups against public resolvers — usually green within five minutes.

4. 4

   Create a mailbox

   On the verified domain, open Accounts and add [email protected] with a password. The mailbox is also your AtPigeon login.

5. 5

   Send your first email

   Open the webmail at mail.atpigeon.com, sign in, write to yourself — then invite the team.

Replace yourdomain.com with your actual domain. Cloudflare, Namecheap, GoDaddy, Gandi — all the same: paste, save, wait.

What each record does

MX

Tells other mail servers where to deliver mail addressed to your domain. Priority 10 is fine.

SPF (TXT)

Authorises AtPigeon to send on behalf of your domain. We use include:_spf.atpigeon.com so we can rotate sending IPs without asking you to update DNS.

DKIM (TXT)

The public half of the keypair we use to cryptographically sign outgoing mail. Receivers fetch this to verify the signature.

DMARC (TXT)

Policy telling receivers what to do if SPF and DKIM both fail. p=none is “just report” — start there, tighten later.

Cloudflare proxy

Make sure the MX record and any mail. CNAME (if you use one) are grey-cloud / DNS-only. Cloudflare’s orange-cloud proxy is HTTP only — it will silently break SMTP.

Folders

• Inbox — incoming mail.
• Sent — mail you sent. We append every successful outgoing message here automatically.
• Drafts — saved drafts (compose autosaves while you type).
• Trash — soft-deleted messages.

Reading mail

Click any row in the list to open it in the reading pane. HTML emails are sanitised: scripts, iframes and forms are stripped, but inline images and safe inline styles render normally.

Plain-text-only messages render as preformatted text. Attachments appear at the bottom of the message — click to download.

Search

The search bar matches against subject, sender, recipient and body text. There are no special operators — it’s a substring search across the current account’s mail.

Writing a new message

Compose opens with three fields: To, Subject, and the body. Add multiple recipients separated by commas. The body editor is plain-text by default — paste rich content and we keep the structure when sending.

Drafts autosave every few seconds. Close the tab and come back to Drafts to keep going.

Replying

Reply to the sender or Reply-all to everyone in the thread. Quoted original text is included automatically — edit or delete the quote as you like.

What we do behind the scenes

• Subject is RFC 2047 Q-encoded if it contains non-ASCII (so “Привет” arrives as “Привет”, not =?UTF-8?B?...?=).
• Body is built as a multipart/alternative with a plain-text and HTML part, both sanitised.
• Outgoing message is DKIM-signed with relaxed/relaxed canonicalisation (RFC 6376) using your domain’s key.
• Sent over STARTTLS to the recipient’s MX, then archived to your Sent folder.

Each attachment is uploaded once and travels as part of the outgoing message. Filenames with non-ASCII characters are preserved on the receiving end.

Per-attachment limit

25 MB

Total per message

50 MB

Retention

Tied to the message — deleting the message removes the attachment.

Each mailbox you create is a full account: its own login, password, and storage. The webmail account switcher (top-right avatar) lets you sign into multiple at once and flip between them, like Gmail or Yandex.

Adding an account

1. Click your avatar → Add account.
2. Enter the mailbox email and password.
3. The new account appears in the switcher; click to flip.

Sign-out scope

Sign-out clears only the active account’s session. Other accounts you’ve added stay signed in until you remove them explicitly.

Server settings

Incoming (IMAP) host

mail.atpigeon.com

Incoming port

993 (TLS) — preferred · or 143 (STARTTLS)

Outgoing (SMTP) host

mail.atpigeon.com

Outgoing port

465 (TLS) — preferred · or 587 (STARTTLS)

Authentication

PLAIN / LOGIN over TLS

Username

Your full mailbox address ([email protected])

Password

Your mailbox password

Adding a domain

Open Admin → Domains → Add domain. We generate a 2048-bit RSA DKIM keypair for the domain immediately — the public half appears in the DNS instructions, the private half stays server-side. The domain is initially in Pending verification state.

Verifying

Click Verify. We perform live DNS lookups against public resolvers with a 3-second timeout. Each record turns green individually as it resolves correctly.

You can re-run verify at any time. Old DNS state is not cached — every check hits the network.

Removing a domain

Removing a domain deletes its DKIM key and detaches it from the workspace. Mailboxes under it are deleted; messages stay in storage until the retention window elapses. There is no undo.

Creating a mailbox

Pick the domain, then Accounts → Add mailbox. You set the local part (jonas), full name, and an initial password.

Resetting a password

Open the mailbox row and use Reset password. The new password is set immediately; the user is signed out of webmail and any IMAP/SMTP sessions on the next request.

Quotas

Quota defaults to the plan’s per-mailbox allowance. Override on a per-mailbox basis from the row. When a mailbox is over quota, incoming mail is rejected with a 552 SMTP error so the sender knows.

Internal aliases

[email protected] → [email protected]. Mail addressed to the alias is delivered to the target mailbox’s Inbox. The alias has no password and no login of its own.

External forwards

[email protected] → [email protected]. Mail is forwarded out, signed with your domain’s DKIM key. Loops are detected and dropped after two hops.

Catch-all

Set the local part to * to capture all mail to the domain that doesn’t match a real mailbox or named alias. Useful, but watch the spam volume.

Open Admin → Audit. Filter by actor (which admin), action (created, updated, deleted), or target (domain, mailbox, alias). Entries are immutable and retained for 365 days.

What gets logged

• Domain added / verified / removed
• Mailbox created / quota changed / password reset / deleted
• Alias created / target changed / deleted
• Sign-in events for admin sessions

We bill monthly per mailbox on the active plan. Adding a mailbox mid-month prorates the difference; removing one credits the unused portion.

Changing plans

Upgrades take effect immediately. Downgrades take effect at the next billing cycle so you don’t lose paid time.

Invoices

PDF invoices are generated on the first of each month and emailed to the workspace billing contact. Download history goes back 24 months.

DKIM

We sign every outgoing message with your domain’s 2048-bit RSA key (selector: atpigeon) using relaxed/relaxed canonicalisation per RFC 6376. The signature lets receivers verify the message wasn’t tampered with in transit.

Your private key never leaves our database. The public key — published as atpigeon._domainkey TXT — is what receivers fetch to verify.

SPF

SPF says which servers may send mail on your behalf. We use the include mechanism (include:_spf.atpigeon.com) so when our IP ranges change you don’t need to touch DNS — we update _spf.atpigeon.com centrally.

DMARC

DMARC tells receivers what to do when SPF and DKIM both fail. We recommend starting at p=none with a rua address so you get aggregate reports without anything being rejected. Once reports show clean alignment, move to p=quarantine, then p=reject.

Outgoing message size

50 MB total (including attachments)

Attachment per file

25 MB

Recipients per message

100

Send rate per mailbox

200 messages / hour

Aliases per domain

1000

Mailboxes per workspace

Bounded by your plan

Hit a limit you think we got wrong? Tell us — most caps are the result of an old fraud-prevention call we’re happy to revisit when there’s a real workload behind the request.