A modern, secure, self-hosted webmail client that connects to any IMAP/SMTP server. Own your data. Run it anywhere. No lock-in.
No SaaS subscriptions. No data harvesting. Your emails live on your server, under your control. Works with any hosting provider or home server.
23 security fixes baked in. Encrypted sessions, rate limiting, DOMPurify, CSRF protection, and TLS enforcement — not bolt-ons, but fundamentals.
Built on Next.js 14. No PHP, no plugin system, no legacy baggage. Just npm install, generate a secret, and you're live in under 5 minutes.
Netifi Mail ships with everything modern email users expect — built in, no plugins required.
Connects to any mail server — Gmail, Outlook, Yahoo, iCloud, Fastmail, cPanel, Dovecot, Postfix. If it speaks IMAP, Netifi Mail works with it.
Just enter your email address. Netifi Mail auto-discovers your IMAP and SMTP settings via MX lookup, Mozilla ISPDB, and autoconfig — no manual setup needed.
Modern providers like Gmail and Outlook require App Passwords. Netifi Mail detects your provider and shows step-by-step instructions with a direct link to generate one.
Compose emails with a full TipTap rich text editor. Bold, italic, lists, links, inline images, signatures, vacation responder — everything you expect from a modern mail client.
Built-in calendar with month/week/day views, event creation, and CalDAV sync. Schedule and manage events directly from your webmail without switching apps.
Full contact manager with CardDAV sync. Import from CSV or vCard, export, search, and harvest contacts from emails you receive automatically.
Markdown-powered notes app built right into your mail client. Write, organise, and search notes without leaving your inbox. Synced per user, stored securely.
Create powerful rules to automatically sort, label, or delete incoming mail. Full CRUD filter management with condition matching on sender, subject, and body.
Context-aware search across mail, contacts, and notes from a single search bar. Global cross-folder search finds messages anywhere in your mailbox instantly.
Fully responsive layout optimised for phones and tablets. Pull-to-refresh, floating compose button, full-width mobile sidebar, and icon-only compact controls on small screens.
Toggle between flat and threaded conversation views. Related messages are automatically grouped by subject, making long email chains easy to follow.
Carefully designed dark and light themes that adapt to every panel and component. Theme preference is saved per user across sessions.
Designed for real work — not just demos. Every view is optimised for clarity and speed.
Full TipTap editor with formatting toolbar, CC/BCC, attachments, and email signature
Full-screen mobile layout with pull-to-refresh, FAB compose, and touch-optimised controls
Month, week, and day views with CalDAV sync and colour-coded events
CardDAV sync, CSV/vCard import, contact harvesting from received emails
Every layer of Netifi Mail is built with security in mind — from the session cookie to the email renderer.
All HTML emails are sanitized with DOMPurify before rendering — including print preview. JavaScript URIs and CSS injection vectors are stripped.
Sessions are encrypted with iron-session using a mandatory user-provided secret. httpOnly, SameSite=Lax, 2-hour expiry. No plaintext tokens stored.
Login endpoint locks out after 5 failed attempts for 15 minutes. Search, send, and autoconfig are independently rate-limited per user.
All email header fields (subject, from, reply-to) are validated against CRLF injection before passing to nodemailer — preventing email spoofing attacks.
Certificate verification is on by default for all IMAP and SMTP connections. Can only be disabled via explicit environment variable — never silently.
Strict CSP headers block inline scripts, external frames, and untrusted resource origins. CSRF protection via Origin header validation on all state-changing API calls.
Autoconfig only fetches from verified public hostnames — RFC1918 and localhost addresses are blocked. Folder names, file uploads, and CSV imports are all validated and size-capped.
Uploads are limited to 25 MB per file and 50 MB total. Executable file types (.exe, .bat, .cmd, .ps1, .vbs, and more) are blocked at the API level.
Netifi Mail brings together features scattered across multiple competing projects — in a single, modern, self-hosted package.
| Feature | Netifi Mail | Roundcube | SnappyMail | SOGo | Cypht |
|---|---|---|---|---|---|
| Modern UI (post-2022 design) | ✓ Yes | Partial | ✓ Yes | ✗ No | ✗ No |
| Mobile Responsive | ✓ Yes | Plugin | ✓ Yes | Partial | Partial |
| Pull-to-Refresh (mobile) | ✓ Yes | ✗ No | ✗ No | ✗ No | ✗ No |
| App Password Guidance | ✓ Yes | ✗ No | ✗ No | ✗ No | ✗ No |
| Auto Server Detection (MX) | ✓ Yes | ✗ No | Limited | ✗ No | ✗ No |
| Built-in Calendar | ✓ Yes | ✗ No | ✗ No | ✓ Yes | ✗ No |
| Built-in Contacts | ✓ Yes | Plugin | ✗ No | ✓ Yes | ✗ No |
| Built-in Notes | ✓ Yes | ✗ No | ✗ No | ✗ No | ✗ No |
| Mail Filters / Rules | ✓ Yes | Plugin | Basic | ✓ Yes | ✗ No |
| Rich Text Compose | ✓ Yes | ✓ Yes | ✓ Yes | ✓ Yes | ✗ No |
| Thread / Conversation View | ✓ Yes | Plugin | ✓ Yes | ✓ Yes | ✗ No |
| Global Cross-folder Search | ✓ Yes | Partial | Partial | ✓ Yes | Partial |
| Dark Theme | ✓ Yes | Plugin | ✓ Yes | ✗ No | ✗ No |
| Built-in Security Hardening | ✓ 23 fixes | Partial | Partial | Partial | Partial |
| Setup Complexity | Low (npm start) | Medium | Medium | High | Medium |
| Tech Stack | Next.js 14 | PHP | PHP | Obj-C/Java | PHP |
| License | MIT | GPL v3 | AGPL v3 | LGPL | AGPL v3 |
Comparison based on default installations. Features marked "Plugin" require third-party extensions. Data accurate as of 2026.
No complicated server setup. No databases to configure. Just Node.js and your mail credentials.
Get the source from GitHub. Requires Node.js 18 or later and npm.
Create a strong random key for encrypting session cookies. One command does it.
Run the production build and start the server. Open your browser and log in.
Enter your email — server settings are auto-detected. Use an App Password for Gmail or Outlook.
Stop paying for email SaaS. Stop trusting your private communications to third parties. Netifi Mail gives you a world-class webmail experience on your own infrastructure.