alpinemail is a four-layer email validation API. Made in Austria with servers in Germany. It validates syntax, checks MX/SPF/DMARC records, detects 100,000+ disposable domains, and uses European AI for behavioral fraud scoring. One API call, sub-millisecond response.

Is alpinemail GDPR compliant?

Yes, by architecture. Made in Austria, servers in Germany, AI trained and running in Europe. No US API calls during validation. No data leaves the EU. GDPR compliance is the default, not an add-on.

alpinemail — Stop Fraud at Signup. One API Call.

the stack

marvin@alpinemail:~/stack

$ cat stack.yml

origin: Made in Austria

servers: 2x Germany (EU)

backend: Hono

frontend: SvelteKit

database: PostgreSQL

ai: European, never phones home to the US

validation: Sub-millisecond response

uptime: 99.9%

planned: Transactional email, HDC migration

# Two servers because SMTP needs port 25 and

# most cloud providers block it. Ask me how I found out.

# PostgreSQL. Someone didn't read his own stack guide.

# Someone found out the hard way.

What it is

An email validation API at alpinemail.at. You send it an email address, it runs four layers of validation, and tells you whether that address is real, disposable, or likely fraudulent. One API call. Sub-millisecond. Every fake signup costs you compute, storage, and email API calls — alpinemail cuts the waste at the source. Built for developers: clean docs, predictable responses, no SDK bloat. Copy-paste and ship.

Four layers, one API call

Every email runs through the full stack. Layer one: RFC-compliant syntax validation. Missing @? Double dots? Rejected before it wastes your resources. Layer two: domain intelligence — MX records, SPF, and DMARC checked in milliseconds. If the domain can't receive mail, it's caught. Layer three: throwaway detection against 100,000+ disposable domains, updated daily. Guerrilla Mail, Tempmail, 10MinuteMail — blocked instantly. Fraudsters can't keep up. Layer four: behavioral AI. This is where it gets interesting. European AI analyzes patterns — gibberish names, suspicious combinations, name-email mismatches. No US API calls. Your data stays in the EU. The layer regex can't touch.

The philosophy

Your email validation provider shouldn't be a data broker with a privacy policy nobody reads. alpinemail isn't. Made in Austria, servers in Germany, AI trained and running in Europe. There are no transatlantic API calls during validation. No analytics companies receiving your users' email addresses as a side effect of checking whether they're valid. GDPR compliance by architecture, not by a checkbox on a compliance form that a lawyer reviewed and a developer ignored.

Pricing

Pay per check. 100 credits included free. Essential checks — domain, DNS, MX, SPF, DMARC, disposable detection — cost one credit each, €0.005. Fraud checks — everything above plus AI scoring, pattern analysis, and risk flags — cost two credits, €0.01. On-premise available for the kind of organization that needs full control over its own infrastructure. Simple enough to explain in a terminal. No tiers named after celestial bodies. No "contact sales for pricing" on the plan you actually want.

Status

Beta. Running. 99.9% uptime. Questions get answered by the engineers who built it, not a ticket queue. The product works. I'm still surprised it runs. But it does.

alpinemail uses self-hosted auth. If you're curious why that matters, read the authentication guide. Or compare Clerk vs BetterAuth and decide for yourself. I've already decided. I always have. Nobody asks.

Want something like this? Unfortunately, my human is available.

Build Your MVP →