Mercury Suggestions
Stuff Mercury Really Ought to Do by Now

I don't think of myself, of course—not while I can run other server software on macOS or Linux (typically in a VM on a hypervisor). I think only of my potential future self, and all the other poor sods who insist on running Windows in order to do actual work, many of whom I will support, and for whom Mercury has long served them as the excellent and efficient mail-server-on-a-trolley with nice integration for Pegasus Mail. I hope you will therefore understand the lack of diplomacy, but I think this is what you should do to get Mercury into a decent shape, at least for a mail server supporting the commodity protocols (with your HTTP server, you could also consider the *DAV, JMAP and even ActiveSync protocols, but I'll leave that out for now since it would be significant effort). IMO the fact that Mercury is the only really decent community-supported option on Windows with minimal strings attached for non-commercial use and a very reasonable price for commercial use, except perhaps for the young and cross-platform upstart Stalwart, is a credit to you, but it does have gaps which are a bit painful to see in 2026, and I think you want to fix them for a competitive commercial product that will compete with more fully-featured kitchen-sink alternatives. And, to be clear, I would be more than happy to pay for an upgraded Mercury with the most crucial of these features included.


So here you go. This is what I think you should really consider adding in the near term. In your own time, obviously. And, as a long-time user of Mercury and Pegasus (but now largely on macOS), it goes without saying that I appreciate the work you do, whatever you decide to do. Cheers!


  • Get rid of MercuryX and leave scheduling tasks to the OS. A command-line interface should provide pause/resume/drain/ETRN.
  • Combine MercuryE and MercuryC:
    • Because the distinction is unnecessary and confusing.
    • Because it duplicates functionality.
    • Because it's less flexible.
    • Mail routes, including a default route, supply the relay/null client case.
    • Authentication credentials and TLS requirement levels are matched by hostname.
    • Parallelism by destination host/address, not just overall.
    • Selective disabling of ESMTP extensions or authentication mechanisms, to work around bugs and misconfigurations in servers.
    • Optionally derive HELO/EHLO argument from interface address.
    • MTA-STS and/or DANE for automatic TLS policy discovery.
  • Alias overload:
    • Wildcard aliasing, on the username and domain portions.
    • Queue-only, to support backup relay, whether for fixed recipients or whole domain(s).
    • Filtering rule action to deliver to a mailing list supports overloading list addresses as with mailboxes.
    • Supported and documented hot-reloading of the aliases file and/or the user/list databases.
    • Disable receiving mail to other than aliases and postmaster (support real virtual domains).
  • Mailing lists:
    • Better DMARC mangling of From ("Poster's Name (via listname)", or similar/customisable).
    • Optional poster address stuffing into Reply-To. Obscene, yes, but works well enough.
    • Per-user moderation flag and default state on subscribe (moderator approves first posting, unsets mod bit).
    • Mobile-friendlier approval by maintaining a moderation queue (via email or MercuryB, but not resending).
    • Foolproof email-based and HTTP-based (including one-click) unsubscribes for VERPed subscribers.
    • VERP action holdoff period: don't count bounces for a delay after the first, to deal with irregular floods of bounces.
  • MercuryI: upgrade to IMAP4rev2 and recommended extensions.
    • But especially QRESYNC and CONDSTORE, because those significantly improve bandwidth-efficiency on mobile devices.
  • MercuryS:
    • PIPELINING, CHUNKING, DSN extensions.
    • DSN format reports, as required.
    • Advertise hostname by address of interface(s).
    • Selective disabling of extensions and authentication mechanisms (to work around bugs in clients).
    • Differentiate submission from public SMTP services properly according to port used:
    • Submissions have Date and Message-Id added when absent, optional From validation/enforcement (header and envelope, as required), require authentication at all times, maybe always uses TLS-on-connect (port 465), and never rejects mail (optionally including to local users, for a nicer bounce experience).
    • And SMTP never advertises AUTH.
    • DKIM and SPF validation, optionally, so:
    • Header additions (Authentication-Results).
    • Rejections of SPF hardfail and user-specified quarantine behaviour.
    • DMARC policy enforcement (do nothing, quarantine in a configurable way, reject).
    • People like me think DKIM, SPF and DMARC are obscene, so please make all rejection optional / quarantine as a ceiling.
    • Two-pass mailing list submission check: if possible, reject unwanted posts at SMTP time to reduce backscatter from lists or Maiser.
  • Documentation:
    • Roll the stuff in the manual, like the flowchart, into the help.
    • And all the little secrets buried on this community board.
    • And the job submission format (.101 files).
    • Make the help browsable on the web (or maybe via MercuryB)?
  • Pegasus mail integration:
    • Should always preferably use IMAP for mailbox access.
    • Can continue to use files for other integrations, or (better) design a network protocol for them that can be used by anyone.
    • Is asking for SIEVE filtering and ManageSIEVE asking too much? Yes, probably …
    • But, quite definitely, still defer user rules to the server.
    • Or maybe a simple web interface for rules, forwarding and autoreplies?

I don't think of myself, of course—not while I can run other server software on macOS or Linux (typically in a VM on a hypervisor). I think only of my potential future self, and all the other poor sods who insist on running Windows in order to do actual work, many of whom I will support, and for whom Mercury has long served them as the excellent and efficient mail-server-on-a-trolley with nice integration for Pegasus Mail. I hope you will therefore understand the lack of diplomacy, but I think this is what you should do to get Mercury into a decent shape, at least for a mail server supporting the commodity protocols (with your HTTP server, you could also consider the *DAV, JMAP and even ActiveSync protocols, but I'll leave that out for now since it would be significant effort). IMO the fact that Mercury is the only really decent community-supported option on Windows with minimal strings attached for non-commercial use and a very reasonable price for commercial use, except perhaps for the young and cross-platform upstart Stalwart, is a credit to you, but it does have gaps which are a bit painful to see in 2026, and I think you want to fix them for a competitive commercial product that will compete with more fully-featured kitchen-sink alternatives. And, to be clear, I would be more than happy to pay for an upgraded Mercury with the most crucial of these features included. So here you go. This is what I think you should really consider adding in the near term. In your own time, obviously. And, as a long-time user of Mercury and Pegasus (but now largely on macOS), it goes without saying that I appreciate the work you do, whatever you decide to do. Cheers! * Get rid of MercuryX and leave scheduling tasks to the OS. A command-line interface should provide pause/resume/drain/ETRN. * Combine MercuryE and MercuryC: * Because the distinction is unnecessary and confusing. * Because it duplicates functionality. * Because it's less flexible. * Mail routes, including a default route, supply the relay/null client case. * Authentication credentials and TLS requirement levels are matched by hostname. * Parallelism by destination host/address, not just overall. * Selective disabling of ESMTP extensions or authentication mechanisms, to work around bugs and misconfigurations in servers. * Optionally derive HELO/EHLO argument from interface address. * MTA-STS and/or DANE for automatic TLS policy discovery. * Alias overload: * Wildcard aliasing, on the username and domain portions. * Queue-only, to support backup relay, whether for fixed recipients or whole domain(s). * Filtering rule action to deliver to a mailing list supports overloading list addresses as with mailboxes. * Supported and documented hot-reloading of the aliases file and/or the user/list databases. * Disable receiving mail to other than aliases and postmaster (support real virtual domains). * Mailing lists: * Better DMARC mangling of From ("Poster's Name (via listname)", or similar/customisable). * Optional poster address stuffing into Reply-To. Obscene, yes, but works well enough. * Per-user moderation flag and default state on subscribe (moderator approves first posting, unsets mod bit). * Mobile-friendlier approval by maintaining a moderation queue (via email or MercuryB, but not resending). * Foolproof email-based and HTTP-based (including one-click) unsubscribes for VERPed subscribers. * VERP action holdoff period: don't count bounces for a delay after the first, to deal with irregular floods of bounces. * MercuryI: upgrade to IMAP4rev2 and recommended extensions. * But especially QRESYNC and CONDSTORE, because those significantly improve bandwidth-efficiency on mobile devices. * MercuryS: * PIPELINING, CHUNKING, DSN extensions. * DSN format reports, as required. * Advertise hostname by address of interface(s). * Selective disabling of extensions and authentication mechanisms (to work around bugs in clients). * Differentiate submission from public SMTP services properly according to port used: * Submissions have Date and Message-Id added when absent, optional From validation/enforcement (header and envelope, as required), require authentication at all times, maybe always uses TLS-on-connect (port 465), and never rejects mail (optionally including to local users, for a nicer bounce experience). * And SMTP never advertises AUTH. * DKIM and SPF validation, optionally, so: * Header additions (Authentication-Results). * Rejections of SPF hardfail and user-specified quarantine behaviour. * DMARC policy enforcement (do nothing, quarantine in a configurable way, reject). * People like me think DKIM, SPF and DMARC are obscene, so please make all rejection optional / quarantine as a ceiling. * Two-pass mailing list submission check: if possible, reject unwanted posts at SMTP time to reduce backscatter from lists or Maiser. * Documentation: * Roll the stuff in the manual, like the flowchart, into the help. * And all the little secrets buried on this community board. * And the job submission format (.101 files). * Make the help browsable on the web (or maybe via MercuryB)? * Pegasus mail integration: * Should always preferably use IMAP for mailbox access. * Can continue to use files for other integrations, or (better) design a network protocol for them that can be used by anyone. * Is asking for SIEVE filtering and ManageSIEVE asking too much? Yes, probably … * But, quite definitely, still defer user rules to the server. * Or maybe a simple web interface for rules, forwarding and autoreplies?
live preview
enter atleast 10 characters
WARNING: You mentioned %MENTIONS%, but they cannot see this message and will not be notified
Saving...
Saved
With selected deselect posts show selected posts
All posts under this topic will be deleted ?
Pending draft ... Click to resume editing
Discard draft