The infrastructure behind your peace of mind.
We are not mass-market hosting resellers. We have engineered a robust, high-performance, and enterprise-grade secure environment tailored for mission-critical projects that cannot afford downtime.
Hardware specifications and connectivity.
Blazing load times and consistent performance for your users, regardless of concurrent traffic.
Performance & Infrastructure
Ultra-Fast NVMe Storage
Enterprise-grade solid-state drives configured in RAID. Enjoy read and write speeds up to 7 times faster than conventional SSDs, optimizing database queries and initial file loading.
1 Gbps Dedicated Public Port
A dedicated public network port in the data center for each server node. Ensures fluid transfers, rapid downloads, and prevents bottlenecks during peak traffic hours.
Unlimited Monthly Traffic
We never charge for bandwidth overages or suspend your service if your business goes viral. Your visitors can browse without monthly data limits.
Edge CDN Distribution
Content Delivery Network (CDN) integration to cache and serve your static web assets from the server geographically closest to each visitor.
HTTP/3 & Brotli Compression
Modern transport protocols built over UDP that minimize initial latency on mobile networks. Brotli optimizes text compression (HTML, CSS, JS) up to 25% better than classic Gzip.
Global & Local Data Centers
Our infrastructure is physically deployed in premier data centers located in the United States, the Netherlands, and Argentina, ensuring global redundancy and low regional latency.
Advanced Security
Unmetered DDoS Protection
Automated Layer 3, 4, and 7 mitigation against distributed denial-of-service attacks. Malicious traffic is filtered and neutralized before it ever reaches CATCOM servers.
Web Application Firewall (WAF)
A web application layer filter that inspects incoming requests to neutralize known exploits, SQL injections, XSS attacks, and threats targeted at WordPress.
Bot & Scraper Mitigation
Identification of malicious signatures and automated patterns. We block scraping bots, brute-force attacks, and unauthorized vulnerability scanners.
Client-Side Security & Script Monitoring
Active monitoring of third-party scripts executing in the user's browser, alerting and blocking malicious code injections to prevent data theft (Magecart).
API Schema Validation
Strict control over transit APIs and requests. Incoming data is validated against defined schemas to prevent data leaks and block malicious payloads.
Data Protection & DNS
Automated Daily Backups
Incremental automated backups stored on a physically isolated external server. We keep a 30-day retention log with free, instant restores.
DNSSEC Cryptographic Signing
Protection against cache poisoning and DNS spoofing. Cryptographic signatures ensure that your emails and clients are always routed to the correct IPs.
Anycast DNS Hosting
DNS servers geographically distributed across an Anycast network. Resolve domain lookups up to 50% faster than standard DNS and offer exceptional resilience against outages.
Permanent Free SSL Certificates
Automatic emission and renewal of TLS/SSL certificates at no extra cost. Your site always runs securely under HTTPS, boosting trust and search engine optimization.
Premium Email Service
Architecture details, functional features, and security/performance measures implemented in CATCOM's boutique multi-domain email server.
1. Functional Features (User Experience)
Multi-Device Access
Native support for secure IMAPS (port 993) and POP3S (port 995) protocols for seamless synchronization with desktop clients (Outlook, Thunderbird, Apple Mail) and mobile devices.
Next-Generation Webmail (Roundcube)
Responsive, fast, and elegant web interface, configured under HTTPS and fully white-labeled under the CATCOM brand.
Security Self-Service
Users can change their passwords directly from the Webmail control panel via a secure, encrypted channel.
Filtering Rules & Autoresponders (Sieve)
Server-side filtering engine to automatically sort emails by sender or subject, and configure "Out of Office" (vacation) autoresponders.
Two-Factor Authentication (2FA)
Integrated support for Two-Factor Authentication via Google Authenticator, Authy, or similar apps, protecting accounts from password theft.
End-to-End PGP Encryption (Enigma)
Native integration allowing users to sign and encrypt confidential emails directly from their browser securely.
Rich Interaction
Right-click context menu within the web interface for rapid navigation (reply, archive, mark as SPAM).
Efficient Attachment Downloads
Feature to package and download all email attachments into a single ZIP file with just one click.
2. Technical Specifications (Software Stack)
| Component | Software | Role / Function |
|---|---|---|
| MTA (Mail Transfer Agent) | Postfix | Secure routing and management of incoming/outgoing mail (SMTP/SMTPS/Submission). |
| MDA (Mail Delivery Agent) | Dovecot | Local storage, local delivery (LMTP), and IMAP/POP3 server. |
| Anti-Spam Filter | SpamAssassin | Heuristic analysis and content filtering for unwanted emails (SPAM). |
| Cryptographic Signer | OpenDKIM | Automatic injection of digital signatures in outgoing emails. |
| Webmail App | Roundcube | PHP webmail interface (PHP 8.1 FPM) running under Nginx. |
| SSL / TLS Certificate | Let's Encrypt | World-class auto-renewable wildcard SSL certificates. |
3. Enterprise-Grade Security
Mandatory SSL/TLS Encryption
All plain-text password and content traffic is blocked. Connections (SMTP, IMAP, POP3, and Webmail) are strictly forced to use TLSv1.2 and TLSv1.3 with high-grade cryptographic cipher suites.
Anti-Spoofing Protection (SPF, DKIM, DMARC)
Comprehensive configuration of SPF (sender authorization), DKIM (2048-bit cryptographic signing), and DMARC to actively prevent phishing and ensure high deliverability to Gmail/Yahoo.
High-Security Credential Encryption
Email account passwords are stored using Dovecot's advanced key derivation algorithms (SHA512-CRYPT), avoiding vulnerable algorithms or plain-text storage.
System Isolation & Permissions
The Webmail process (www-data) has no direct access to user databases or Dovecot system files. Password changes are performed via a dedicated wrapper restricted in sudoers.
4. Boutique Performance & Optimization
Efficient Virtual Storage
Email accounts do not correspond to physical OS users, reducing attack vectors. A virtualized system managed by Dovecot stores data under indexed Maildir structures.
Local LMTP Integration
Email delivery is handled via LMTP, decreasing CPU overhead and executing Sieve filtering rules ultra-efficiently before writing to disk.
SpamAssassin as a Milter
SpamAssassin connects directly to Postfix during transmission via fast UNIX sockets, discarding or flagging spam before it ever writes to disk.
Self-Learning Anti-Spam
When a user clicks "Mark as SPAM" in Roundcube, the server runs background training commands (sa-learn) to automatically adjust filtering rules for the entire domain.
PHP-FPM & Nginx Session Caching
Webmail is optimized for load times under 1 second using PHP 8.1 FPM and efficient internal socket management for databases and local servers.
Want to hand over the technical complexity to us?
We manage the infrastructure, configure active security, and handle the technical details. You focus on selling and scaling your brand.