MailWizz includes several configuration options that support GDPR compliance for European senders and those handling EU resident data. This covers the key technical configurations — consult a legal advisor for complete compliance requirements.
Double Opt-In Configuration
# Lists → [Your List] → Settings → Opt-in # Opt-in type: Double opt-in # Confirmation email: customize the confirmation message # Confirmation URL redirect: post-confirmation landing page # Double opt-in creates an audit trail: # - Subscription timestamp # - Confirmation timestamp # - IP address of confirmation
Consent Records in MailWizz
MailWizz records the subscription timestamp and IP address for each subscriber. This data is stored in the subscriber record and is exportable. For GDPR purposes, the subscription form should include a clear consent statement that references the privacy policy, and this statement text should be stored alongside the subscription record.
Subscriber Data Export
# Exporting subscriber data for a data subject access request: # Lists → [List] → Subscribers → Search for email → Export # Or via API: curl -H 'X-MW-PUBLIC-KEY: key' \ 'https://domain.com/api/v1/lists/LIST-UID/subscribers?email=address@example.com'
Right to Erasure Implementation
# Unsubscribe + blacklist detection and delisting + remove subscriber data: # 1. Unsubscribe from all lists # 2. Add to global blacklist (prevents re-addition) # 3. Delete subscriber record # MailWizz does not have a single 'right to erasure' button # These steps must be performed manually or via API
Data Retention Configuration
# Backend → Settings → Common → Delete subscriber delivery logs # Configure automatic deletion after N days # This removes campaign delivery history for privacy # Note: blacklist entries should NOT be deleted for erasure requests # The blacklist entry (email only, no personal data) must persist # to prevent re-adding the address in future imports
GDPR erasure means deleting personal data — the subscriber's name, custom field data, and behavioral history. The email address itself should remain on the blacklist (with no associated personal data) to prevent the address from being added to campaigns in the future. Deleting the blacklist entry defeats the purpose of honoring the erasure request.
Troubleshooting Common Issues
Production MailWizz deployments encounter predictable issues at predictable stages. Understanding the diagnostic workflow for the most common problems in this configuration area saves time and prevents the escalating complexity that comes from applying fixes to a misdiagnosed problem. The diagnostic approach is always the same: identify the symptom precisely (not just "it's not working"), isolate the layer where the failure occurs (MailWizz application, delivery server connection, DNS, ISP rejection), and fix at the correct layer.
Systematic Diagnosis Approach
Check MailWizz logs first (available in Backend → Misc → Application Logs), then check the delivery server SMTP logs, then check the PowerMTA accounting log. Most issues surface in one of these three places. A problem that does not appear in any of these logs is almost always a configuration issue — the system is not attempting what you expect it to attempt.
# MailWizz diagnostic log locations: # Application logs: Backend → Misc → Application Logs # Delivery logs: Backend → Campaigns → [Campaign] → Delivery Logs # Bounce logs: Backend → Bounce Servers → [Server] → Logs # Server-side logs: # MailWizz application: /path/to/mailwizz/apps/common/runtime/application.log # PowerMTA delivery: /var/log/pmta/pmta.log # PowerMTA accounting: /var/log/pmta/accounting.csv
Performance Optimization for Production Scale
MailWizz performance at scale depends on three infrastructure layers: the web application server (PHP/nginx or Apache), the database (MySQL — query optimization is critical at high subscriber counts), and the delivery infrastructure (PowerMTA connection pool sizing). Performance problems in any of these layers manifest as slow campaign sends, delayed processing, or timeouts that appear unrelated to the specific configuration area being managed.
The most common performance constraint in production MailWizz environments is MySQL query efficiency. As subscriber lists grow beyond 500,000 records, unoptimized database queries for segmentation, bounce processing configuration, and campaign statistics become significant bottlenecks. Ensure that subscriber tables have appropriate indexes on email, status, date_added, and any custom field columns used for segmentation.
# MySQL optimization for large MailWizz installations # Check slow query log: SHOW VARIABLES LIKE 'slow_query_log%'; SET GLOBAL slow_query_log = 'ON'; SET GLOBAL long_query_time = 1; # Log queries over 1 second # Key indexes to verify exist: SHOW INDEX FROM mailwizz_lists_subscribers; # Should have indexes on: email, status, date_added, list_id # Add missing index if needed: ALTER TABLE mailwizz_lists_subscribers ADD INDEX idx_email_status (email, status); # Campaign sends table — index on campaign_id + subscriber_id: ALTER TABLE mailwizz_campaigns_tracking_opens ADD INDEX idx_campaign_sub (campaign_id, subscriber_id);
Security Considerations
MailWizz installations handling production sending volumes are valuable targets. Key security practices: use HTTPS for all MailWizz access (including tracking and unsubscribe links), restrict Backend access to authorized IP ranges via web server configuration, rotate API keys periodically and revoke unused keys, maintain regular database backups (automated, offsite), and ensure PHP and MailWizz are kept current with security patches.
The tracking domain (used for open and click tracking) requires special attention: it must have a valid SSL certificate (Let's Encrypt is acceptable), and its DNS records must point exclusively to your MailWizz server. A compromised tracking domain can redirect recipients to malicious sites or reveal subscriber click data to third parties.
Campaign Analytics Integration
Track this MailWizz configuration area through two complementary metric layers: MailWizz campaign statistics (open rate, click rate, bounce rate, unsubscribe rate) and PowerMTA accounting log data (ISP-specific deferral rate, bounce classification, queue depth). Gaps between the two layers reveal delivery problems invisible to MailWizz statistics alone — high MailWizz "sent" counts with elevated PowerMTA deferral rates indicate a queue buildup that campaign dashboards don't surface.
Review campaign metrics against your own historical baselines rather than industry benchmarks. Your list composition, acquisition source, and engagement history define what normal looks like for your environment. Use rolling 7-day and 30-day averages to distinguish trend changes from campaign-specific variance.
Implementation Checklist
Before deploying this configuration to production MailWizz, verify: delivery server connection test passes in Backend → Servers → Delivery Servers, cron jobs are running on the correct schedule, bounce server mailbox is accessible and IMAP credentials are valid, tracking domain has valid SSL and loads within 500ms, and PHP memory limit is set to at least 256MB.
After deploying, send a test campaign to a controlled list of seed addresses across Gmail, Outlook, and Yahoo. Verify Authentication-Results headers show dkim=pass and spf=pass in the received messages. Check that open and click tracking are registering correctly in MailWizz statistics. Confirm bounce processing is updating subscriber status within 15 minutes of a test bounce event.
For managed MailWizz environments operated by Cloud Server for Email, these verification steps are performed automatically after any configuration change. The managed service includes continuous monitoring of delivery server health, cron job execution, and tracking domain availability. Contact infrastructure@cloudserverforemail.com for information about managed MailWizz hosting.
GDPR Consent Documentation in MailWizz
GDPR requires documented consent with timestamp for each subscriber. MailWizz captures IP address and signup date by default. Add a custom subscriber field for consent source (which form, which campaign, which acquisition channel) to create a complete consent audit trail. This field becomes critical during a subject access request or supervisory authority inquiry.
Data Retention Automation
GDPR's storage limitation principle requires deleting subscriber data when it's no longer needed for the original purpose. Configure automated deletion of subscribers who unsubscribed more than 24 months ago (retain only the suppression record, not the full profile). MailWizz doesn't have native data retention automation — build a scheduled script that calls the API to delete old unsubscribed records.
Need managed MailWizz infrastructure? We operate fully managed MailWizz and PowerMTA environments for high-volume senders.