After more than three months of focused work, we are thrilled to announce the release of Stalwart v0.16. This is easily the most ambitious release we have ever shipped, with literally hundreds of new features, improvements, and fixes across every corner of the server.

We will be upfront about something: v0.16 will feel like a new product on first contact. Several long-standing concepts have been reworked, a few have been removed, and many new ones have been introduced. This was a deliberate choice. Stalwart has been under continuous development for nearly five years, and both the feature set and the user base have grown far beyond what the original configuration and management layer was designed for. Rather than keep patching around those limits, we took the opportunity to rebuild the foundation. The payoff is a much cleaner architecture and a long list of features that were simply not implementable before, many of which had been sitting on the community wishlist for years.

Let's walk through the highlights.

In professional cycling, the concept of marginal gains became famous through Team Sky. Rather than chasing dramatic breakthroughs, they focused on making hundreds of small improvements: slightly better bike fit, marginally lighter components, improved sleep, cleaner nutrition. None of these changes mattered much on their own, but together they reshaped performance—and helped dominate the sport for years.

Software systems, especially large distributed ones, work much the same way. Rarely does a single feature transform everything overnight. More often, real progress comes from careful attention to small details: shaving latency here, reducing contention there, simplifying a hot path, rethinking a data structure.

Stalwart v0.15 is very much a release in this spirit. It does not introduce a long list of headline features. Instead, it is the result of revisiting core subsystems—spam filtering, search, storage, and data access—and making many targeted improvements that, together, have a significant impact on performance, reliability, and usability.

After four years of development, we’re thrilled to announce a major milestone in the evolution of Stalwart — the full implementation of JMAP for Calendars, Contacts, File Storage, and Sharing. With this release, Stalwart becomes the first JMAP server to fully support the entire family of JMAP collaboration protocols, marking a new era for open, efficient, and elegant groupware.

At Stalwart Labs, security is at the heart of everything we build. As part of our ongoing commitment to delivering a trustworthy email and collaboration server, we recently completed our second independent security audit, conducted by Radically Open Security. Our previous audit took place exactly two years ago, in 2023 — and with significant changes to our codebase since then, a fresh and thorough assessment was essential.

We're excited to announce that Stalwart has been selected to participate in Session 2 of GitHub's Open Source Secure Fund (OSSF), a prestigious program designed to enhance security across the open source ecosystem. This recognition represents not only an acknowledgment of Stalwart's growing importance in the email infrastructure space but also our commitment to maintaining the highest security standards.

At Stalwart Labs, we're constantly working to evolve and improve our software based on real-world feedback. Today, we're excited to announce a major enhancement to the queueing system in Stalwart MTA, designed to meet the needs of some of our busiest users—those delivering millions of messages per day.

This update is the result of valuable input from operators managing large-scale mail infrastructure. Many reported a recurring issue: when message volumes spiked, low-priority traffic, such as DMARC aggregate reports and Delivery Status Notifications (DSNs), would often compete with or delay the delivery of legitimate user mail. Since all messages were processed through a single delivery queue, these traffic types were treated equally, regardless of urgency or purpose.

Since we officially started developing Stalwart on September 4th, 2021, we've come a long way in establishing a powerful and versatile open-source mail and collaboration server. The very first commit, made on October 3rd, 2021, was to the mail-parser Rust crate, a fundamental component upon which Stalwart was built. It set the tone for our relentless pursuit of secure, reliable, and performant software.

We’re excited to announce the release of Stalwart v0.12, a significant milestone that evolves Stalwart from a powerful mail server into a complete, integrated communication and collaboration platform. This release delivers one of the most anticipated features from our community: native support for calendars, contacts, and file storage—all built directly into the server, with no need for third-party integrations.

We’re happy to announce that Stalwart Labs has been awarded a new grant from the NGI0 Core Fund, established by NLnet with financial support from the European Commission’s Next Generation Internet programme. This funding will support the development of essential collaboration features, marking a major milestone in Stalwart’s evolution from a modern email server into a complete, self-hosted collaboration platform.

This is the second grant Stalwart has received from NLnet, following the initial support we received in March 2023 from the NGI0 Entrust Fund. We are deeply grateful to the NLnet Foundation for their continued trust in our mission to modernize and decentralize communication infrastructure.

We are happy to announce that third-party OpenID Connect (OIDC) authentication support has now been open-sourced under the AGPL-3.0 license in Stalwart Mail Server version 0.11.5. This means that users can now configure Stalwart Mail Server to authenticate against external OIDC providers, such as Keycloak, without requiring an Enterprise subscription.

Stalwart Mail Server has supported OIDC authentication for several months, allowing it to function as either an OIDC provider or an OIDC client authenticating against an external provider. Until now, only the ability to act as an OIDC provider was included in the Open Source edition, while authentication via external OIDC providers was reserved for Enterprise users. By making this functionality freely available, we are reinforcing our commitment to openness and ensuring that more users can take advantage of modern, federated authentication without barriers.

With this change, organizations that rely on external OIDC identity providers can seamlessly integrate Stalwart Mail Server into their existing authentication workflows at no cost. Whether you are using Keycloak, Auth0, or another OIDC-compliant solution, Stalwart Mail Server now offers complete flexibility in how you manage authentication.