Document LM-001 · Revision 06 · Filed 11 · 04 · 2026
For Internal Operators
Jurisdiction DE / EU · mail.lte-speedtest.com → 50+ niche sites
Subject Email infrastructure for a portfolio of niche websites.
Author Operations
Stack Listmonk · Postgres · SES
Status Live · Sandbox
Jurisdiction Deutschland · EU
Frameworks DSGVO · UWG · DDG · TDDDG

One Listmonk, unlimited niches.

A single self-hosted instance powering newsletters, contact forms, and outreach for an entire portfolio of German websites — built around the DSGVO, the UWG, and the Bundesgerichtshof's double-opt-in standard, with one address book, one set of credentials, and one monthly bill.

50+
Sites
Supported
1
Listmonk
Instance
€3.29
Per Month
Hetzner CX22
50k/d
Emails Out
Via SES
I. Topology Architecture
§ One — How Everything Connects

A single trunk, fifty branches.

Every niche site speaks to the same Listmonk address. No per-site email backend. No duplicated DKIM. No second invoice.

sitzio.de
lte-speedtest.com
niche-3.com
niche-4.com
+46 more
POST /api/public/subscription Listmonk v6.1.0 · Postgres 16 SMTP :465 SSL AWS SES eu-central-1 · DKIM gmail outlook proton apple fastmail — the trunk
Edge
Caddy
Auto Let's Encrypt TLS
Host
Hetzner VPS
Debian 13 · 2 vCPU · 3.7 GB
Runtime
Docker Compose
Listmonk + Postgres 16
II. Rechtsrahmen German Law
§ Two — Why Every Decision Looks the Way It Does

Built for the Bundesgerichtshof.

This stack is designed to do business in Germany without inviting an Abmahnung. Six instruments — five statutes and one BGH ruling — shape every architectural choice in the rest of this document. The map below shows the mapping at a glance.

ARCHITECTURE SATISFIES Double opt-in is mandatory One list per site (no mixing) Hetzner-DE + SES Frankfurt Unsubscribe link in every mail Built-in export & erasure Signed AVVs · AWS & Hetzner Consent timestamp on every row No tracking pixels by default BGH I ZR 164/09 UWG § 7 Abs. 2 Nr. 2 DSGVO Art. 5 (1)(b) Zweckbindung DSGVO Art. 44 · Kap. V no Schrems II analysis UWG § 7 Abs. 3 Nr. 4 kostenfreie Abmeldung DSGVO Art. 15 · 17 Auskunft & Löschung DSGVO Art. 28 Auftragsverarbeitung DSGVO Art. 7 Nachweispflicht TDDDG § 25 Endgeräte-Schutz
Each architectural decision on the left exists because of the law on the right. Read once, then the rest is obvious.
DSGVO · GDPRVerordnung (EU) 2016/679

Lawful, demonstrable consent.

Art. 6 · 7 · 17 · 28 · 44Every newsletter signup needs a lawful basis (consent), the consent must be provable, the subscriber may demand erasure at any time, every processor needs an Auftragsverarbeitungsvertrag, and personal data may not leave the EU without safeguards.

Listmonk timestamps every confirmation, supports per-subscriber export and erasure, runs on Hetzner-DE behind an EU-only SES region, and AWS + Hetzner both ship signed AVVs.
UWG § 7Gesetz gegen den unlauteren Wettbewerb

Email marketing without express consent is unlawful.

§ 7 Abs. 2 Nr. 2 · Abs. 3 Nr. 4Sending commercial email without prior express consent is an "unzumutbare Belästigung." Every message must also offer a frictionless way to opt out — at no cost beyond the basic transmission charges.

Lists are configured as type: public, optin: double. The unsubscribe link is rendered into every campaign template and the List-Unsubscribe header is added to the SMTP envelope automatically.
BGH I ZR 164/09Urteil v. 10.02.2011 — "Double-Opt-In-Verfahren"

The German court that made double opt-in standard.

Bundesgerichtshof · I. ZivilsenatThe BGH treats double opt-in as the practical safe harbour for proving consent under § 7 UWG and Art. 7 DSGVO. Single-opt-in lists are open season for warning letters from competitors and consumer associations.

Double opt-in is the only mode used in this stack. The setting lives on the list itself, so no campaign can ever bypass it after the fact.
TDDDG § 25Telekommunikation-Digitale-Dienste-Datenschutz · Mai 2024

No tracking without consent.

Successor to § 25 TTDSGStoring or reading anything on the user's terminal device requires prior consent. In the email world this catches open-tracking pixels, click-tracking redirects, and any non-essential cookies on the signup page itself.

Open tracking is treated as off by default. Click tracking is enabled per campaign only when the signup flow already collects the relevant § 25 consent.
DDG § 5Digitale-Dienste-Gesetz · Mai 2024 (vormals TMG)

An Impressum on every page.

ImpressumspflichtEvery commercially operated site directed at the German market must publish a complete Impressum, reachable from every page in two clicks at most. The same data must accompany every commercial newsletter.

Every niche site ships its own /impressum. Newsletter templates render the Impressum block and a link to the site's /datenschutz page in the footer of every send.
BDSGBundesdatenschutzgesetz · Anpassung an die DSGVO

The German federal layer.

§§ 26 · 38 · 64Supplements the DSGVO with German specifics: when a Datenschutzbeauftragter becomes mandatory, employee data handling, and the technisch-organisatorischen Maßnahmen expected of any controller processing personal data on German soil.

The operator stays below the § 38 BDSG DSB threshold by limiting processing to public newsletters and contact submissions. TOMs are documented in the operator's Verzeichnis von Verarbeitungstätigkeiten.
Frankfurt in,
Frankfurt out.
No subscriber byte ever leaves the European Union. Listmonk and Postgres run on a Hetzner VPS in Germany. Outbound mail is handed to AWS SES in eu-central-1, Frankfurt. The signed AWS Data Processing Addendum names the EU as the processing region. There is no Schrems II transfer to assess and no Standard Contractual Clauses to negotiate — Article 44 DSGVO is satisfied by the topology itself.
Listmonk + Postgres · Hetzner Cloud, Falkenstein DE
SMTP relay · email-smtp.eu-central-1.amazonaws.com
SES region · Frankfurt, Germany DE
DPA / AVV · AWS GDPR DPA · Hetzner AVV
III. Lifecycle Subscriber Flow
§ Three — From Signup to Subscriber

You ship the form. Listmonk does the rest.

Double opt-in, confirmation, welcome, and unsubscribe are all handled inside the box. Your code touches the very first step and (optionally) the last.

User Your Site Listmonk SES browser /newsletter v6.1.0 eu-central-1 enters email POST /api/public/subscription store · status: unconfirmed render confirm mail · SMTP delivered to subscriber inbox GET /subscription/confirm/<token> timestamp consent → status: confirmed — time passes — send campaign batch newsletter delivered unsubscribe (one-click · RFC 8058) removed → never emailed again
You build the form (steps 1–2). Listmonk handles everything else — confirmation, consent timestamping, sending, unsubscribe, erasure.
https://sitzio.de/newsletter
Bürostühle · Tests · Empfehlungen

Newsletter abonnieren

Einmal pro Monat: neue Tests, Vergleiche und Empfehlungen direkt in dein Postfach.

Mit der Anmeldung bestätigst du die Datenschutzerklärung. Du kannst dich jederzeit abmelden.
Listing 3.1
TypeScript
// Same code for every site —
// only list_uuids differs.

const subscribe = async (email: string) => {
  const res = await fetch(
    'https://mail.lte-speedtest.com'
    + '/api/public/subscription',
    {
      method: 'POST',
      headers: {
        'Content-Type': 'application/json'
      },
      body: JSON.stringify({
        email,
        list_uuids: [
          '<this-site-list-uuid>'
        ]
      })
    }
  );
  if (res.ok) return 'check-inbox';
  throw new Error('subscribe failed');
};
Listing 3.2
Bash · provision a new list
curl -u "outreach-api:<token>" \
  -X POST \
  https://mail.lte-speedtest.com/api/lists \
  -H "Content-Type: application/json" \
  -d '{
    "name": "my-site.com Newsletter",
    "type": "public",
    "optin": "double",
    "tags": ["my-site.com"]
  }'

# save the returned uuid → frontend
IV. Isolation Multi-Site Model
§ Four — One Instance, Many Sites

A list per site. No mixing.

Each site gets its own mailing list. Subscribers never bleed across audiences. Campaigns target exactly one list — there is no way to fire the wrong newsletter at the wrong people.

1 Listmonk mail.lte-speedtest.com List 1 sitzio.de List 2 lte-speedtest List 3 niche-3.com List 4 niche-4.com List N + 46 more subscribers subscribers subscribers subscribers subscribers no cross-list contamination DSGVO Art. 5 (1)(b) · Zweckbindung
One Listmonk instance branches into one list per site. The dashed red walls are structural Zweckbindung — a campaign cannot target two lists at once.
Mailing Lists
sitzio.de
lte-speedtest.com
niche-site-3.com
niche-site-4.com
niche-site-5.com
+ forty-five more
sitzio.de Newsletter
List · public · double opt-in · v6.1.0
0
Subscribers
double
Opt-in
public
Type
List UUID 932770eb-bc02-49cc-a8b7-91c0e2…
◆ Active GDPR Compliant Double Opt-in
i.

Zero cross-contamination.

A subscriber on sitzio.de only ever receives sitzio.de campaigns. The campaign engine demands one list per send. No accidental blasts to the wrong audience.

ii.

Per-site branding.

Every site keeps its own template — colours, logo, tone, language. Templates are bound to lists, so the right wrapper is automatic at send time.

iii.

One key opens every door.

The single outreach-api token works across the whole portfolio. Per-site users can be issued in Settings → Users when isolation is needed.

iv.

Three steps per new site.

Create the list via API, copy the UUID into the subscribe form, write a template. No new servers, no fresh credentials, no DNS gymnastics.

V. Inbound Contact Form
§ Five — Contact Form Pipeline

Not a newsletter. A telegram.

Contact submissions are not subscriptions. They route through the auth-server, get persisted, and then notify you via a Listmonk transactional email.

User contact form Frontend validates input Auth-server POST /api/contact SQLite contact_submissions Listmonk /api/tx SES → admin inbox store notify LAWFUL BASIS Art. 6 (1)(b) DSGVO · Vertragsanbahnung — not § 7 UWG
A contact form is a telegram, not a subscription. The submission is persisted as an audit trail and the operator is notified by transactional mail — both branches happen in parallel.
https://sitzio.de/kontakt

Kontakt aufnehmen

Hast du eine Frage zu einem Test, einem Stuhl oder einer Empfehlung? Wir melden uns innerhalb von 48 Stunden.

Mit dem Absenden akzeptierst du die Datenschutzerklärung. Deine Nachricht wird bei uns gespeichert und nur zur Beantwortung deiner Anfrage verwendet.
Listing 5.1
Bash · transactional email
# Admin notification from contact form
curl -u "outreach-api:<token>" \
  -X POST \
  https://mail.lte-speedtest.com/api/tx \
  -H "Content-Type: application/json" \
  -d '{
    "subscriber_email": "hi@adeelafz.al",
    "template_id": <contact-template-id>,
    "subject": "New Contact: sitzio.de",
    "data": {
      "name": "John Doe",
      "email": "john@example.com",
      "message": "Hello..."
    }
  }'

# Response: {"data": true}
VI. Reference API Endpoints
§ Six — Key Endpoints

Eight calls, everything covered.

Everything you need to operate the system end-to-end. Public reads use no auth; everything else accepts a Basic credential.

Base https://mail.lte-speedtest.com/api/  ·  Auth Basic outreach-api:<token>
Method Endpoint Auth Use Case
POST /api/public/subscription ◯ None Frontend subscribe form (all sites)
POST /api/tx ● Required Contact form admin notification
POST /api/lists ● Required Provision a list for a new site
GET /api/lists ● Required Inventory of every site list
GET /api/subscribers ● Required Browse and search subscribers
POST /api/campaigns ● Required Draft a new newsletter campaign
PUT /api/campaigns/:id/status ● Required Start, pause, or cancel a send
POST /api/templates ● Required Create a branded email template
VII. Delivery AWS SES Pipeline
§ Seven — Email Delivery

Every byte goes through SES.

All outbound mail leaves through SES eu-central-1 over SMTPS on port 465. The current account is in sandbox; production access is queued.

Posteingang · du@gmail.com3 neu
SITZIO
März-UpdateVier neue Stuhltests, ein Sieger und eine Überraschung im Vergleich
12:34
LTE Speedtest
Neue MessreiheWie schnell ist 5G wirklich? 200 Tests aus 14 Städten
09:12
SITZIO
Bestätige deine AnmeldungKlicke auf den Link, um den Newsletter zu abonnieren
Mo
Niche-3.com
Februar-BriefWas wir diesen Monat gelernt haben — und was wir testen wollen
28. Feb
SITZIO
Willkommen bei SITZIOSchön, dass du dabei bist. So geht es weiter...
15. Feb
Item Status Notes
SES account mode ▲ Sandbox Production access pending — case #177579845700418
Daily send limit ▲ 200 / day Fine for testing; jumps to 50k+ once approved
Verified domain ◆ lte-speedtest.com DKIM enabled. Used as From domain.
From address ◆ Active Listmonk <hi@lte-speedtest.com>
SMTP connection ◆ SSL :465 email-smtp.eu-central-1.amazonaws.com
Verified to address ◆ hi@adeelafz.al Sandbox restriction: only verified recipients
VIII. Pflichten DSGVO + DDG
§ Eight — Operator Duties

What's automatic, what's on you.

Listmonk handles the moving parts of consent and unsubscribe under DSGVO and UWG. The legal copy, the Impressum, and the Datenschutzerklärung remain per-site duties for the operator.

Auto

Double opt-in

Confirmation email is sent on signup, consent is timestamped, and the row only activates after the click. Satisfies Art. 7 DSGVO (Nachweispflicht) and the safe harbour set out in BGH I ZR 164/09.

Auto

Unsubscribe links

Every campaign mail carries an unsubscribe link via {{ UnsubscribeURL }}. The click flow is processed for you. UWG § 7 Abs. 3 Nr. 4 — kostenlose Abmeldung — is honoured by default.

Auto

List-Unsubscribe header

Added to every outgoing mail (RFC 8058). Enables one-click unsubscribe directly from Gmail, Outlook, and Apple Mail without ever opening the message — the lowest possible friction the law and the inbox providers expect.

Auto

Right of erasure

Subscribers can be deleted in one click and replaced with a hashed entry on the GDPR blocklist, so a re-subscribe never re-imports them. Implements Art. 17 DSGVO end-to-end.

Auto

Right of access

Subscriber data can be exported as JSON via /api/subscribers/:id. Sufficient to answer an Art. 15 DSGVO Auskunftsersuchen within the statutory month-long window.

Auto

Auftragsverarbeitung

AWS GDPR Data Processing Addendum is signed automatically with the AWS account. Hetzner's AVV is signed once at sign-up. Art. 28 DSGVO is satisfied for both sub-processors.

Manual

Datenschutzerklärung

Each site's /datenschutz must list newsletter processing under Art. 13 DSGVO, name Listmonk on lte-speedtest.com as a sub-processor, and disclose AWS SES Frankfurt and Hetzner Falkenstein.

Manual

Impressum & cross-links

Every site needs a DDG § 5-konform Impressum and a link from every subscribe and contact form to /datenschutz. Without the cross-link the consent is hard to defend in a dispute.

Manual

Speicherbegrenzung

Contact submissions persist in SQLite. Define a retention window in the Datenschutzerklärung (Art. 5 (1)(e) DSGVO) and prune older rows on a schedule. Recommended: 6–12 months.

Manual

Verzeichnis von Verarbeitungstätigkeiten

Maintain a single RoPA covering newsletter and contact-form processing, both sub-processors, and the TOMs. Required by Art. 30 DSGVO for any controller above the trivial threshold.

Manual

No tracking pixels

Open-tracking and link-tracking write to the recipient's device and fall under TDDDG § 25. Leave them off unless the signup flow has already collected matching consent on the source site.

IX. Procedure Onboarding
§ Nine — New Site Onboarding

Ten boxes to tick.

Everything to do when a fresh niche site joins the portfolio. Done in order, the whole onboarding takes under an hour.

Provision the mailing list

POST /api/lists → save the returned uuid

Wire the UUID into the form

list_uuids in the public subscription call

Author the opt-in template

Branded, German, inline CSS, 600px max

Author the welcome template

Sent immediately after the subscriber confirms

Author the campaign template

Newsletter wrapper matching the site's branding

Add the /newsletter page

Standalone signup landing page

Drop a footer subscribe form

Inline signup on every page

Add the /kontakt page

Routes through auth-server → /api/tx

Update /datenschutz

Mention Listmonk, processing, lte-speedtest.com

Cross-link the privacy page

From subscribe and contact forms — consent validity

Publish a DDG § 5 Impressum

Reachable from every page in two clicks · DDG § 5

Disclose Listmonk + sub-processors

AWS SES Frankfurt · Hetzner Falkenstein · Art. 13 DSGVO

Confirm tracking pixels are off

Unless § 25 TDDDG consent is collected upstream

Add the new list to the RoPA

Verzeichnis von Verarbeitungstätigkeiten · Art. 30 DSGVO

Set a contact-form retention window

SQLite prune schedule · Art. 5 (1)(e) DSGVO