diff --git a/infra/cron/pw-mail-reputation b/infra/cron/pw-mail-reputation
new file mode 100644
index 0000000..7b186c2
--- /dev/null
+++ b/infra/cron/pw-mail-reputation
@@ -0,0 +1,12 @@
+# Nightly mail-reputation snapshot. Parses the day's postfix log and upserts
+# per-IP/per-receiving-operator delivery outcomes into mail_reputation_daily,
+# giving an SNDS-equivalent reputation trend (accepted% / throttled% / reputation-
+# reject%) WITHOUT any provider login. --alert sends a Telegram warning if a big
+# operator regresses (>=10% reputation rejects, or Microsoft >=70% throttled).
+#
+# The host owns /var/log/mail.log (root) but the DB is only reachable inside the
+# docker network, so we `sudo cat` the log (deploy has NOPASSWD sudo, same as the
+# warmup-tg-alert cron) and pipe it into the DB-connected workers container.
+# Runs at 06:10 UTC (before the 06:30 scrub + the 07:00-08:00 campaign builders)
+# so it captures the full prior day before logrotate.
+10 6 * * * deploy { sudo cat /var/log/mail.log /var/log/mail.log.1 2>/dev/null; sudo zcat /var/log/mail.log.2.gz 2>/dev/null; } | (cd /opt/performancewest && docker compose exec -T workers python3 -m scripts.mail_reputation_monitor --alert -) >> /var/log/pw-mail-reputation.log 2>&1