Product
How does Mailgun keep your emails protected?
When choosing a trustworthy email service provider, you should look out for two things: security certifications and features to keep your emails safe. We’ll map out how Mailgun protects your emails, but also where customers need to take security into their own hands.
PUBLISHED ON
On the surface, email seems relatively harmless – but dig a bit deeper and you’ll discover there’s a treasure trove of personally identifiable information (PII) at risk. This risk multiplies for senders emailing sensitive information like password reset links, email authentication codes, and billing invoices.
Without proper email security, hackers can easily intercept your emails and commit all sorts of fraud with your customer’s data. This includes identity theft, breaching personal accounts, or simply selling data, to name a few. As a result, we’ve seen a raft of companies stung by fines, tarnishing their brand reputation and domain reputation, and losing their SOC2 and HIPAA compliance.
Let’s explore how Mailgun keeps your emails safe and what areas of email security are the user’s responsibility and constitute key aspects you’ll need to look out for.
Table of contents
ISO certified
SOC2 Type I & II compliance
HIPAA compliance
TLS encryption
Monitoring
Log and message retention
Exposed API keys
Third-party apps
Mailbox providers
Mailgun’s industry-leading certifications
They’re not sexy, but without security certifications, nobody would trust anyone. Mailgun has a trophy cabinet of certifications to prove we’re worth our salt. Let’s explore what all these really mean.
ISO certified
The world would be confusing if every country had different approaches to security best practices, that’s why we share an international standards body to reach a consensus. The International Organization for Standardization (ISO) has developed and published 25K standards since 1947.
Why do we invest resources to attain ISO? We want our customers to feel safe knowing that their data (and their customer’s data) is safe in our hands. What we don’t want, however, is our customers facing huge fines for not complying with GDPR and privacy standards.
Mailgun has currently achieved two ISO standards:
ISO27001: An industry-recognized standard around information security, and a baseline that shows we have secure processes in place to handle 100+ control variables.
ISO27701: A rare certification within the email space that focuses on privacy. There are 40 privacy controls, mapped closely with GDPR.
SOC2 Type I & II compliance
System and Organization Controls (SOC) are internal reports that technology service providers like Mailgun voluntarily get to prove their security processes in place can be trusted. Mailgun has SOC2 Type I & II, which are stringent and comprehensive reports that test the effectiveness of security controls and ensure they’re actually working.
SOC 2 Type I: Tests to ensure email security controls are in place (you need this for Type II).
SOC 2 Type II: Tests to ensure controls are in place and they are working effectively.
“If you’re looking for an email provider, you want someone with a SOC 2 Type II report, a SOC 2 Type I report alone is not going to get things done for you.”
Dan Ross, Senior Manager of Governance, Risk, and Compliance at Mailgun
SOC2 Type II follows change management, which is how code is pushed from development, to test, and release. It also follows the security incident process, which is the time to notify customers if there is a breach. As of publication, Mailgun has not detected a breach in the last 12 months.
Finally, we chose our auditors A-LIGN for their stringency and track record. A-LIGN are experienced auditors who bring the shared knowledge of auditing companies all over the world. By partnering with a group that often has auditors from Europe, Central America, and the US, we get an outside perspective on how the industry is changing.
HIPAA compliance
The HIPAA act is a US federal law that came into effect in 1996 and was created to protect personal health information (PHI) as we entered the digital age. Companies have faced costly fines over the years after failing to protect customers’ PHI.
Aside from fines and regulations, what’s at stake if a hacker gets hold of your customer’s PHI? For starters, they can personalize phishing scams – a victim might think, “surely only a trusted health organization would know my medical history, this email must be legit.” Sometimes PHI can be so revealing that an attacker attempts extortion. We could talk about fraud, identity theft, and data laundering – but the bottom line is that PHI needs to be protected.
Mailgun meets HIPPA standards by providing a secure platform with email encryption and guarded data storage. Mailgun’s HIPAA compliant environment includes:
Encryption of messages at rest and transit
Encryption inside databases (extra step support sets up)
Internal security training
Asset tracking
Robust security tools tracking suspicious activity
Malware and virus protection on employee devices and cloud instances/databases
Everything stated in our SOC2 Type II and HIPAA report
We’re legally compliant because we adhere to health regulations by acting as a legal entity called a Business Associate. To ensure our customers understand both parties' legal obligations, we ask that they sign our Business Associate Agreement (BAA).
If you work within healthcare, we recently covered the nine steps you need to follow to stay HIPAA compliant on our blog.
How Mailgun protects your emails
Certifications are great, but what do they really mean for your emails? What measures does Mailgun have in place to protect them throughout the whole journey to your recipient’s mailbox?
At Mailgun, we work tirelessly to stave off hackers from intercepting your messages. When you hit send on a campaign, it’s our job to ensure messages arrive at the inbox securely. Here are some of the security tools in the Mailgun armory:
TLS encryption
For a decade now, Mailgun has offered the ability to use transport layer security (TLS) to encrypt your emails in transit. Users can configure TLS settings in their control panel on a per-domain or message basis.
TLS protects your emails from man-in-the-middle attacks or passive wiretapping. Even if a message is intercepted somewhere along the way, the attacker won’t be able to make sense of the information.
Possible TLS configurations include:
Required: Mailgun will not send messages unless the receiving server can establish a TLS connection.
Opportunistic (default): Attempts to upgrade the connection to TLS. However, if it’s not offered, or some kind of error occurs (like an invalid certificate), the message is delivered over a plaintext SMTP connection.
Skip verification: Can either be set to true (accept any certificate and send) or false (will not send to any unverified receiver).
Monitoring
Mailgun HQ is a little bit like air traffic control – we’re always keeping track of our system operations. Our vulnerability management strategy leverages the community to help us develop a stronger security posture. We use industry-leading security tooling to track threats on the network and endpoints in real time. Our skilled staff are continuously investigating alerts and enforcing processes to ensure the privacy of data in transit.
“Our leadership and management teams have done a really good job of giving us the budget to equip us with the best security tools in the industry.”
Dan Ross, Senior Manager of Governance, Risk, and Compliance at Mailgun
Log and message retention
Striking a balance between security, privacy, and functionality is always a challenge with data retention. We want to hold email messages for better deliverability, but we don’t want to hold emails for longer than necessary and become a target for data thieves.
Mailgun approaches this balance by retaining messages for three days before deleting them by default, with the option for customers to change message retention to anything between 1 and 30 days. Why three days? Well, that gives us enough time to re-deliver messages in the case of any delivery issues.
Mailgun also stores email logs for 30 days, which is useful for troubleshooting, performance analysis, and identifying the cause of deliverability issues.
If a customer manages password reset emails, they can speak to one of our support staff about cryptographic deletes. This is where only the end-user can see messages and the ESP is just able to see send receipts.
Where Mailgun can’t protect your emails
We’d love to be the hero of email security – always magically appearing where there’s danger. But even Superman can’t be everywhere at once.
When it comes to protecting emails, there are certain aspects each individual user is responsible for. And while our support team is on hand 24/7 to help with anything security related, understanding the risks and how you can mitigate them is an important step all users need to take to keep their emails safe.
Exposed API keys
Exposing your API keys, whether through an attack or just accidentally, is the number one reason our customers get compromised.
The most common mistake is accidentally publishing code to GitHub with API keys still enclosed, something that can happen to both junior devs and the most senior ranking. Luckily, our partnership with GitHub means that we’ll automatically disable any affected domain if any credentials are exposed on their platform. But GitHub is just one of many code repositories around the internet where hackers are lurking...
Our best advice is to:
Regularly rotate your API keys.
Use Domain Sending Keys if you have multiple clients.
Restrict and closely monitor who has access to keys.
Third-party apps
Mailgun’s powerful email infrastructure is integrated within a variety of SaaS providers, like customer relationship managers (CRM), marketing automation software, and data analytics tools. These third-party apps have wide-ranging access privileges to customer data and emails. Security vulnerabilities like Log4j are always being released and Mailgun cannot continually audit every third-party code base. The responsibility lies on our users to check the security credentials of any integration with Mailgun.
Mailbox providers
On the other end of our jurisdiction are mailbox providers (MBPs) like Gmail and Apple Mail. Once an email passes any TLS certification and has been accepted by the MBP, the responsibility of data security changes hands.
At this point, the responsibility lies with the end-user to configure their account securely (passwords, 2FA, secure network) and the MBP to store their data securely.
In review
Data privacy is the hot-button issue of the century, and we now know that most emails contain a wealth of sensitive customer information. People have the right to data privacy, regardless of whether that’s their medical history, their account information, or simply their personal tastes and interests.
As senders, it’s our responsibility to protect this data by using the most advanced security tools available and following best practices. Developing trust takes years, but it can be gone in an instant. In the case of compromised emails, it's your sender reputation that takes a massive hit from both customers and mailbox providers.
Between our compliance and security teams, Mailgun is always working hard to improve our security posture. Head over to our Security Portal for a snapshot of our compliance certificates and to download reports.
And remember, choosing a reputable ESP like Mailgun goes a long way, but there are still elements of email security that are your responsibility Get these two elements right, and you’ll sleep soundly with no security-related nightmares disturbing your night’s rest.
Learn about our security commitment
Mailgun's security commitment
Security has been one of Mailgun’s highest priorities since our founding, and to this day, security informs every design decision in our product. Great email sending starts with top-notch security, and our commitment to your data privacy goes beyond simple encryption.