Back to main menu

Product

Session awareness & account management: How active are you?

Keep your Mailgun account protected from bad actors through account sessions. Read more...

PUBLISHED ON

PUBLISHED ON

October has come to an end, and with it, everything else associated with October like National Cybersecurity Awareness Month (NCSAM). While NCSAM might be over, security doesn't stop because a calendar month has come to a close. If it did, we'd all be having a bad time 11 months out of the year!

Here at Mailgun, we take cybersecurity extremely seriously. When it comes to our customers’ emails, a compromised account can mean compromises for their end users as well. To mitigate that risk, we develop new security protocols and measures to make sure that our customers can have better insight into their account security, as well as better ways to protect themselves from bad actors.

All that said, let’s get a better idea of what a session actually is, and for that, let’s go to the movies.

Imagine this

A session is a lot like going to the movies. You walk up to the box office (the login screen) and provide your payment information (your username and password) with the clerk (the application) to buy a ticket to get into the theatre (the platform). After that, you walk into the theatre and flash your ticket to prove you've paid to see the movie (to sign in to the application successfully). From there, you get to watch the film (i.e., collect data, reply to tickets, etc.) for a couple of hours until it's time for you to leave and go home (log out of the application).

But imagine that someone took your payment information, and suddenly you couldn't buy a movie ticket. Not fair, right? They get to use your money to buy a ticket somewhere else, and you're left kicking the dirt outside of the theatre.

Compromises suck

Weird movie theatre metaphors aside, there isn't anything funny about a compromised account. It can cause a substantial negative impact on your sending reputation and leave long-lasting damage on your business, depending on what the compromiser does with the account. Plus with the increasing number of cybersecurity attacks in recent years, it is a great time to start now on being vigilant about all of your accounts, including your Mailgun account.

Monitor your sessions

In regards to the above scenario, Mailgun offers a couple of ways for you to take control and manage your account to help prevent account compromises from happening. We offer a multi-factor authentication method, session timeout preferences, role-based access control, and a shiny, new widget in the control panel that you may have already seen. 

This new widget allows you to see the current, active sessions of those who have access to your account. A user can look at this widget and see when and where the last sign on occurred for a given account. From there, it can be determined whether or not the session is legitimate or a compromise. For example, a typical red flag would be seeing that someone who is typically locally signed in from a whole new country or from an unfamiliar IP.

Cybersecurity Best Practice

Need a little extra help in building your cybersecurity awareness with your Mailgun account? You can secure your account for any and all who have access to the account and maintain its security by:

  1. Activating Multi-Factor Authentication methods and making sure others do so as well

  2. Monitoring active sessions and reporting anything that appears out of the ordinary

  3. Maintaining the list of those who have access to the account is up to date, and

  4. Making sure only those who need access to the account have access to the account

  5. Making sure those who have access to the account have the appropriate account privileges

  6. Setting up session timeout preferences to prevent people from piggybacking off of any sessions that may still be alive

Security improvements happen constantly

While this is not the peak of security options we wish to have available to you, we're always looking to create better ways to keep your Mailgun account secure. The best way to help us make that possible is to go through your account and make sure that you have everything locked down on your end. By taking advantage of all the security measures we have to offer, you're creating the safest environment for your Mailgun account. Fewer compromises mean less stress for you, and more time doing what you do best with Mailgun - sending email.

PS – We would recommend doing things like this for all of the services you use, both personally and professionally.

Let's talk email

Learn about our deliverability services

See what you can accomplish with the world's best email delivery platform and experts at your disposal.

Related readings

Bulk validations: Accurate and fast AF

Cleaning an old email list is one of those must needed chores that nobody really wants to do...

Read More

Mailgun for non-devs: Leveraging an email marketing platform

This guest post comes from Ongage, a front-end email marketing platform that integrates nicely with ESPs like Mailgun and empowers...

Read More

How to improve your email deliverability for the future of email

If your customers aren’t getting your emails, then there’s a good chance that your email program needs some refreshing with these email deliverability tips taken from Email Camp: MessageMania speaker and industry pro, Laura Atkins.

Read More

Popular posts

Email inbox.

Email

5 min

Build Laravel 11 email authentication with Mailgun and Digital Ocean

Read More

Mailgun statistics.

Product

4 min

Sending email using the Mailgun PHP API

Read More

Statistics on deliverability.

Deliverability

5 min

Here’s everything you need to know about DNS blocklists

Read More

See what you can accomplish with the world's best email delivery platform. It's easy to get started.Let's get sending
CTA icon