- What's new
Mailpets: For The Love Of Animals
Mailgun has completed patching all of our infrastructure against the recently announced GHOST security vulnerability.
GHOST is a security vulnerability in the gethostbyname*()
family of functions of GNU C Library (glibc). This particular vulnerability allows an attacker to potentially take over a server via either a local or remote exploit.
We have monitored our logs and have no reason to believe an attacker exploited our infrastructure, this was an entirely a preventive measure. No customer data was lost or affected.
We strongly recommend all customers review and patch their infrastructure accordingly as well.
To provide a little insight into our security posture here at Mailgun, I’d like to share the following information about how we deal with security vulnerabilities.
We try to minimize the effects on our customers. That means we typically do rolling updates to ensure that a part of Mailgun is always running. This takes longer, but it allows us to minimize downtime.
For security vulnerabilities that come with either a proof of concept (POC) and/or are remote exploits for services we run, we apply these patches immediately. We also check our logs to ensure that no one was able to successfully exploit the vulnerability before we were able to patch it.
For security vulnerabilities that do not come with a POC and/or are local exploits, we typically patch our infrastructure according to our patching schedule. We do this because it takes longer to go from bug to exploit than our patching period.
We are pretty diligent about applying security updates whenever they become available. While it may seem like a low payoff way to protect server infrastructure, it actually raises the bar for the attacker. Keeping your infrastructure patched makes automated tools ineffective and requires the attacker find a bug in either our server configuration or our application itself which raises the bar for the sophistication of the attacker significantly.
Last updated on August 26, 2019
Mailpets: For The Love Of Animals
A Word of Caution For Laravel Developers
Privacy Matters: Your Data Is Safe With Us
TLS Version 1.0 and 1.1 Deprecation
The Mailgun Maverick Program Is Here!
Force for Change: It's Time to Speak Out
Preparing Your Email Infrastructure Correctly
When Should You Use An Email API?
4 Tips To Improve Your Email Deliverability In 2021
Mailgun’s COVID-19 Plan of Action
Easier and Faster Implementation with Our Updated SDKs
We stand with the AAPI community
The Difference Between SMTP and API
The Basics of Email Dark Mode
COVID-19 Survey: How the Pandemic Has Affected Email Sending
Mailgun Validations Features Improved Performance for EU Customers
International Women’s Day: How Pathwire’s Female Leaders Choose To Challenge
The Top Email Clients and Email Apps of 2021
How To Build An Email List The Right Way
The Path To Email Engagement In 2021: Key Learnings
Easier and Faster Implementation with Our Updated SDKs
We stand with the AAPI community
The Difference Between SMTP and API
Preparing Your Email Infrastructure Correctly
4 Tips To Improve Your Email Deliverability In 2021
COVID-19 Email Communications Dos and Don’ts
How To Use Parallel Programming
Mailgun’s COVID-19 Plan of Action
Password Meters Are Not For Humans
Send Your Emails at the Perfect Time with Send Time Optimization
Always be in the know and grab free email resources!
By sending this form, I agree that Mailgun may contact me and process my data in accordance with its Privacy Policy.