Back to main menu


Outgoing message security settings now available in the control panel

With the rapid increase in adoption of TLS over the last several years, providers are preparing to notify users when they receive unencrypted messages.



This was announced on December 2, 2015.

Before the birth of the modern Internet, e-mail was primarily used for exchanging messages across private networks where there was minimal risk of interception. As the use of e-mail proliferated for business and e-commerce purposes, mail delivery continued to rely on protocols that were not designed with information security concerns in mind. Over time, techniques were developed and adopted to improve the security of e-mail as it traveled across the Internet.

One of the techniques used to improve the security of email is to encrypt the SMTP communication channel through a technique known as TLS (transport layer security). TLS ensures that a message and its metadata is encrypted as it passes between the sending and receiving mail server. It’s important to note that the scope of TLS is simply to encrypt data in transit. It does not enforce any security guarantee regarding how the message is stored or delivered to the recipient.

Adoption of TLS in the Industry

With the rapid increase in adoption of TLS over the last several years, providers, including Gmail, are preparing to notify users when they receive messages that have not been encrypted in transit. Mailgun is prepared for this important change in the industry.

Mailgun Supports TLS

By default, Mailgun attempts to take advantage of TLS when it is supported by the receiving mail server. In these exchanges, we also check the validity and legitimacy of the mail server’s certificate. In situations where a server doesn’t support TLS, we simply send the message unencrypted. For many users, these are reasonable defaults, however, more companies have requirements that mandate the use of TLS for message exchange. As of today, Mailgun gives you the ability to configure these settings in the control panel on a per-domain basis.

Once you navigate to your domain, you can expand the “Security Settings for Outgoing Mail” section where you will be able to configure whether the domain forces TLS or uses the default opportunistic mode and if strict certificate validation is enforced.

Mailgun also offers the ability to configure these settings on a per-message basis. Any setting that is applied at the message level overrides the settings applied to the domain. More information about setting and configuring the TLS settings for your domain is available in our documentation.

If you have questions about this new feature, please reach out to a member of our support team by creating a ticket in the Help Center.

Sign Up

It's easy to get started. And it's free.

See what you can accomplish with the world’s best email delivery platform.

Related readings

Mailgun launches automated IP warm up service

Today, we’re happy to share that there’s a new, automated way to prepare your dedicated IPs to send email through Mailgun...

Read more

An expanded Mailgun product suite to transform email deliverability

Today marks a special day for Sinch Mailgun. For over a decade, our focus has been to provide the best email experience for businesses all around the world. Now, we take...

Read more

Forrester TEI study reveals Sinch Mailgun ROI and outcomes

When an enterprise starts working with Sinch Mailgun, what’s the financial impact that choice has on the business? It’s a good question – but not exactly an easy one to answer...

Read more

Popular posts

Email inbox.

Build Laravel 10 email authentication with Mailgun and Digital Ocean

When it was first released, Laravel version 5.7 added a new capability to verify user’s emails. If you’ve ever run php artisan make:auth within a Laravel app you’ll know the...

Read more

Mailgun statistics.

Sending email using the Mailgun PHP API

It’s been a while since the Mailgun PHP SDK came around, and we’ve seen lots of changes: new functionalities, new integrations built on top, new API endpoints…yet the core of PHP...

Read more

Statistics on deliverability.

Here’s everything you need to know about DNS blocklists

The word “blocklist” can almost seem like something out of a movie – a little dramatic, silly, and a little unreal. Unfortunately, in the real world, blocklists are definitely something you...

Read more

See what you can accomplish with the world's best email delivery platform. It's easy to get started.Let's get sending
CTA icon