Outgoing message security settings now available in the control panel

With the rapid increase in adoption of TLS over the last several years, providers are preparing to notify users when they receive unencrypted messages.



This was announced on December 2, 2015.

Before the birth of the modern Internet, e-mail was primarily used for exchanging messages across private networks where there was minimal risk of interception. As the use of e-mail proliferated for business and e-commerce purposes, mail delivery continued to rely on protocols that were not designed with information security concerns in mind. Over time, techniques were developed and adopted to improve the security of e-mail as it traveled across the Internet.

One of the techniques used to improve the security of email is to encrypt the SMTP communication channel through a technique known as TLS (transport layer security). TLS ensures that a message and its metadata is encrypted as it passes between the sending and receiving mail server. It’s important to note that the scope of TLS is simply to encrypt data in transit. It does not enforce any security guarantee regarding how the message is stored or delivered to the recipient.

Adoption of TLS in the Industry

With the rapid increase in adoption of TLS over the last several years, providers, including Gmail, are preparing to notify users when they receive messages that have not been encrypted in transit. Mailgun is prepared for this important change in the industry.

Mailgun Supports TLS

By default, Mailgun attempts to take advantage of TLS when it is supported by the receiving mail server. In these exchanges, we also check the validity and legitimacy of the mail server’s certificate. In situations where a server doesn’t support TLS, we simply send the message unencrypted. For many users, these are reasonable defaults, however, more companies have requirements that mandate the use of TLS for message exchange. As of today, Mailgun gives you the ability to configure these settings in the control panel on a per-domain basis.

Once you navigate to your domain, you can expand the “Security Settings for Outgoing Mail” section where you will be able to configure whether the domain forces TLS or uses the default opportunistic mode and if strict certificate validation is enforced.

Mailgun also offers the ability to configure these settings on a per-message basis. Any setting that is applied at the message level overrides the settings applied to the domain. More information about setting and configuring the TLS settings for your domain is available in our documentation.

If you have questions about this new feature, please reach out to a member of our support team by creating a ticket in the Help Center.

Sign Up

It's easy to get started. And it's free.

See what you can accomplish with the world’s best email delivery platform.

Related readings

Security matters: Say hello to two-factor authentication (2FA)

It’s that kind of Monday: You show up to work, and you’ve been logged out of your Mailgun account. You input your password, and it prompts you to enter a verification code sent via...

Read more

Weekly product update: Improvements to email verification API

A few weeks ago, we launched a new API to validate email addresses submitted through web forms (API reference & demo)...

Read more

Continuing our commitment: HTTPS innovation and optimization

That drive hasn’t left us in over ten years, and it carries on in every new feature we...

Read more

Popular posts

Email inbox.

Build Laravel 10 email authentication with Mailgun and Digital Ocean

When it was first released, Laravel version 5.7 added a new capability to verify user’s emails. If you’ve ever run php artisan make:auth within a Laravel app you’ll know the...

Read more

Mailgun statistics.

Sending email using the Mailgun PHP API

It’s been a while since the Mailgun PHP SDK came around, and we’ve seen lots of changes: new functionalities, new integrations built on top, new API endpoints…yet the core of PHP...

Read more

Statistics on deliverability.

Here’s everything you need to know about DNS blocklists

The word “blocklist” can almost seem like something out of a movie – a little dramatic, silly, and a little unreal. Unfortunately, in the real world, blocklists are definitely something you...

Read more

See what you can accomplish with the world's best email delivery platform. It's easy to get started.Let's get sending
CTA icon