Session awareness & account management: How active are you?

Keep your Mailgun account protected from bad actors through account sessions. Read more...



October has come to an end, and with it, everything else associated with October like National Cybersecurity Awareness Month (NCSAM). While NCSAM might be over, security doesn't stop because a calendar month has come to a close. If it did, we'd all be having a bad time 11 months out of the year!

Here at Mailgun, we take cybersecurity extremely seriously. When it comes to our customers’ emails, a compromised account can mean compromises for their end users as well. To mitigate that risk, we develop new security protocols and measures to make sure that our customers can have better insight into their account security, as well as better ways to protect themselves from bad actors.

All that said, let’s get a better idea of what a session actually is, and for that, let’s go to the movies.

Imagine this

A session is a lot like going to the movies. You walk up to the box office (the login screen) and provide your payment information (your username and password) with the clerk (the application) to buy a ticket to get into the theatre (the platform). After that, you walk into the theatre and flash your ticket to prove you've paid to see the movie (to sign in to the application successfully). From there, you get to watch the film (i.e., collect data, reply to tickets, etc.) for a couple of hours until it's time for you to leave and go home (log out of the application).

But imagine that someone took your payment information, and suddenly you couldn't buy a movie ticket. Not fair, right? They get to use your money to buy a ticket somewhere else, and you're left kicking the dirt outside of the theatre.

Compromises suck

Weird movie theatre metaphors aside, there isn't anything funny about a compromised account. It can cause a substantial negative impact on your sending reputation and leave long-lasting damage on your business, depending on what the compromiser does with the account. Plus with the increasing number of cybersecurity attacks in recent years, it is a great time to start now on being vigilant about all of your accounts, including your Mailgun account.

Monitor your sessions

In regards to the above scenario, Mailgun offers a couple of ways for you to take control and manage your account to help prevent account compromises from happening. We offer a multi-factor authentication method, session timeout preferences, role-based access control, and a shiny, new widget in the control panel that you may have already seen. 

This new widget allows you to see the current, active sessions of those who have access to your account. A user can look at this widget and see when and where the last sign on occurred for a given account. From there, it can be determined whether or not the session is legitimate or a compromise. For example, a typical red flag would be seeing that someone who is typically locally signed in from a whole new country or from an unfamiliar IP.

Cybersecurity Best Practice

Need a little extra help in building your cybersecurity awareness with your Mailgun account? You can secure your account for any and all who have access to the account and maintain its security by:

  1. Activating Multi-Factor Authentication methods and making sure others do so as well

  2. Monitoring active sessions and reporting anything that appears out of the ordinary

  3. Maintaining the list of those who have access to the account is up to date, and

  4. Making sure only those who need access to the account have access to the account

  5. Making sure those who have access to the account have the appropriate account privileges

  6. Setting up session timeout preferences to prevent people from piggybacking off of any sessions that may still be alive

Security improvements happen constantly

While this is not the peak of security options we wish to have available to you, we're always looking to create better ways to keep your Mailgun account secure. The best way to help us make that possible is to go through your account and make sure that you have everything locked down on your end. By taking advantage of all the security measures we have to offer, you're creating the safest environment for your Mailgun account. Fewer compromises mean less stress for you, and more time doing what you do best with Mailgun - sending email.

PS – We would recommend doing things like this for all of the services you use, both personally and professionally.

Let's talk email

Learn about our deliverability services

See what you can accomplish with the world's best email delivery platform and experts at your disposal.

Related readings

The basics of SPF records

SPF doesn’t refer to how long you can wait before you have to reapply your sunblock (seriously, go get some). Instead, the term “SPF” refers to a security measure that helps...

Read more

The golden age of scammers: AI-powered phishing

Long live the prince of Nigeria, he had a good run. Gone is the age where scammers wield the same mediocre power as a snake oil salesman, reliant on their own persuasion and...

Read more

An expanded Mailgun product suite to transform email deliverability

Today marks a special day for Sinch Mailgun. For over a decade, our focus has been to provide the best email experience for businesses all around the world. Now, we take...

Read more

Popular posts

Email inbox.

Build Laravel 10 email authentication with Mailgun and Digital Ocean

When it was first released, Laravel version 5.7 added a new capability to verify user’s emails. If you’ve ever run php artisan make:auth within a Laravel app you’ll know the...

Read more

Mailgun statistics.

Sending email using the Mailgun PHP API

It’s been a while since the Mailgun PHP SDK came around, and we’ve seen lots of changes: new functionalities, new integrations built on top, new API endpoints…yet the core of PHP...

Read more

Statistics on deliverability.

Here’s everything you need to know about DNS blocklists

The word “blocklist” can almost seem like something out of a movie – a little dramatic, silly, and a little unreal. Unfortunately, in the real world, blocklists are definitely something you...

Read more

See what you can accomplish with the world's best email delivery platform. It's easy to get started.Let's get sending
CTA icon