TLS connection control

Overview

For message delivery, we will expose two new flags that will work at the domain level or message level (message level will override domain level) that allow you to control how messages are delivered:

• require tls: If set to True this requires the message only be sent over a TLS connection. If a TLS connection can not be established, Mailgun will not deliver the message. If set to False, we will still try and upgrade the connection, but if we can not, we will downgrade and deliver over a plaintext SMTP connection. The default is False.

• skip verification: If set to True, the certificate and hostname will not be verified when trying to establish a TLS connection and Mailgun will accept any certificate during delivery. If set to False, Mailgun will verify the certificate and if it can not, a TLS connection will not be established. The default is False.

Details on how the message was delivered will be exposed in our Logs, look for a few additional flags under the delivery-status document:

• tls: This indicates if a TLS connection was used or not when delivering the message.

• certificate-verified: This indicates if we verified the certificate or not when delivering the message.

• mx-host: This will tell you the MX server we connected to to deliver the message.

Examples

If you have a single message you would like to deliver with custom connection settings, you can send it like so:

If you would like to configure an entire sending domain to deliver messages in a particular manner:

Check that your configuration was correct:

Lastly, if you take a look at your Mailgun Logs, you should see the delivery-status document has the new fields mentioned above.

Check out our documentation here, or sign up for free below: