Mailgun release notes

Mailgun now supports TLS client certificate validation for webhook traffic, providing an added layer of protection to a customer's receiving servers. All webhook requests from 'webhooks.mgsend.net' include a certificate issued by DigiCert, allowing receiving servers to verify the source of the request. Customers can validate the certificate and ensure the Common Name (CN) is 'webhooks.mgsend.net' before accepting the request.

User can now leverage the Mailgun API to enable or disable automated IP warm-up as well as check the status of the current stage the IP is in the warm-up process. For more information, please refer to our documentation <<https://documentation.mailgun.com/docs/mailgun/api-reference/openapi-final/tag/IP-Address-Warmup/>>.

We have seen an increase in open events which match our analysis of bot engagement for bot activity based on known user agents and egress IPs, but fall outside our timing window. To compensate, we have increased the timing window which will increase bot engagements related to Google Workspace hosted domains and consequently adjust organic open rates based on this change.

We have refreshed the subaccount management page that details more relevant data points for primary account users needing an organizational overview of their subaccounts.

You can now easily see subaccount status, user/domain/API key counts, IP/IP Pool assignments, and more, as well as filter by subaccount status and export the data as a CSV file.

We’ve introduced a new, dedicated interface for managing subaccount access to key features like Email Previews, Validations, and Inbox Placement. In addition, primary account users can now set Message Sending Limits per subaccount — giving greater control over message consumption for Contract Customers managing multiple subaccounts.

Now available for contract customers, Dynamic IP Pools automatically groups and manages domains based on reputation signals like bounce and complaint rates. This helps simplify deliverability oversight, reduce risk, and protect high-performing senders — all without manual intervention. Users will also have control to override or lock pool assignments as needed.

This feature is opt-in — to enable Dynamic IP Pools for your domains, visit the IP Pools settings page or set up via the Dynamic Pools API endpoint.

Mailgun has released our pre-send quality assurance suite – Mailgun Inspect. This suite will offer Accessibility Testing against the latest guidelines, Link & Image Validation, and Email Previews in over 100 devices (including dark mode).

When creating a new sending domain via the Domains API, the `smtp_login` field will not return a value as SMTP credentials are no longer generated automatically. To create SMTP credentials, use the Credentials endpoint or configure them in the UI under domain settings.

Mailgun now provides aggregate DMARC reporting in partnership with Red Sift.

• Aggregate DMARC Reports: Gain insights into email authentication and security with detailed DMARC reports.
• DMARC DNS Record Generation: Easily generate DMARC records as part of our DNS setup process.

These updates help improve domain security and email deliverability.

Mailgun now provides partners the ability to control customer access to key products like Email Validations and Optimize's deliverability tools. Enable or disable specific features at the subaccount level through both the Subaccounts API features endpoint and the ‘Manage Features’ override from the UI.

Mailgun has added the ability to pull account usage via the UI and API. These usage tracking reports provide real-time reporting on: 

• messages 
• Validations 
• Inbox placement tests 
• Email previews 

Usage consumption reporting includes the entire account, making it easy to forecast and manage consumption. Usage tracking reports are accessible via ‘Account Settings’ and ‘Plan & Billing’ within the UI, and programmatically via the ‘Analytics/Usage/Metrics’ endpoint.  

Users are now able to drill down from analytics into the associated logs. This is an incredibly powerful improvement to our reporting capabilities and positions Mailgun as the leader in reporting capabilities. 

New features alongside this integration include: 

• Users may export up to 1000 logs to a csv file. 
• Logs are no longer tied to domains, allowing users to view all logs for all domains in a single view. 
• Subaccount logs are displayed alongside parent logs. 
• Advanced filtering allows users to filter by 25 dimensions including user variables and delivery status messages. 

Admin users can now programmatically retrieve a list of user accounts via the Users API endpoint. All users can now retrieve their own user account details, and Admin users can make a GET call to return specific details for a user on the account.  

For more information on public API endpoints and access levels per role, please visit our documentation. 

By utilizing CNAME DNS records for DKIM keys, users can elect to have Mailgun automatically rotate their DKIM keys, offering additional sender security. Mailgun will create 2048-bit DKIM keys and rotate them once every 120 days, with the option to force rotate keys at any time.

Admin users can now programmatically create API keys via an API Keys API endpoint. This also includes the ability for an admin user to create a sending/domain API key using a primary account API key. Additionally, we made public our SMTP Credentials API and IP Allowlist (Whitelist) API. For more information on public API endpoints and access levels per role, please visit https://documentation.mailgun.com/docs/mailgun/user-manual/mg_security/#rbac-api-key-permissions-based-on-role.

Mailgun’s Analytics have been completely rebuilt. Utilizing OLAP cubes to power the backend, reports will now load quickly regardless of your send volume. Because of this performance improvement, you can now:

• Select up to 3 dimensions for your tabular data views
• Filter on multiple values and operators like “equals”, “not equals”, “contains”, and “not contains”.

Future forward, our analytics team will be working to rebuild the logs platform to integrate with our analytics solution, allowing for seamless analysis across features.

Introducing email health score, our proprietary scoring for email program success and improvement. Based on your account, IPs, domains, and emails delivered (minimum of 10,000 emails sent over the past 30 days), the email health score points to the areas of improvement with recommendations for detractor remediation. Points are based on health sending habits as well as bad ones, including high bounce rates, complaints, critical failures, and more.

We have released GZIP compression support on our /messages API endpoint. This allows API users to compress their API requests to send messages, thereby reducing network overhead and bandwidth costs.

Introducing Role-Based Access Control (RBAC) for API key users.  Previously, RBAC was implemented as a user management feature on our dashboard. Now, the RBAC concept has been applied to new API keys by giving an Admin user the ability to assign a pre-defined role that controls API access at the user level. This reduces the risk of account compromise, and provides more control over what API endpoints users can (and can’t) access.

We have added a new metric – ‘time_to_deliver_first_attempt’ - to the delivered event representing the time (measured in seconds) from the point Mailgun accepts your message send request to connection to recipient host for email transmission.

We have updated the navigational flow of the Mailgun UI to bring our Optimize and Validate products into a single app experience. This release also includes an in-app walkthrough of new navigation experience.

Validations Engagement Results attribute an engagement type to the email address that is validated. Through this, customers can segment their email list(s) based on engagement activity. This activity result is based on the past 30 days of engagement at the time of validation.

A primary account can now assign an IP pool from the primary to their subaccounts via the UI and/or API. Alongside this, the IP pool can be allocated to any sending domains on the assigned subaccount(s), as well as allowing for the assignment of the same IP pool to multiple subaccounts.

For outbound messages, we added the Mailbox Provider (displayed as recipient provider) to the event webhook payloads as well as the event logs in the Mailgun application. This will allow customers to analyze their sending performance per Mailbox Provider.

We have updated and modernized our publicly available help and API reference at https://documentation.mailgun.com/

We have updated our officially supported libraries to include subaccount API operations.

We have added ARC headers to all inbound email routed and forwarded by Mailgun. This change was implemented to better align with policy changes at Google and Yahoo.

Also, since we can retain authentication on the forward, DMARC compliance should be retained.

We have enhanced the header X-Mailgun-Sending-Ip-Pool to allow a subaccount to send via a primary account-level IP pool. This change was made to support a few different use cases but should remove the burden for primary account users to micro-manage IP allocation on the subaccount level.

Our new IP Allowlist now secures both API and SMTP connections to Mailgun. We have moved the feature into its own navigation item in the settings menu: IP Access Management. Additionally, you are now able to add your own description when creating a new list entry or by updating existing entries.

We have launched a new region switcher in the top navigation of the Mailgun application that quickly and easily allows users to switch between our US and EU region for managing assets.

For supported plans we have added filters and groupings for both subaccounts and IP Pools.

Mailgun has increased the max scheduling window for messages from 3 to 7 days. The scheduling window is based on the plan's message retention, i.e., Foundation message retention is 1 day, so the max scheduling window is 1 day. Scale message retention is 7 days, so the max scheduling window is 7 days.

We have officially released our long-anticipated subaccounts feature. We hope to assist a number of user cases that need self-provision and segment Mailgun accounts based on business unit, email type, or serving your own end-users. Please note that the subaccounts feature is currently reserved for contract customers.

Mailgun has launched a long-anticipated upgrade to our API key management system that allows the creation of multiple API keys for users who are managing multiple applications. We also upgraded the security of our keys, meaning they will be hashed in our database, and we will be unable to display them in plain text once generated.

Mailgun will now push an event data payload to your URL when Mailgun accepts the request to send/forward the email and the message has been placed in queue.

We have implemented changes to affect how Mailgun shared IPs are allocated to sending domains. When a sending domain is only using shared IPs, these IPs are no longer explicitly assigned to the sending domain. The sending domain will use shared IPs designated at send time. As such, the UI will not show explicitly assigned shared IPs. 

We have added the option to place a tracking pixel at top of email. This is to assist senders that may be sending large emails that are only being partially rendered/displayed at the recipient causing inaccurate engagement rates when tracking pixel is by default located at the bottom of messages.

See our documentation on the setting as well as an API reference on the new parameter.

We've launched the ability to manage up to 3 active DKIM keys for a sending domain which will allow a user to manually rotate their DKIM key, or upgrade their key(s) from 1024 bit to 2048 bit keys without having to delete and re-add a domain. See our Help Article here: How do I rotate my DKIM key? or our API docs at Domains — Mailgun API documentation for more information.

We've added the following updates to our Templates offering:

• Ability to store headers (Subject, From-address, Reply-to address) directly on a template, which will allow you to send a message providing just the recipient and template name.
• Removed limitations in template name that prevented the use of capital letters, spaces and special characters (template name is now encoded)
• Fixed an issue where templates that included some Handlebars helpers were not rendering in the Mailgun application.

Mailgun has released support for payment using EUR and GBP currencies. This will allow new users signing up to choose their preferred currency (USD, EUR, GBP) for billing purposes.

We've released the ability to view and manage linked domains on the Edit IP Pools modal located at https://app.mailgun.com/app/account/ip-pools/list.

Mailgun has retired the 'htmlonly' open tracking setting and has removed the option from our API and application. This was a legacy setting that had low adoption and should have an extremely low impact on customers.

We released a small update to our /ip_pools endpoint to allow a user to issue a GET call to https://api.mailgun.net/v1/ip_pools/<pool_id> to be able to retrieve information about the IP Pool such as which IPs and domains are associated with that IP Pool, along with the usual name and description.

UI updated to support manual creation of SMTP password when creating a new credential or resetting password for SMTP login previously created. While it is recommended to use the more secure, auto-generated password, some use cases needed the character count of the password to be shorter.

Fixed Resend message modal from Logs page to pre-populate original recipient address. Removed non-relevant placeholder text.