Sinch Mailgun’s Commitment to Security and Compliance

Your Security Comes First

Security has been one of Sinch Mailgun’s highest priorities since our founding, and to this day, security informs every design decision in our product. Great email sending starts with top-notch security, and our commitment to your data privacy goes beyond simple encryption.

Our Data Centers, Certifications, and Compliances

Security is a responsibility all of us care deeply about here at Sinch Mailgun. Through regular training on risk prevention and identification, employees are educated on risk factors to ensure they can keep Sinch Email and our customers’ data safe.

Alongside this security training, Mailgun has built our services on top of AWS to provide you with the best security experience possible. In addition to our partnership with an industry-leading hosting provider, Sinch Mailgun is SSAE-16 SOC I & II HIPAA and ISO27001 certified, as well as GDPR compliant.

Sinch Mailgun has partnered with industry leading service providers to supply the best performance and security possible to all of our customers. As such, access to all data centers is highly controlled with around the clock surveillance and biometric access control systems. Additionally, all providers are SOC Type II and ISO 27001 certified.

Application Security

Keeping your account secure is one of our highest priorities, and we’re continually iterating on existing and new security measures to keep you safe.

• 2-Factor Authentication (2FA)

• SAML authentication

• AES-256 encryption-at-rest for all customer data

• Encryption via TLS and HTTPS

• Account lockdown for suspected compromise

• Critical security-based log retention for 365 days

• Third-party bug bounty program

• Daily account data back-ups with incremental/point-in-time encrypted recovery on all primary databases.

• Intrusion detection systems (IDS) in place to detect unauthorized account access

Account and Systems Access Control

Different team members have various responsibilities related to your email sending, and limited access mitigates the risk of something occurring on your account. Administrative access to Mailgun systems and services follows the principle of least privilege. Access to systems is based on job roles and responsibilities.

Alongside these user roles, Sinch Mailgun utilizes individually identifying usernames that are not permitted to be shared or reassigned to another person. Account onboarding and offboarding processes are well documented and followed consistently to ensure proper account access by internal and external systems.

This attention to security applies to our internal systems as well, with VPN and multi-factor authentication being used to access internal support tools and product infrastructure.

Regular patching and maintenance

Sinch Mailgun's patch management process ensures that all of our systems go through a patch once at least a month. Monitoring, alerting, and routine vulnerability scanning occurs to ensure that all product infrastructure runs smoothly after all patches.

When necessary, Mailgun can patch infrastructure in an expedited manner in response to the disclosure of critical vulnerabilities.

Respecting Your Privacy

Your privacy is important to use, and we never share your private information with unauthorized third-parties or sell your email addresses. For more information regarding your data privacy, please refer to our privacy policy.

Reporting Abuse

Bad actors will always find a way, but we want to do everything we can to remove them as soon as possible. If you’ve received spam from a Mailgun customer, or suspect that a customer is within violation of our Acceptable Use Policy; the best way to inform us is to report it to abuse@mailgun.com.

When you report abuse, please send us the full email headers of the spam message to more quickly process your request and clean up our email stream. Our security and compliance teams will take a look as soon as possible to determine the best course of action.