Mailgun by Pathwire’s Commitment to Security and Compliance

Security has been one of Mailgun by Pathwire’s highest priorities since our founding, and to this day, security informs every design decision in our product. Great email sending starts with top-notch security, and our commitment to your data privacy goes beyond simple encryption.

Security is a responsibility all of us care deeply about here at Mailgun by Pathwire. Through regular training on risk prevention and identification, employees are educated on risk factors to ensure they can keep Pathwire and our customers’ data safe.

Alongside this security training, Mailgun has built our services on top of AWS to provide you with the best security experience possible. In addition to our partnership with an industry-leading hosting provider, Mailgun by Pathwire is SSAE-16 SOC I & II HIPAA+HITECH and ISO27001 certified, as well as GDPR compliant.

Mailgun by pathwire has partnered with industry leading service providers to supply the best performance and security possible to all of our customers. As such, access to all data centers is highly controlled with around the clock surveillance and biometric access control systems. Additionally, all providers are SOC Type II and ISO 27001 certified.

Keeping your account secure is one of our highest priorities, and we’re continually iterating on existing and new security measures to keep you safe.

• 2-Factor Authentication (2FA) enabled for all accounts
• SAML authentication Single Sign-On (SSO) support
• AES-256 encryption-at-rest for all customer data
• Encryption via TLS and HTTPS
• Account lockdown for suspected compromise
• Critical security-based log retention for 365 days
• Third-party bug bounty program and regular penetration tests to exercise the integrity of our services and security
• Daily account data back-ups with incremental/point-in-time encrypted recovery on all primary databases.
• Intrusion detection systems (IDS) in place to detect unauthorized account access

Different team members have various responsibilities related to your email sending, and limited access mitigates the risk of something occurring on your account. Administrative access to Mailgun systems and services follows the principle of least privilege. Access to systems is based on job roles and responsibilities.

Alongside these user roles, Mailgun by Pathwire utilizes individually identifying usernames that are not permitted to be shared or reassigned to another person. Account onboarding and offboarding processes are well documented and followed consistently to ensure proper account access by internal and external systems.

This attention to security applies to our internal systems as well, with VPN and multi-factor authentication being used to access internal support tools and product infrastructure.

Mailgun by Pathwire’s patch management process ensures that all of our systems go through a patch once at least a month. Monitoring, alerting, and routine vulnerability scanning occurs to ensure that all product infrastructure runs smoothly after all patches.

When necessary, Mailgun can patch infrastructure in an expedited manner in response to the disclosure of critical vulnerabilities.

Your privacy is important to use, and we never share your private information with unauthorized third-parties or sell your email addresses. For more information regarding your data privacy, please refer to our privacy policy.

Bad actors will always find a way, but we want to do everything we can to remove them as soon as possible. If you’ve received spam from a Mailgun customer, or suspect that a customer is within violation of our Acceptable Use Policy; the best way to inform us is to report it to abuse@mailgun.com.

When you report abuse, please send us the full email headers of the spam message to more quickly process your request and clean up our email stream. Our security and compliance teams will take a look as soon as possible to determine the best course of action.