Email Sending with Your Safety in Mind
Sinch Mailgun’s Commitment to Security and Compliance
Securing your most critical systems with the utmost care for your data
Your Security Comes First
Security has been one of Sinch Mailgun’s highest priorities since our founding, and to this day, security informs every design decision in our product. Great email sending starts with top-notch security, and our commitment to your data privacy goes beyond simple encryption.
Our Data Centers, Certifications, and Compliances
Security is a responsibility all of us care deeply about here at Sinch Mailgun. Through regular training on risk prevention and identification, employees are educated on risk factors to ensure they can keep Sinch Email and our customers’ data safe.
Alongside this security training, Mailgun has built our services on top of AWS to provide you with the best security experience possible. In addition to our partnership with an industry-leading hosting provider, Sinch Mailgun is SSAE-16 SOC I & II HIPAA and ISO27001 certified, as well as GDPR compliant.
Sinch Mailgun has partnered with industry leading service providers to supply the best performance and security possible to all of our customers. As such, access to all data centers is highly controlled with around the clock surveillance and biometric access control systems. Additionally, all providers are SOC Type II and ISO 27001 certified.
Keeping your account secure is one of our highest priorities, and we’re continually iterating on existing and new security measures to keep you safe.
AES-256 encryption-at-rest for all customer data
Encryption via TLS and HTTPS
Account lockdown for suspected compromise
Critical security-based log retention for 365 days
Third-party bug bounty program
Daily account data back-ups with incremental/point-in-time encrypted recovery on all primary databases.
Intrusion detection systems (IDS) in place to detect unauthorized account access
Account and Systems Access Control
Different team members have various responsibilities related to your email sending, and limited access mitigates the risk of something occurring on your account. Administrative access to Mailgun systems and services follows the principle of least privilege. Access to systems is based on job roles and responsibilities.
Alongside these user roles, Sinch Mailgun utilizes individually identifying usernames that are not permitted to be shared or reassigned to another person. Account onboarding and offboarding processes are well documented and followed consistently to ensure proper account access by internal and external systems.
This attention to security applies to our internal systems as well, with VPN and multi-factor authentication being used to access internal support tools and product infrastructure.
Regular patching and maintenance
Sinch Mailgun's patch management process ensures that all of our systems go through a patch once at least a month. Monitoring, alerting, and routine vulnerability scanning occurs to ensure that all product infrastructure runs smoothly after all patches.
When necessary, Mailgun can patch infrastructure in an expedited manner in response to the disclosure of critical vulnerabilities.
Respecting Your Privacy
Bad actors will always find a way, but we want to do everything we can to remove them as soon as possible. If you’ve received spam from a Mailgun customer, or suspect that a customer is within violation of our Acceptable Use Policy; the best way to inform us is to report it to email@example.com.
When you report abuse, please send us the full email headers of the spam message to more quickly process your request and clean up our email stream. Our security and compliance teams will take a look as soon as possible to determine the best course of action.