The API has the IP whitelist to restrict what IPs can make calls to our API points. Occasionally, we will have customers ask if this feature is available for the SMTP channel as well.

I've had a few issues with other SMTP services where our SMTP credentials were compromised and we'd see unauthorized activity on our accounts.

Although we protect our credentials carefully, we sometimes have contractors and other workers on our systems, and it's not impossible that our SMTP credentials could be discovered by some of them. A simple extra layer of security in your SMTP relay could help to prevent a lot of the resulting fraud.

The idea would be to check a whitelist of permitted source (client) IP addresses when authenticating the SMTP transaction. If someone attempts to use our account with a source IP address not in our list, you'd be able to prevent them from using our account in an unauthorized way.

Amazon's SES implements a similar feature...when you specify SMTP credentials, they use their IAM platform to authenticate the user, and you can create rules to control the context where your account can be used. For example, with SES enforcing a "sourceIP" restriction, someone that steals our credentials and tries to send email from their own server generally will be thwarted.

Yes, it's likely not 100% foolproof, but the hacker that picks up our email host/user/password and just tries to send bulk mail through our account would likely be caught. This extra protection would be very valuable to us.

Hello,

I have duplicated our CRM instance to do some tests and was surprised to see that it works with Mailgun without any need to reconfigure.

As our production and test version are hosted separately at different IP, I would like to see a feature that will allow us to specify a list of IP address(es) that Mailgun is authorized to relay the emails from.

Below is Mailgun's response:

"If your CRM is utilizing our API, then you can specify a list of IPs or event CIDR block for your servers on our IP API Security page in the Control Panel: https://app.mailgun.com/app/account/security/api_keys

Currently, we do not offer this type of feature for SMTP relaying. We have a page set up to receive feedback/feature requests at https://feedback.mailgun.com/. Feel free to submit this request. Other users can upvote the request, and our developers will review the requests and take them into consideration for future versions of our product."

Please upvote this feature request if you'd like Mailgun to add this feature in for SMTP relaying. Thanks for your support!

Devin