Please consider providing the timestamp, token and signature as http headers. Some frameworks such has JAX-RS provide the ability to validate an incoming request via interceptors. This is difficult to do with form data as it is processed later in the request.
Ideally this would be done similar to Twilio https://www.twilio.com/docs/security
Based on this we could verify the request before actually decoding the form data.3 votes
Most Serial to Ethernet server devices use a POST method similar to the following:
Serial.println ("POST: http://domain.com HTTP/1.0");
Serial.println ("Host: domainhost");
I have used this method to post data to data logging web sites and would like to use the same method for emailing. Thanks.3 votes
Some gateways can track when a customer deletes an email. This is an important indication of the recipient's attitude towards the email received, especially for marketing emails, but also for other types.2 votes
Right now, Mailgun will send the exact same email to our customers if the message ID is different. Some of our customers have received more than 150 copies of the exact same email, each within seconds of the last, because the message ID# for each is different, even though the subject line and content of the email is identiical. There ought to be a way for Mailgun to notice when it is sending the same email to the same person over and over again.2 votes
wouldn't it be a nice possibility to receive inbound Emails via forwarding? We mostly cannot point to mailgun mailserver via MX record. But we could configure the Email addresses in question to be forwarded to email@example.com.
Greetings from Germany,
Tobias Jamin2 votes
The account disable process as currently defined is somewhat user-hostile. There are a couple small items that would make the actual experience less disruptive and easier for everyone to resolve. First and foremost, disabling the logs page on the impacted domain seems to be counter productive. I was hoping to be able to investigate for malicious behavior via those logs. Disabling the page means that I had to waste the time of the support staff to help root cause the problem (thanks again Raquel!). Secondly, the quick-pass onboarding process doesn't call out that inbound messages can impact the operation of the domain. In my case a spam email sent to my domain and forwarded via a mailgun route caused lead to my domain being disabled. At best this is going to lead to the situation that happened on my account, at worst it could be leveraged as a denial of service attack against users that host their domains on your platform. The smallest possible change to rectify this is to make the default account settings safe -- in this case that means that the spam filter must be enabled to block mail by default. There are a variety of user-centric ways that behavior could be improved, but I'd argue that the current defaults are nonsensical for most users. I understand what you've configured the system policies the way that they're currently setup, but it seems like they're likely to drive a negative customer experience at best and could lead to malicious attacks at worse.
The account disable process as currently defined is somewhat user-hostile. There are a couple small items that would make the actual experience less disruptive and easier for everyone to resolve. First and foremost, disabling the logs page on the impacted domain seems to be counter productive. I was hoping to be able to investigate for malicious behavior via those logs. Disabling the page means that I had to waste the time of the support staff to help root cause the problem (thanks again Raquel!). Secondly, the quick-pass onboarding process doesn't call out that inbound messages can impact the operation of…3 votes
I'm happy to help and I'm glad you open sourced this library, but please let pull requests in and ship it to production :)6 votes
- mailing list recipients
- logs3 votes
I find the failed reason value passed to webhook and classfied in Mailgun event log are different.
e.g. we just can get the reason value like "hardfail" or "old" from webhook, but we use Event api can get "bounce", "suppress-bounce", "old", "suppress-Complaint", .... these many reasons. so we want Mailgun can make the reason values are consistent in both ends.2 votes
This would be a useful safety feature in the event that something goes wrong in user code that is pushing messages thru mailgun.4 votes
Currently, Mailgun re-signs emails using DKIM and modifies mail headers when forwarding incoming mail. This causes Gmail, and possibly other spam filters, to give the email more trust than it should have. Could an option be provided to forward the existing envelope, without re-signing?2 votes
The time of the event is important to us and if the event time is only available from the Event API, then we will have to make additional calls to the Event API for EVERY single notification(delivered, failed, open, click etc), which may add significant load to our (and probably yours) server and network.2 votes
Add some options to segment list sending, or create temporary lists based on number of list members.4 votes
When sending out to a large list, a user may sometimes wish to throttle the sends over a time period to avoid having too many responses or heavy web traffic all hitting at once.4 votes
Add "block" as a third option in spam_action with the Domains API.3 votes
Add the ability to track email sends (hourly) in the dashboard so they can be compared directly against opens. This would greatly improve the ability to assess best send times that garner the highest open/click rates for recipients by drilling down into open rate by the hour the email was sent.3 votes
Would be great to define the outbound IP address (of those in my pool), for which emails will deliver, upon submitting to the API.5 votes
Show the date an email address has been added to a mailing list.2 votes
I'd like some basic footer information included on every email that gets sent to a mailing list. Eg something like:
Thanks for using somethingsomething, visit us here <link>
Or call us anytime on <number>
It would be great to just use the current Templating functionality to attach a Footer Template.1 vote
- Don't see your idea?