General Feedback

What do you think of our email service? This is the spot for good, bad, or neutral feedback about our main product.
You can also leave feedback on specific features like Inbound Routing, Message Event Logs, or Email Analytics.
If you have feedback that you believe requires an immediate response, don’t post here. Submit a support ticket or email help@mailgun.com. Feel free to interact with other users if you agree, disagree, or found a solution to their feedback.

Please be courteous of others and upvote if you believe strongly enough in an idea!

  1. API Key Permissions/Restrictions to Reduce the Impact of a Leaked Key

    Security Feature:

    It should be possible to restrict the call types that your API key is able to make in order to reduce the impact of a leaked/breached key.

    For example, if my API key is accidentally exposed, an attacker could then go on to exfiltrate data from my account.

    If it were possible to lock down your API key so that it can only make certain call types, the impact of such a breach would be drastically reduced.

    For example, I could lock down my key so that it is only permitted to add/send emails to a particular mailing…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  2. allowed ip addresses for sending messages

    Allowing the smtp account and the api to be used from specified ip addresses would greatly enhance security for sends.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  3. Provide deep linking support (universal links) by client proxy

    Today it is already possible for Mailgun clients to get deep linking working.

    e.g.: Set up Cloudfront "in front of" Mailgun, proxying everything to malign, except the requests for association files.

    This comes at one big downside. The IP resolution is now based on what ever AWS instance handled the request, not the client IP.
    It should be easy to use the Client IP as given by the proxy.

    For extra security, Mailgun could require the proxy to add a special header, to be sue the info is indeed coming from a trusted source.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  4. unable to establish a TLS connection

    I wonder if this kind of error occurs, do you have any retry principle?

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  5. Inbound verification of DKIM signature

    From what I understand based on responses to another support ticket, incoming messages that are processed via mailgun routes are not validated using DKIM. This would seem to pose a security hole. Consider the following scenario:

    * A malicious sender creates a message and signs it using DKIM (but the signature is bad because the sender does not have the private DKIM key.)
    * This message is received by mailgun for processing via routes.
    ** The DKIM signature is not verified by mailgun (according to what I have been told by mailgun support.)
    * Mailgun may add new headers to…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base