I think these suggestions do not actually improve security. The only way to make sure that content can be trusted is through authentication or by signing the message.
For instance: A client can easily fake any user agent, so unless the user agent contains a secret that is only shared with you and Mailgun, this does not improve security at all.
Or an ip address can easily be spoofed, so I can easily get around that firewall.
I think these suggestions do not actually improve security. The only way to make sure that content can be trusted is through authentication or by signing the message.
For instance: A client can easily fake any user agent, so unless the user agent contains a secret that is only shared with you and Mailgun, this does not improve security at all.
Or an ip address can easily be spoofed, so I can easily get around that firewall.