For an update to security vulnerabilities please see information on the bottom of the page!
Here at Sinch Email (Mailgun, Mailjet and Email On Acid) we take security and privacy seriously. On this Security Status Page you can find an overview of our internal security program. You can also request access to our audit reports and security policies for review.
Send us a note at security@mailgun.com if you have any additional questions.
Trust Center Updates
2024 ISO27001 and ISO27701 Certificates now available for Mailgun Technologies Inc.
ComplianceCopy linkUpdated ISO27001 and ISO27701 Certificates for Mailgun Technologies Inc. are now available for download on the Trust Center.
We have reviewed our Snowflake instances to ensure MFA is implemented as recommended and investigations have revealed no indication of compromise.
Sinch Mailgun is aware of CISA Alert Snowflake Recommends Customers Take Steps to Prevent Unauthorized Access. We are actively investigating all instances following Snowflakes recommendation to query for unusual activity and conduct further analysis to prevent unauthorized user access. As of now our investigations have revealed no indications of compromise.
We have conducted a thorough review of our systems, leveraging multiple security tools and have determined that, currently, none of our systems are affected by CVE-2024-3094.
Should you have any further questions or concerns regarding our security posture or the CVE-2024-3094 vulnerability, please do not hesitate to contact us.
We recently received our 2023 Penetration Tests from our third party provider Doyensec for Sinch Mailgun, Sinch Mailjet, and Sinch Email On Acid. The reports themselves can be accessed directly from the security portal.
Sinch Mailgun is aware of the recent Citrix Vulnerability (CVE-2023-4966) involving Netscaler. We have evaluated our systems and we are not impacted by the vulnerability mentioned or the relating vulnerabilities in the Citrix article. The confidentiality, integrity, and availability of our systems remain unharmed.
Sinch Mailgun is aware of the recent Okta security breach. We want our customers to know that we have not been made aware of any impact from this breach. The confidentiality, integrity, and availability of our systems remain unharmed.
Sinch Mailgun is aware of the security vulnerability (CVE-2023-4863) involving a widely used image format known as WebP. Sinch Mailgun is actively investigating to identify any and all areas where we may be leveraging the vulnerable versions of this library and implementing remediations where necessary. As of now our investigations have revealed no indications of compromise.
Mailgun Technologies, Inc., US company, part of the Sinch group, has submitted its self-certification application and is awaiting the response on the DPF. Given the large number of applications, the Dept of Commerce is taking more than anticipated in reviewing them. Please continue to check the active list of certified companies to see our company registered. In any event, we will continue to adhere to the strictest standards of data privacy and continue to maintain adequate and supplemental technical and organizational measures for any and all transfers to and from the US and EU.
Mailgun Technologies, Inc. is currently evaluating its participation and self-certification into the Data Privacy Framework. Please note that the self-certification is voluntary, and the Data Privacy Framework applies nonetheless since July 10, 2023. We will continue to adhere to the strictest of standards of data privacy and continue to maintain adequate and supplemental technical and organizational measures for any transfers to and from the US and EU.
We recently received our completed 2023 SOC 2 reports, ISO 27001 and ISO 27701 certifications for Sinch Mailgun, Sinch Mailjet, and Sinch Email On Acid. The reports themselves can be accessed directly from the security portal.
Recently, our security team became aware of the news surrounding a high impact MOVEit vulnerability. Reputable threat intelligence sources have reported that this incident impacts customers of this solution: https://www.securityweek.com/moveit-customers-urged-to-patch-third-critical-vulnerability/.
We want our customers to know that Sinch Email (Mailgun/Mailjet/EOA/InboxReady) has not been impacted by this vulnerability.
We do not leverage this technology/software within our product and therefore the confidentiality, integrity, and availability of our systems remain unharmed.
Mailgun's Response to the 2022 OpenSSL 3 Vulnerabilities
After careful review of our infrastructure, the Mailgun team has determined that we are not currently vulnerable to the OpenSSL 3 vulnerabilities CVE-2022-3602 and CVE-2022-3786 that were disclosed on November 1, 2022. As a helpful resource, you can use this page to determine if certain widely used software in your environment is affected or unaffected: https://github.com/NCSC-NL/OpenSSL-2022/blob/main/software/README.md
Thanks and please reach out with any questions.
If you think you may have discovered a vulnerability, please send us a note.