Trust Center

Start your security review
View & download sensitive information
Ask for information
Search items
ControlK

For an update to security vulnerabilities please see information on the bottom of the page!

Here at Sinch Email (Mailgun, Mailjet and Email On Acid) we take security and privacy seriously. On this Security Status Page you can find an overview of our internal security program. You can also request access to our audit reports and security policies for review.

Send us a note at security@mailgun.com if you have any additional questions.

Start your security review
View & download sensitive information
Ask for information
HIPAA

Trust Center Updates

2024 ISO27001 and ISO27701 Certificates now available for Mailgun Technologies Inc.

ComplianceCopy link

Updated ISO27001 and ISO27701 Certificates for Mailgun Technologies Inc. are now available for download on the Trust Center.

Published at N/A

CISA Alert - Snowflake

VulnerabilitiesCopy link

We have reviewed our Snowflake instances to ensure MFA is implemented as recommended and investigations have revealed no indication of compromise.

Published at N/A

Sinch Mailgun is aware of CISA Alert Snowflake Recommends Customers Take Steps to Prevent Unauthorized Access. We are actively investigating all instances following Snowflakes recommendation to query for unusual activity and conduct further analysis to prevent unauthorized user access. As of now our investigations have revealed no indications of compromise.

Published at N/A

CVE-2024-3094 and XZ Upstream Supply Chain Attack

VulnerabilitiesCopy link

We have conducted a thorough review of our systems, leveraging multiple security tools and have determined that, currently, none of our systems are affected by CVE-2024-3094.

Should you have any further questions or concerns regarding our security posture or the CVE-2024-3094 vulnerability, please do not hesitate to contact us.

Published at N/A

2023 Pentest now available

GeneralCopy link

We recently received our 2023 Penetration Tests from our third party provider Doyensec for Sinch Mailgun, Sinch Mailjet, and Sinch Email On Acid. The reports themselves can be accessed directly from the security portal.

Published at N/A

Citrix Netscaler Vulnerability (CVE-2023-4966)

VulnerabilitiesCopy link

Sinch Mailgun is aware of the recent Citrix Vulnerability (CVE-2023-4966) involving Netscaler. We have evaluated our systems and we are not impacted by the vulnerability mentioned or the relating vulnerabilities in the Citrix article. The confidentiality, integrity, and availability of our systems remain unharmed.

Published at N/A

Okta Breach

VulnerabilitiesCopy link

Sinch Mailgun is aware of the recent Okta security breach. We want our customers to know that we have not been made aware of any impact from this breach. The confidentiality, integrity, and availability of our systems remain unharmed.

Published at N/A

CVE-2023-4863 Libwebp Zero Day Vulnerability

VulnerabilitiesCopy link

Sinch Mailgun is aware of the security vulnerability (CVE-2023-4863) involving a widely used image format known as WebP. Sinch Mailgun is actively investigating to identify any and all areas where we may be leveraging the vulnerable versions of this library and implementing remediations where necessary. As of now our investigations have revealed no indications of compromise.

Published at N/A

Data Privacy Framework

ComplianceCopy link

Mailgun Technologies, Inc., US company, part of the Sinch group, has submitted its self-certification application and is awaiting the response on the DPF. Given the large number of applications, the Dept of Commerce is taking more than anticipated in reviewing them. Please continue to check the active list of certified companies to see our company registered. In any event, we will continue to adhere to the strictest standards of data privacy and continue to maintain adequate and supplemental technical and organizational measures for any and all transfers to and from the US and EU.

Published at N/A

Mailgun Technologies, Inc. is currently evaluating its participation and self-certification into the Data Privacy Framework. Please note that the self-certification is voluntary, and the Data Privacy Framework applies nonetheless since July 10, 2023. We will continue to adhere to the strictest of standards of data privacy and continue to maintain adequate and supplemental technical and organizational measures for any transfers to and from the US and EU.

Published at N/A

2023 ISO Certificates and SOC 2 Reports now available

ComplianceCopy link

We recently received our completed 2023 SOC 2 reports, ISO 27001 and ISO 27701 certifications for Sinch Mailgun, Sinch Mailjet, and Sinch Email On Acid. The reports themselves can be accessed directly from the security portal.

Published at N/A

MOVEit Vulnerability Impact

VulnerabilitiesCopy link

Recently, our security team became aware of the news surrounding a high impact MOVEit vulnerability. Reputable threat intelligence sources have reported that this incident impacts customers of this solution: https://www.securityweek.com/moveit-customers-urged-to-patch-third-critical-vulnerability/.

We want our customers to know that Sinch Email (Mailgun/Mailjet/EOA/InboxReady) has not been impacted by this vulnerability.

We do not leverage this technology/software within our product and therefore the confidentiality, integrity, and availability of our systems remain unharmed.

Published at N/A*

Mailgun's Response to the 2022 OpenSSL 3 Vulnerabilities

IncidentsCopy link

Mailgun's Response to the 2022 OpenSSL 3 Vulnerabilities

After careful review of our infrastructure, the Mailgun team has determined that we are not currently vulnerable to the OpenSSL 3 vulnerabilities CVE-2022-3602 and CVE-2022-3786 that were disclosed on November 1, 2022. As a helpful resource, you can use this page to determine if certain widely used software in your environment is affected or unaffected: https://github.com/NCSC-NL/OpenSSL-2022/blob/main/software/README.md

Thanks and please reach out with any questions.

Published at N/A

If you think you may have discovered a vulnerability, please send us a note.

Powered bySafeBase Logo