For an update to security incidents, please see information on the bottom of the page!
Here at Mailgun we take security and privacy seriously. On this Security Status Page you can find an overview of our internal security program. You can also request access to our audit reports and security policies for review,
Send us a note at firstname.lastname@example.org if you have any additional questions.
Trust Center Updates
2023 Pentest now availableGeneralCopy link
We recently received our 2023 Penetration Tests from our third party provider Doyensec for Sinch Mailgun, Sinch Mailjet, and Sinch Email On Acid. The reports themselves can be accessed directly from the security portal.
Citrix Netscaler Vulnerability (CVE-2023-4966)VulnerabilitiesCopy link
Sinch Mailgun is aware of the recent Citrix Vulnerability (CVE-2023-4966) involving Netscaler. We have evaluated our systems and we are not impacted by the vulnerability mentioned or the relating vulnerabilities in the Citrix article. The confidentiality, integrity, and availability of our systems remain unharmed.
Okta BreachVulnerabilitiesCopy link
Sinch Mailgun is aware of the recent Okta security breach. We want our customers to know that we have not been made aware of any impact from this breach. The confidentiality, integrity, and availability of our systems remain unharmed.
CVE-2023-4863 Libwebp Zero Day VulnerabilityVulnerabilitiesCopy link
Sinch Mailgun is aware of the security vulnerability (CVE-2023-4863) involving a widely used image format known as WebP. Sinch Mailgun is actively investigating to identify any and all areas where we may be leveraging the vulnerable versions of this library and implementing remediations where necessary. As of now our investigations have revealed no indications of compromise.
Data Privacy FrameworkComplianceCopy link
Mailgun Technologies, Inc., US company, part of the Sinch group, has submitted its self-certification application and is awaiting the response on the DPF. Given the large number of applications, the Dept of Commerce is taking more than anticipated in reviewing them. Please continue to check the active list of certified companies to see our company registered. In any event, we will continue to adhere to the strictest standards of data privacy and continue to maintain adequate and supplemental technical and organizational measures for any and all transfers to and from the US and EU.
Mailgun Technologies, Inc. is currently evaluating its participation and self-certification into the Data Privacy Framework. Please note that the self-certification is voluntary, and the Data Privacy Framework applies nonetheless since July 10, 2023. We will continue to adhere to the strictest of standards of data privacy and continue to maintain adequate and supplemental technical and organizational measures for any transfers to and from the US and EU.
2023 ISO Certificates and SOC 2 Reports now availableComplianceCopy link
We recently received our completed 2023 SOC 2 reports, ISO 27001 and ISO 27701 certifications for Sinch Mailgun, Sinch Mailjet, and Sinch Email On Acid. The reports themselves can be accessed directly from the security portal.
MOVEit Vulnerability ImpactVulnerabilitiesCopy link
Recently, our security team became aware of the news surrounding a high impact MOVEit vulnerability. Reputable threat intelligence sources have reported that this incident impacts customers of this solution: https://www.securityweek.com/moveit-customers-urged-to-patch-third-critical-vulnerability/.
We want our customers to know that Sinch Email (Mailgun/Mailjet/EOA/InboxReady) has not been impacted by this vulnerability.
We do not leverage this technology/software within our product and therefore the confidentiality, integrity, and availability of our systems remain unharmed.
Mailgun's Response to the 2022 OpenSSL 3 VulnerabilitiesIncidentsCopy link
Mailgun's Response to the 2022 OpenSSL 3 Vulnerabilities
After careful review of our infrastructure, the Mailgun team has determined that we are not currently vulnerable to the OpenSSL 3 vulnerabilities CVE-2022-3602 and CVE-2022-3786 that were disclosed on November 1, 2022. As a helpful resource, you can use this page to determine if certain widely used software in your environment is affected or unaffected: https://github.com/NCSC-NL/OpenSSL-2022/blob/main/software/README.md
Thanks and please reach out with any questions.