Email security is a huge priority here at SMTP2GO, which is why we’re constantly evolving our protocols to keep your content safe and secure.
Here’s a breakdown of some of our security features, so you can rest assured that your emails are in the best hands.
TLS / SSL
When sending through our servers, we give you the option to send using TLS or SSL encryption. If you choose to send using SSL, it adds an extra layer onto your emails during sending so that the content cannot be read or edited. TLS is a more updated version and allows you to safely connect to non-secure ports, such as 2525, 8025, 587 and 25. If given the choice, we always recommend TLS. With TLS we always choose the highest encryption rate that the recipient mail server allows.
Several months ago, some of our customers received a sophisticated phishing email purporting to be from SMTP2GO. The hackers had gleaned from a handful of domains’ SPF records that they were sending their emails through our servers. In order to reduce the risk of similar attacks from happening again in the future, we immediately changed our SPF and DKIM policy to protect the identity of any clients using our servers. Now, instead of updating your SPF and DKIM records to add an entry for SMTP2GO, we provide personalized subdomains for you to add as CNAMES in your DNS settings through your “Verifed Senders” page. It’s safer, and more straight forward. If you have already got an entry for SMTP2GO in your SPF record, we recommend removing it.
We don’t store your emails – unless you want us to
By default we don’t store the body of emails sent through our servers. First of all, that’s a lot of information to store and, secondly, we have no reason to keep your content. That’s why, on your Activity page, you can see the headers and basic information for each email, but not the body content. However, if you would like us to store this for you, you can enable “Email Archiving” where we can store your emails from 1-5 years.
Multiple forms of authentication
In order to meet the needs of thousands of devices and mailing programs worldwide, we have created multiple forms of authentication so that you can safely send through your account, ensuring that no one else can. Alongside the basic username and password authentication, we also offer IP Authentication and Address Authentication (for paid plans only). With IP Authentication enabled, only emails sent from your fixed IP address will be processed by our servers. With Address Authentication, only the email addresses listed will have permission to send via your account.
Alongside your regular form of authentication, if you’d like to ensure that only specific domains or email addresses be allowed to send via your account, you can enable “Restrict Senders“. From this page, you can restrict sending to a list of email addresses or domains, or alternatively you can block certain email addresses and domains.
For many of users, especially those concerned with GDPR, server location is crucial. This is why we have multiple inbound and outbound servers spread across the globe. By distributing them in this manner, it means that your emails will be sent through the server closest to you, so your emails don’t need to leave your region.