Cloud Email Security at SparkPost

Irina Doliov
Feb. 22, 2016 by Irina Doliov

security at SparkPost

Continuing on my new years resolution to share what I’ve learned and put those learnings into practice, I thought I’d dig into the subject of security. One of the things that I learned was that security is very important for everyone, but particularly for customers who are moving away from hosting their own infrastructure and entrusting their assets to a cloud provider. The learning is clear — but putting it into practice is the next step.

As it happens, a large number of features that we’ve rolled out over the past six months were, in fact, security related. This includes:

  • Adding a maximum number of log-in attempts before the system times out.
  • Two-Factor Authentication.
  • Whitelisting API Keys allowed to inject messages.
  • Implementing OAuth2 for Webhooks.
  • Adding an option for Single Sign On (SSO) on SparkPost Elite accounts.
  • Adding Roles-based access controls, more specifically a Reporting-Only role.

And those are just the customer-facing ones. We were looking at our overall cloud email security practices, even before hiring Steven Murray, our CISOAnd he’s making changes — features, internal functionality, processes — to make sure security continues to be a high priority. For example, we’ve instituted intrusion detection to make sure we’re keeping our systems locked down.

The things we recommend our customers do to improve cloud email security when using SparkPost:

  • Use strong passwords!
  • Make sure every user enables Two-Factor Authentication when accessing the SparkPost account. This is the single biggest deterrent from attempts to hack into your account and it’s easy to do.
  • Assign roles to your users. If all they’re doing is looking at reports, then making them a Reporting-Only user.
  • Make sure to change the password on any shared accounts on a regular basis.
  • Set up your engagement tracking domains as https (Elite accounts).

Looking ahead, we will be adding support for more Single Sign On identity providers, rotation of DKIM keys, and continually looking at how we store and access data without impacting performance. 

What are your most pressing security concerns? 

Irina, Cloud Queen

Email Security Cloud Blog Footer

Related Content

5 Best Practices for Security Notifications

Learn the 5 best practices for security notification emails that product teams can use to build user trust and confidence.

read more

SparkPost Available in AWS Marketplace

Learn how the launch of SparkPost on AWS Marketplace makes it even easier for AWS customers to integrate SparkPost into their cloud applications.

read more

Community Spotlight: Maximize Learning with Megafind

Learn how winners of the Cal Hacks 4.0 hackathon are revolutionizing the concept of taking lecture notes and studying with their application, Megafind.

read more

Start sending email in minutes!

The world’s most powerful email delivery solution is now yours in a developer-friendly, quick to set up cloud service. Open a SparkPost account today and get started for free.

Get Started

Send this to a friend