Cloud Email Security at SparkPost

Irina Doliov
Feb. 22, 2016 by Irina Doliov

security at SparkPost

Continuing on my new years resolution to share what I’ve learned and put those learnings into practice, I thought I’d dig into the subject of security. One of the things that I learned was that security is very important for everyone, but particularly for customers who are moving away from hosting their own infrastructure and entrusting their assets to a cloud provider. The learning is clear — but putting it into practice is the next step.

As it happens, a large number of features that we’ve rolled out over the past six months were, in fact, security related. This includes:

  • Adding a maximum number of log-in attempts before the system times out.
  • Two-Factor Authentication.
  • Whitelisting API Keys allowed to inject messages.
  • Implementing OAuth2 for Webhooks.
  • Adding an option for Single Sign On (SSO) on SparkPost Elite accounts.
  • Adding Roles-based access controls, more specifically a Reporting-Only role.

And those are just the customer-facing ones. We were looking at our overall cloud email security practices, even before hiring Steven Murray, our CISOAnd he’s making changes — features, internal functionality, processes — to make sure security continues to be a high priority. For example, we’ve instituted intrusion detection to make sure we’re keeping our systems locked down.

The things we recommend our customers do to improve cloud email security when using SparkPost:

  • Use strong passwords!
  • Make sure every user enables Two-Factor Authentication when accessing the SparkPost account. This is the single biggest deterrent from attempts to hack into your account and it’s easy to do.
  • Assign roles to your users. If all they’re doing is looking at reports, then making them a Reporting-Only user.
  • Make sure to change the password on any shared accounts on a regular basis.
  • Set up your engagement tracking domains as https (Elite accounts).

Looking ahead, we will be adding support for more Single Sign On identity providers, rotation of DKIM keys, and continually looking at how we store and access data without impacting performance. 

What are your most pressing security concerns? 

Irina, Cloud Queen

Email Security Cloud Blog Footer

Share your Thoughts

Your email address will not be published.

Related Content

Lead On Leave: Our Parental Leave Policy

Parental leave is essential for a good work/life balance. Learn three reasons why we value it at SparkPost and why your company should too!

read more

Getting Started with SparkPost in Java

A quick and easy guide on how to use the SparkPost Java Client Library to integrate with SparkPost to allow users to send emails faster.

read more

Meet Preeya: Our New Social Media Manager

Meet our new Social Media Manager Preeya. Learn about her background in social media and what she has in store for the role.

read more

Start sending email in minutes!

The world’s most powerful email delivery solution is now yours in a developer-friendly, quick to set up cloud service. Open a SparkPost account today and get started for free.

Get Started

Send this to a friend