Cloud Email Security at SparkPost

Irina Doliov
Feb. 22, 2016 by Irina Doliov

security at SparkPost

Continuing on my new years resolution to share what I’ve learned and put those learnings into practice, I thought I’d dig into the subject of security. One of the things that I learned was that security is very important for everyone, but particularly for customers who are moving away from hosting their own infrastructure and entrusting their assets to a cloud provider. The learning is clear — but putting it into practice is the next step.

As it happens, a large number of features that we’ve rolled out over the past six months were, in fact, security related. This includes:

  • Adding a maximum number of log-in attempts before the system times out.
  • Two-Factor Authentication.
  • Whitelisting API Keys allowed to inject messages.
  • Implementing OAuth2 for Webhooks.
  • Adding an option for Single Sign On (SSO) on SparkPost Elite accounts.
  • Adding Roles-based access controls, more specifically a Reporting-Only role.

And those are just the customer-facing ones. We were looking at our overall cloud email security practices, even before hiring Steven Murray, our CISOAnd he’s making changes — features, internal functionality, processes — to make sure security continues to be a high priority. For example, we’ve instituted intrusion detection to make sure we’re keeping our systems locked down.

The things we recommend our customers do to improve cloud email security when using SparkPost:

  • Use strong passwords!
  • Make sure every user enables Two-Factor Authentication when accessing the SparkPost account. This is the single biggest deterrent from attempts to hack into your account and it’s easy to do.
  • Assign roles to your users. If all they’re doing is looking at reports, then making them a Reporting-Only user.
  • Make sure to change the password on any shared accounts on a regular basis.
  • Set up your engagement tracking domains as https (Elite accounts).

Looking ahead, we will be adding support for more Single Sign On identity providers, rotation of DKIM keys, and continually looking at how we store and access data without impacting performance. 

What are your most pressing security concerns? 

Irina, Cloud Queen

Email Security Cloud Blog Footer

Related Content

5 Tips For Writing Email Notification Subject Lines That Stand Out

Check out our five tips on how to write effective subject lines that will help drive user activity and engagement with your app.

read more

How To Send Faxes Via Email Using SparkPost, Twilio & Cloudinary

It’s time to ditch the old fashioned fax machine! Learn how to send faxes via email using the SparkPost API, Twilio, and Cloudinary.

read more

Zapier Integration Connects SparkPost With 1000 Web Tools

We now connect with over 1000 web tools, thanks to our integration with Zapier! Learn how to incorporate SparkPost and Zapier into your workflow today.

read more

Get started and start sending

Try SparkPost and see how easy it is to deliver your app’s email on time and to the inbox.

Try Free

Send this to a friend