MailSlurp is cloud hosted software as a service. This document outlines our security policies and procedures.

What is MailSlurp?

MailSlurp is an email and SMS testing and development platform. It can be used to send and receive email and SMS messages from software applications. It is used by developers and quality assurance teams to test and develop software applications and build powerful automations.

What does MailSlurp consist of?

MailSlurp is made up of a number of components. These include:

  • A web application for managing email accounts and sending and receiving email and SMS messages.
  • An backend for managing data via a REST API.
  • Mailservers using IMAP and SMTP to send and receive email.
  • A database for storing customer data.
  • A website for marketing and support.

Where is MailSlurp hosted?

MailSlurp is hosted on the AWS Cloud in the us-west-2 region. This region is located in Oregon, USA. The AWS Cloud is a secure cloud services platform that offers compute power, database storage, content delivery and other functionality to help businesses scale and grow. All applications and data are hosted on AWS using security best practices.

Security procedures

MailSlurp uses a number of security procedures to ensure that customer data is secure. These include:

Authentication

MailSlurp uses a number of authentication mechanisms to ensure that only authorised users can access the platform. These include:

  • TLS/SSL secure HTTPs API endpoints
  • SAML 2.0 Single Sign On user management
  • Federated OAuth 2.0 user management

Enterprise teams can manage user sign-in and access using their own identity provider. This allows them to control access to the platform using their own security policies. Enterprise customers have their own login page and can manage their own users and permissions.

Data security

MailSlurp user data is stored in a secure database hosted by AWS RDS. All data is encrypted at rest using AES-256 encryption. All data is encrypted in transit using TLS/SSL encryption. All data is backed up daily and stored in a secure location managed by AWS security teams. Email and SMS content is stored securely in AWS S3.

Network security

MailSlurp uses a number of network security procedures to ensure that customer data is secure. These include:

  • Secure VPN access to AWS resources
  • Public and private subnets for applications and data
  • Network ACLs to control access to resources

Risk management

MailSlurp uses a number of risk management procedures to ensure that customer data is secure. These include:

  • Regular security audits
  • Regular penetration testing
  • Regular security training for staff
  • Regular security reviews of third party services
  • Regular security reviews of AWS services
  • Regular security reviews of application code
  • Regular security reviews of application dependencies
  • Regular security reviews of application architecture
  • Regular security reviews of application data flows

Incident response

MailSlurp uses a number of incident response procedures to ensure that customer data is secure. These include:

  • Updating affected customers within 72 hours of a security incident
  • Providing affected customers with a detailed report of the incident
  • Providing affected customers with a detailed report of the remediation
  • Providing affected customers with a detailed report of the prevention

Compliance

MailSlurp is a european company and complies with GDPR privacy protocols.

Security contact

If you have any questions about MailSlurp security please contact us at contact@mailslurp.dev.