Overview
Our platform supports sending emails on behalf of customer domains using industry-standard security practices and trusted third-party infrastructure. This ensures emails sent from your system are authenticated, secure, and delivered reliably while protecting your domain from spoofing or unauthorized use.
This article outlines how email delivery works, the authentication methods we support, and the security practices used to protect email communications.
What’s Covered in This Article
- Email Infrastructure
- Domain Authentication (SPF, DKIM, DMARC)
- Access Controls
- Credential Security
- Monitoring and Logging
- Third-Party Security
Email Infrastructure
Outbound email delivery is handled through Brevo (formerly Sendinblue), a widely used transactional email service provider.
All email transmissions are sent over encrypted TLS connections, ensuring that email data is securely transmitted between systems and mail servers.
Using a dedicated transactional email provider improves:
- Email deliverability
- Reliability
- Security
- Monitoring and logging capabilities
Domain Authentication
To ensure trusted email delivery and prevent spoofing, we support standard domain authentication mechanisms.
These authentication methods verify that emails sent on behalf of your domain are authorized and cryptographically signed.
Supported Authentication Methods
| Authentication Method | Purpose |
|---|---|
| SPF (Sender Policy Framework) | Confirms which mail servers are allowed to send email on behalf of your domain |
| DKIM (DomainKeys Identified Mail) | Adds a cryptographic signature to emails to verify authenticity |
| DMARC (Domain-based Message Authentication, Reporting & Conformance) | Provides policy and reporting for SPF and DKIM authentication |
These authentication methods help:
- Prevent email spoofing
- Improve email deliverability
- Ensure recipient mail servers trust your emails
Access Controls
Email sending permissions are controlled and restricted for security.
- Send-as permissions are configured per customer domain
- Only authorized domains are allowed to send emails
- Internal system access is restricted to authorized personnel
- Production environments are protected using role-based access controls
These controls ensure that only authorized users and systems can send emails on behalf of your domain.
Credential Security
Email credentials and API keys are handled securely using industry best practices.
- Credentials and API keys are stored securely
- Sensitive configuration values are not stored in application code
- Secure system environments are used for configuration storage
- Access to credentials is restricted to authorized systems and personnel only
Monitoring and Logging
Email activity is logged for operational monitoring and traceability.
This includes:
- Email delivery events
- System access logs
- Operational monitoring logs
These logs allow system administrators to review activity if troubleshooting or auditing is required.
Third-Party Security
Our email delivery provider, Brevo, maintains its own security and compliance posture as an enterprise email delivery provider.
Additional details regarding Brevo’s security practices can be provided upon request.
While we do not currently maintain SOC 2 certification, we follow industry-standard best practices for:
- Secure communications
- Access management
- Credential protection
- System monitoring
- Role-based access controls
If your security or IT team requires additional technical information, we are happy to provide further clarification.
Summary
Our email system is designed to ensure secure, authenticated, and reliable email delivery using industry-standard authentication protocols and secure infrastructure. By implementing SPF, DKIM, and DMARC along with secure credential management and access controls, we help protect your domain and ensure trusted email communication with your customers.