Secure Email | ZeptoMail - Transactional Email Service

Enterprise standard compliance and security

Physical Security

The security of data centers and hardware is the first step towards ensuring a secure email experience. Our data centers are equipped with the best measures to prevent physical and logical breaches.

Data Centers

Our data centers are located across the US, Europe, China, and India. Servers are under 24/7 surveillance and protected by biometric authentication to ensure only authorized personnel can gain access. ZeptoMail's customer data is stored in undisclosed local data center locations to add an additional layer of security for you and your customers.

Hardware

ZeptoMail's hardware system is built with advanced technology that manages the storage and fetching of data seamlessly. We also maintain backup systems where data can be retrieved in the rare occurrence that a primary data center fails.

DOS and DDOS Control

DOS and DDOS attacks generate unusual traffic to cause denial of service to customers. ZeptoMail follows mitigation procedures that help overcome these attacks by monitoring traffic patterns and taking measures to avoid service disruption.

Email Data Protection

Transactional emails carry crucial information that is specific to your users. In order to ensure the protection of these emails, we have iron-clad verification and monitoring procedures in place. Every domain added in ZeptoMail must be verified.

SPF (Sender Policy Framework)

SPF verification is an important and mandatory step of verifying a domain in ZeptoMail. Adding an SPF record in your DNS authorizes ZeptoMail to send emails using the domain you have provided.

DKIM (DomainKeys Identified Mail)

Adding DKIM records is a part of domain verification in ZeptoMail. DKIM records use encryption and email signatures to verify that the emails sent from ZeptoMail have not been tampered with. Adding DKIM records helps to identify ZeptoMail as an authenticated sender so you can send emails without disruption.

DMARC (Domain-based Message Authentication Reporting and Conformance)

DMARC is an email validation system that authenticates emails by aligning SPF and DKIM. Based on the SPF and DKIM verifications, you will be able to publish DMARC for your ZeptoMail emails to help recipients handle unauthorized emails. It helps keep your sender reputation intact.

Spam rate monitoring

ZeptoMail verifies each new account to ensure that our customer's usage is compatible with our platform. Even after account creation, accounts are closely monitored for spam rates and appropriate usage to ensure there is no misuse of our service.

Data Encryption

Transactional emails often carry sensitive information. Email encryption ensures that this information is not accessible to anyone other than your intended recipients.

Encryption at Rest

Email logs are stored in ZeptoMail servers in an encrypted format, and the content of sent emails is not stored in ZeptoMail after the email has been delivered. ZeptoMail stores email logs for a period of 60 days only. This data is split into fragments that are encrypted further before being stored. The keys that are used for encryption are managed with the utmost safety and reliability.

Encryption in Transit

Data is encrypted when in transit, with ZeptoMail. This is to prevent others from intercepting or accessing your data en route. TLS is used while sending emails to your users. ZeptoMail SMTP supports TLS v1.2 to eliminate the limitations of previous versions. Specifically, ZeptoMail will support the version of encryption (up to TLS v1.2) that is available at the recipient end.

Secure Access

Guarding access to your ZeptoMail account and email sending is crucial to protecting your data. ZeptoMail has multiple lines of defense in place to ensure that your data is only accessible by you.

Two-Factor Authentication

Secure your account from unauthorized access with two-factor authentication. You can use Zoho OneAuth application, Touch ID, or even send codes to yourself as an extra layer of defense during login. In the unfortunate scenario where your password is compromised, TFA can still protect your account.

Single Sign-On

Multiple passwords entered in multiple places are just multiple ways in which your credentials can be compromised. Single Sign-On improves protection by giving you centralized access to all Zoho applications, including ZeptoMail. It not only ensures a seamless experience, but also reduces the risk of password compromise.

User-Level Permissions

Advanced user permissions help you manage which users have access to each of your email groups. You can also assign roles to each user to control the create, edit, view, and delete privileges for Mail Agents, domains, and more. This way, only the users you choose will get access to specific data.

LEARN MORE

IP Restrictions

ZeptoMail gives you the option to restrict the IPs from which your emails are sent. You can add IP addresses/ranges that are authorized for email sending. While users can access the account from any IP, email sending will only be allowed from the provided IPs.

LEARN MORE

Certificates and Compliance

ZeptoMail aims to facilitate reliable and secure transactional email sending. It was built with industry-grade standards and practices in mind. As a testimony to this, we sport multiple certifications and undergo regular audits.

Security Certificates

ZeptoMail routinely goes through external audits for quality assurance. ZeptoMail undergoes routine third-party audits for quality assurance in email security. Much like other Zoho applications, ZeptoMail is also compliant with ISO/IEC 27001:2013, 27017, 27701, 27018 and SOC 2 Type II.

GDPR Compliance

ZeptoMail is GDPR compliant. Any and all personal data provided by ZeptoMail's users is protected under the European Data Protection Regulation, enforced by the EU commission. ZeptoMail is and will always be ad-free. With user privacy in mind, your data will never be mined.

Activity Logs

Keeping track of what's happening in your ZeptoMail account or tracking down a particular action that was performed can be tedious. ZeptoMail's Activity Logs gives you an overview of every action performed in your account by each user along with the details of the action performed. Learn more

Secure and reliable transactional email service

Start for free

Transactional email security