Security for your transactional emails at every step!
Your user's action on your application or website triggers a transactional email.
- Data storage security
- Email security
- In-transit security
- Security settings
Data storage security
The first and foremost need of security is in how your email and associated data is stored by ZeptoMail.
Our data centers are located across the US, Europe, China, and India. Servers are under 24/7 surveillance and protected by biometric authentication to ensure only authorized personnel can gain access. ZeptoMail’s customer data is stored in undisclosed local data center locations to add an additional layer of security for you and your customers.
ZeptoMail’s hardware system is built with advanced technology that manages the storage and fetching of data seamlessly. We also maintain backup systems where data can be retrieved in the rare occurrence that a primary data center fails.
DOS & DDOS control
DOS and DDOS attacks generate unusual traffic to cause denial of service to customers. ZeptoMail follows mitigation procedures that help overcome these attacks by monitoring traffic patterns and taking measures to avoid service disruption.
Encryption at rest
Email logs and content are stored in ZeptoMail servers in an encrypted format. ZeptoMail stores email logs and the content for a specific period only. This data is split into fragments that are encrypted further before being stored. The keys that are used for encryption are managed with the utmost safety and reliability.
The next step is to protect your email before sending it out to your recipient. Email security protocols in ZeptoMail ensure that your email and your sender reputation are well-protected against unauthorized persons.
SPF verification is an important and mandatory step of verifying a domain in ZeptoMail. Adding an SPF record in your DNS authorizes ZeptoMail to send emails using the domain you have provided.
Adding DKIM records is a part of domain verification in ZeptoMail. DKIM records use encryption and email signatures to verify that the emails sent from ZeptoMail have not been tampered with. Adding DKIM records helps to identify ZeptoMail as an authenticated sender so you can send emails without disruption.
DMARC is an email validation system that authenticates emails by aligning SPF and DKIM. Based on the SPF and DKIM verifications, you will be able to publish DMARC for your ZeptoMail emails to help recipients handle unauthorized emails. It helps keep your sender reputation intact.
ZeptoMail verifies each new account to ensure that our customer’s usage is compatible with our platform. Even after account creation, accounts are closely monitored for spam rates and appropriate usage to ensure there is no misuse of our service.
And finally, while sending the email out to your recipients, we ensure that it’s through safe and secure channels.
Data is encrypted when in transit, with ZeptoMail. This is to prevent others from intercepting or accessing your data en route. TLS is used while sending emails to your users. ZeptoMail SMTP supports TLS v1.2 to eliminate the limitations of previous versions. Specifically, ZeptoMail will support the version of encryption (up to TLS v1.2) that is available at the recipient end.
Security controls in your hands
The security of data centers and hardware is the first step towards ensuring a secure email experience. Our data centers are equipped with the best measures to prevent physical and logical breaches.
Secure your account from unauthorized access with two-factor authentication. You can use Zoho OneAuth application, touch ID, or even send codes to yourself as an extra layer of defense during login.
Multiple passwords entered in different places are just multiple ways in which your credentials can be compromised. Single Sign-On gives you centralized access to all Zoho applications, including ZeptoMail. It not only ensures a seamless experience, but also reduces the risk of password compromise.
User level data access
Advanced user permissions help you manage which users have access to each of your email groups. You can also assign roles to each user to control the create, edit, view, and delete privileges for Mail Agents, domains, and more. This way, only the users you choose will get access to specific data.
ZeptoMail gives you the option to restrict the IPs from which your emails are sent. You can add IP addresses/ranges that are authorized for email sending. While users can access the account from any IP, email sending will only be allowed from the provided IPs.
Keeping track of what's happening in your ZeptoMail account or tracking down a particular action that was performed can be tedious. ZeptoMail's activity logs gives you an overview of every action performed in your account by each user along with the details of the action performed.
With all the above security measures in place, your email reaches your customer's inbox safely.