We're experiencing difficulty. Our engineers are on it. Please check status.mailgun.com for real-time updates.

What Do I Do If My Mailgun Account Has Been Compromised?

If for any reason you believe your account has been compromised (suspicious behavior, unusual activity, etc.), or you receive a notification that your account has been disabled because it appears to have been compromised, make sure and reach out to our Support team via the Support tab of your Mailgun control panel right away.

However, we want to go ahead and get you a head start as to our standard procedures for compromises; the following is essentially just what we'll be asking to help rectify and re-secure your account:

Step 1. Reset your Mailgun private API key and expire any old keys.

If you're using the classic UI (options across the top, with a silver background), you can use the following instructions:

  • Click on your email address on the top-right corner of your Mailgun control panel.
  • Click Security.
  • Scroll down to find the API Keys section; both your Private and Public API keys will be located here.
  • Click on the refresh icon to reset API key. Make sure to refresh the page and click the X icon to immediately retire the former API key. Do this even if you don't usually send via API.

If you're using the beta UI (options displayed down the left-hand side on a dark column), use these instructions:

  • Click on Settings on the left-hand side of your the Mailgun dashboard.
  • Select the API Security from the menu below on the left-hand side.
  • On the following page, under the API Keys section, you'll see both your Private and Public API keys.
  • Click on the refresh icon to reset your API key. Make sure to refresh the page and click the X icon to immediately retire the former API key. Do this even if you don't usually send via API.

Step 2. Reset your Postmaster and Custom SMTP credentials for each domain 

If you're using the classic UI (options across the top, with a silver background), you can use the following instructions:

  • Click on Domains.
  • Select your specific domain (you'll do this for each domain). 
  • Under Domain Information, select Manage SMTP Credentials
  • Select the blue gear next to a credential, and click Edit Password. Enter a new password in the two given fields, and select Reset Password. Do this for each credential on each domain, even if you don't normally use SMTP for sending.

If you're using the beta UI (options displayed down the left-hand side on a dark column), use these instructions:

  • Click on Messages on the left-hand side of your the Mailgun dashboard.
  • On the following page, click on your specific domain.
  • On the following page, click on Settings, then click on SMTP Credentials.
  • To update the password, click Reset Password.
  • Confirm your password reset by clicking Reset Password in the pop-up.
  • NOTE: Your SMTP credential's new password will be displayed on the top-right corner within a green pop-up. Save this password, as it will not be exposed again

Step 3. Reset the password for each user that has access to the Mailgun account.

Use the following link to request a password reset email for each user on your account; keep in mind, the link you send yourself expires after 20 minutes: 

https://app.mailgun.com/recoveries/new 

Step 4. Enable Two-Factor Authentication for each user that has access to the Mailgun account.

Check out this article for the full set of steps needed to complete this task. 

Step 5. Reach out to us and let us know once all the above steps have been completed.

Once we can confirm that the above steps have all been satisfied, we can go ahead and re-enable your account to get you back up and running!

 

Note: We also strongly recommend reaching out to your hosting server provider, as well as referring to any public repositories that you have, to be sure that this compromise is isolated to just your Mailgun account. 


If any questions arise along the way, and you haven't already, feel free to contact our Support team via the Support tab in your Mailgun control panel!

Getting Started Sending Mail Receiving Mail Deliverability & Reputation Email Tracking Troubleshooting
Powered by Zendesk