We're experiencing difficulty. Our engineers are on it. Please check status.mailgun.com for real-time updates.

Can I private label the Mailgun SMTP hostname?

Article Preview


    It is possible to relabel/private label (i.e. mask or hide) Mailgun's SMTP hostname (i.e. server name) to values other than smtp.mailgun.org (US region) or smtp.eu.mailgun.org (EU region) through the creation of a CNAME record.

    However, we do not recommend this configuration due to a flaw inherent in such an approach.


    Understanding the context


    Setting the scene

    Sometimes companies prefer to hide third-party services from their customers.  While rarely inquired, once-in-a-while a company using Mailgun would prefer to hide the Mailgun brand from their customers. This process of achieving this goal of hiding a third-party service is called relabeling or private labeling

    This process utilizes a CNAME record configured within the DNS settings of your sending domain. The record's value points to one of the region-specific, Mailgun SMTP hostnames.  However, there is an important caveat to be aware of before deciding to implement this configuration.


    Discerning the nuance

    The caveat is that connections from the device sending the email to Mailgun must be unencrypted when relying upon this approach.  It does not apply to connections from Mailgun to a receiving email server. 

    The SSL certificates for encrypted connections on our servers are configured for *.mailgun.org  What this means is any encrypted connection over our allowed ports (i.e. 25, 465, 587, and 2525) will fail due to a mismatch between your hostname and *.mailgun.org

    To reiterate, the above concerns only connections from the sending device to Mailgun's servers. 

    After Mailgun receives and processes any requests received through those connections, then Mailgun establishes opportunistic TLS connections (by default) from Mailgun's servers to a recipient's email server.  For more information concerning this behavior and how to adjust it, please see our Mailgun documentation.


    Implementing the solution


    Adding the CNAME record

    While the process for creating a CNAME varies among DNS providers, creating this CNAME is no different procedurally than creating any other CNAME within your particular DNS provider's system.  

    The record's hostname would be the (sub)domain that you would like your customers to use in their SMTP applications. The record's value will need to point to the region where your Mailgun domain exists: either smtp.mailgun.org for domains created in the US or smtp.eu.mailgun.org for domains created in the EU.  


    Configuring the SMTP application

    Your customers' SMTP applications would need to use one of these ports (25, 587, or 2525) with no encryption selected. Further, the SMTP hostname field in the application would use the hostname of your (sub)domain's new CNAME record.

    As a note: under ordinary circumstances (i.e. not the exceptional circumstance explored by this article), port 465 requires TLS while ports 25, 587, and 2525 allow either a non-TLS connection or a connection upgraded to TLS by use of the STARTTLS command.


    Need Support?

    Our Support Team here at Sinch Mailgun is happy to help! Reach out to us in the Support section of your Mailgun Control Panel, and we'll be with you shortly!