Security

Mailinator considers protecting customer data a top priority. We understand you are trusting us with your data and we take the responsibility of securing it very seriously.

Infrastructure

System Architecture

Mailinator's architecture is built to be secure and reliable. It is a multi-tier architecture where server-to-server communication occurs over a firewalled, private network. Access keys are rotated regularly and stored separate from code and data.

Data Centers

Our application is hosted and managed by Linode with the following certifications:

  • SOC 1 Type 2
  • SOC 2 Type 2
  • HIPAA Type 1
  • HITECH
  • PCI DSS
For more information, please see Linode's Security Page.

Site Continuity and Disaster Recover

Mailinator's architecture is built with fault tolerant capability. Each service is redundant with replication and failover.

Firewall and Encryption

Our servers are protected by Firewalls. The Mailinator web service is proxied through Cloudflare. All Mailinator web traffic is served over HTTPS. We force HTTPS for all web resources including our REST API. Our SMTP servers allow upgrading to TLS encryption.

Environments

Mailinator retains development and testing systems that are fully isolated from the production environment.

Data

Mailinator takes data security seriously. Public Email Domains (e.g. @mailinator.com) are intended as public domain data. There is no intended or implied privacy surrounding data sent to any Mailinator public domain. The public access of Mailinator's public domains is, in fact, the point of the usability of that service. In contrast, Subscribers to the Mailinator service receive a "Private Domain" (e.g. yourCompanyQATesting.com). Emails sent to a Subscriber's private domain are not public and only viewable by those subscribers.

Data Storage

Mailinator data stores are accessible only by servers that require access.

Backups

Mailinator conducts backups on a weekly and monthly basis. Hot backups are retained for one month. Off-net backups are retained for up to one year.

Logs

All sensitive information (including passwords, API keys, etc) is filtered from all server logs. Subscriber activity is logged and kept for 6 weeks. No user activity is logged in the Mailinator Public system.

Authentication

Passwords

We never store passwords in a form that can be retrieved. Mailinator stores an irreversible cryptographic hash using a function specifically designed for this purpose. Authentication sessions are invalidated when users change key information and sessions automatically expire after a period of inactivity.

Secure single sign on

Mailinator is enabled for secure single sign on (SSO) standards.

Monitoring

We monitor and rate limit authentication attempts on all accounts. Our system automatically blocklists any IP addresses responsible for suspicious authentication activity.

User Roles

We provide multiple user roles with different permissions levels within the product. Roles vary from account admins to users.

Policies

Incident Response

Mailinator has a defined protocol for responding to security events.

Security and Confidentiality

All employees are trained in Security procedures pertinent to their position. All employees sign confidentiality agreements with Manybrain (Mailinator).

PCI Compliance

All credit card payments paid to Mailinator/Manybrain go through our payment processing partner, Stripe. Details about their security posture and PCI compliance can be found at Stripe’s Security page.

SDLC

Mailinator conducts software development and updates through a system of standards and repeatable tests. Code pushes to production occur through a repeatable and automated process with immediate capability for reversion if necessary.


If you have any questions or concerns regarding the security of this site, please email us at: support@manybrain.com