Security

Security controls built for production email operations

MailsSetu is designed for transactional email infrastructure, not generic blast tooling. The platform’s trust model centers on authenticated domains, server-side credentials, signed webhooks, and operational safeguards that operators can actually inspect.

Credential safety

API keys are scoped, rotatable, and intended for server-side use. Session cookies, CSRF protection, and key hashing reduce accidental exposure paths.

Domain trust

Verified sending domains, DKIM guidance, SPF guidance, and DMARC-aware onboarding keep production delivery grounded in authenticated infrastructure.

Signed events

Webhook deliveries are signed and replay-aware so operators can verify source authenticity before acting on event data.

Operational controls

Rate limits, quota enforcement, event logs, provider-aware suppression handling, and billing checks help protect both users and the platform.

What MailsSetu expects before a live send

  • Use a verified sending domain and complete the recommended DKIM, SPF, and DMARC setup steps.
  • Keep live API keys on trusted server infrastructure only. Sandbox keys are available for dry runs and integration checks.
  • Verify webhook signatures before accepting event payloads into internal tooling or workflows.
  • Separate transactional traffic from lower-quality communication flows so reputation remains easier to defend and troubleshoot.

Report and review

Need help with a domain, webhook, or account security concern?

MailsSetu keeps public docs, support, and status surfaces separate so operators can verify guidance quickly and avoid guesswork when email flows are business-critical.