Security

Security is at the core of dontreply.dev. We implement multiple layers of protection to ensure your emails are safe and only sent to authorized recipients.

Whitelist Protection

Our primary security feature is strict recipient whitelisting:

  • Emails can only be sent to pre-approved recipient addresses
  • Any attempt to send to non-whitelisted addresses is immediately rejected
  • You have full control over who can receive emails from your account
  • Whitelist changes are logged for audit purposes

Authentication & Authorization

  • HTTP-based authentication system validates every connection
  • SMTP credentials are unique per account
  • Passwords are hashed using industry-standard algorithms
  • Support for integration with your existing auth systems
  • Failed authentication attempts are logged and monitored

Data Encryption

  • All connections use TLS encryption in transit
  • Email content is encrypted during transmission to AWS SES
  • Credentials are never stored in plain text
  • Database connections are encrypted

Infrastructure Security

  • Powered by AWS infrastructure with enterprise-grade security
  • Regular security updates and patches
  • DDoS protection and rate limiting
  • Network isolation and firewall rules
  • Automated security monitoring and alerts

Email Logs & Retention

  • Email metadata is logged for 30 days for debugging
  • Email content is not permanently stored on our servers
  • Logs are automatically purged after retention period
  • Access to logs is strictly controlled and audited

Compliance

  • GDPR compliant data handling
  • Regular security audits
  • Compliance with email anti-spam regulations
  • Data processing agreements available for enterprise customers

Monitoring & Incident Response

  • 24/7 automated security monitoring
  • Real-time anomaly detection
  • Incident response procedures in place
  • Regular backup and disaster recovery testing

Best Practices for Users

To maximize security, we recommend:

  • Use strong, unique passwords for your account
  • Rotate your SMTP credentials regularly
  • Keep your whitelist updated and minimal
  • Monitor your email logs for suspicious activity
  • Report any security concerns immediately

Responsible Disclosure

If you discover a security vulnerability, please report it responsibly to [email protected]. We take all reports seriously and will respond promptly.

Security Updates

For the latest security announcements and updates, check our status page.