As this strange year marches on we have seen an industry-wide rise in email phishing and other fraudulent internet activity. To avoid a scenario where a bad actor gains access to your Postmark account and starts sending spam, we are reaching out to ask for your help in keeping your account safe.
At Postmark your data is secure and redundant, but keeping your account information secure is a team effort! We have written up some best practices for account security, and we wanted to highlight a few very important actions you can take.
First, it is extremely important to set up two-factor authentication (2FA). This is the most important thing you can do to keep your account secure, so please do this as soon as possible.
Set up 2FA by logging into your Postmark account, selecting your name in the top right and then choosing "Profile" to access your user settings. You can turn on two-factor authentication in the "Security" section on that page.
And while you're at it, set up 2FA on all your email accounts (like Gmail), so that hackers can't use your email address to initiate false password reset requests.
Also remember that you should rotate your account and server API Tokens every few months. Never share your API Token through email, group messaging (e.g. Slack), forums, or source code. This reduces the risk of a bad actor getting hold of them. Even if you don't believe you have ever shared your API Token, rotating them on a regular basis is still a great idea.
You can generate and delete your server's old API token in your server's API Tokens tab.
We don't want this email to be scary, but we want to be proactive and vigilant given the uptick in phishing and online attacks this year. Not only are such attacks time consuming and distracting, they have the potential to damage your sender reputation as well as your brand and business.
We are doing everything we can to keep your account secure, and would love your help to reinforce that by setting up 2FA on your account, and rotating your API keys often.
If you have any questions or comments on this, just reply to this email.