Why is Ciphr using a new email service for service emails?
One of the biggest benefits of moving to public cloud is that we can use an email service that reduces the likelihood of emails either being marked incorrectly as spam, or blocked as untrustworthy.
After carrying out due diligence on available providers, Ciphr chose Sinch UK Mailgun as the provider to deliver emails which our services generate, such as verification and notification emails. For more information on Sinch UK Mailgun, visit their trust centre website: https://security.mailgun.com/
Can we continue using the current email service or will all Ciphr customers be transferred to processing notifications using the new email service?
Customers will not be able to continue using the current email service. All Ciphr customers will be transferred over to the new email service, Mailgun. Customers who don’t use the new email service will not be able to send notifications.
What is a DNS SPF record?
A sender policy framework (SPF) record is a type of Domain Name System (DNS) record that lists all the servers authorised to send emails from a particular domain.
Think of SPF records like a guest list that is managed by a door attendant. If someone is not on the list, the door attendant will not let them in. Similarly, if an SPF record does not have a sender’s IP address or domain on its list, the receiving server (door attendant) will either not deliver those emails or mark them as spam.
What is DKIM and how does it improve the email service?
We are introducing DKIM to all our emails moving forward.
DKIM, an acronym for ‘DomainKeys Identified Mail’, is a cryptographic authentication method used to verify the authenticity of emails.
DKIM helps prevent email spoofing and ensures that the emails you receive are actually sent from the claimed sender domain. This improves email authenticity, anti-spoofing, deliverability, and protection sender reputation.
What due diligence did Ciphr carry out on Sinch UK Mailgun
Ciphr has a Third Party Management Policy which establishes steps to be taken to manage third party relationships. These steps help ensure that the risk of a breach of confidentiality, integrity and availability of Ciphr informational assets, in connection to the use of these third parties, is reduced to the lowest feasible level.
The policy is externally audited against the ISO27001 standard on an annual basis. It covers assessing the third parties and sorting them into tiers depending on their function. Their tiering determines the amount of due diligence that will be carried out by Ciphr on the third party.
Sinch UK have been graded as a tier 1 supplier, the highest level. This involves retrieving an extensive amount of information about the organisation, reviewing the information to ensure they meet or exceed the level of security controls and protections which Ciphr offers to its customers. Unfortunately, we are unable to share this information as it is covered by NDAs between Ciphr and the third parties.
In addition to comprehensive initial due diligence upon entering into agreement with utilised third parties, regular audits are carried out to ensure continued compliance to contractual and legislative obligations.