The 11 Step SendGrid Security Checklist


Posted on

The following is a guest post from SendGrid’s Compliance Desk.

ChecklistSendGrid doesn’t compromise when it comes to compromised accounts and neither should you. There are a number of ways you, your computer or your servers could be vulnerable. Our 11 step security checklist can help identify issues and hopefully recognize a problem before it causes a negative impact. Every day that you put off security steps, your reputation as a business and a sender is at risk. Take a few minutes, go through this checklist and make sure that your systems are secure.

  • Make your password robust. Use a mix of upper- and lower-case letters, numbers, special characters (ie, @, #, $) and avoid guessable words or phrases.
  • Avoid auto-saving your password in a web browser. Anyone with access to the machine you use would be able to login wherever you use a saved password.
  • Perform regular virus scans on any computers that are used to send mail through SendGrid or login to your account. If a machine is compromised, malware could grab your credentials or log your keystrokes.
  • Secure and encrypt your wireless connections. Similarly, be wary of public networks–only join those from a known source that require a password.
  • Enable a firewall on your machine. A firewall closes unused ports by default and ensures only expected connections come into your computer.
  • Lock down anything listing credentials. If you have configuration files or web pages (Facebook, Twitter, Linkdin, etc.) that contain your SendGrid credentials, make sure they are not indexable via a search engine or visible in any way to outsiders.
  • Keep applications up-to-date. Older versions of WordPress and other software may be vulnerable to exploitation. Secure WordPress by upgrading.
  • Perform a script audit. Are there any rogue web scripts or forms on your server? Find out the origin of every script and how it’s used–or remove it from the server.
  • Prevent mass emails from scripts. If you have a website sending emails through SendGrid, are there checks in place to prevent visitors (or bots) from sending email in large volumes or in any way that is abusive? For example, secure your registration form.
  • Check mail server settings. If you have a mail server which routes outbound mail through SendGrid ensure it is not configured as an open relay.
  • Use a service like Stop The Hacker to give your website a vulnerability assessment, check for web malware and offer guidance for better security.

Following these steps will strengthen your defenses against potential threats. By avoiding vulnerabilities, you keep your email reputation in your control.

Checklist image by TEDx Manipal University Dubai.


Adam DuVander speaks fluent "developer" while serving as Developer Communications Director. He helps SendGrid connect to coders of all stripes. Previously Adam wrote for Wired, Webmonkey and edited ProgrammableWeb, the leading resource for APIs.

Adam DuVander on Twitter
Have thoughts on this post?
Chat with us about it on Twitter and Google+