SendGrid doesn’t compromise when it comes to compromised accounts and neither should you. Every day that you put off security steps, your reputation as a business and a sender is at risk. Use these suggestions to improve the security of your system.
1) Use a robust password!
- Don’t use the same password for multiple sites, vary your passwords whenever possible.
- Use upper and lower case letters, numerals, and special characters.
- Don’t use easily guessable words or phrases such as personal information, your company name, or abbreviations.
- Don’t expose your password on Github!
Set up Teammates to create, manage, and restrict additional sets of credentials to more precisely grant permissions within your SendGrid account.
2) Don’t let web browsers automatically save your SendGrid password.
3) Perform regular virus scans on any computers that are used to send mail through SendGrid or are used log in to your account.
4) Encrypt and secure wireless connections.
5) Do not publicly display your SendGrid credentials in configuration files on Github, in the notes in the HTML on web pages, or on social media.
6) Check for vulnerabilities in your web applications, and always make sure they are completely up to date - often, software updates fix vulnerabilities. For example, old versions of WordPress are vulnerable to exploitation. Review https://codex.wordpress.org/Hardening_WordPress to hardening your security with WordPress.
7) If you have a service that is sending emails through SendGrid, are there checks in place to prevent visitors (or bots) from sending email in large volumes or in any way that is abusive? If you have an email registration form, [here are some helpful tips](/Classroom/Basics/Security/keeping_your_registration_form_secure.html) to keep your form secure.