Custom MIME Headers for Mailgun option?

  • hirejordansmith

    (@hirejordansmith)


    6 years ago

    Hi,

    I’m trying to determine if it’s possible to pass through custom MIME headers with this plugin?

    Working with a client who requires HIPAA compliance and their IT guy is sent me the following:

    “SSL cert will secure communication between a user’s browser and the website. This doesn’t secure anything beyond that. SMTP communication over port 25 is not secure. We need to ensure that the form connects to O365 w/ a secure and encrypted connection. Connection should use encryption, TLS > 1.0 (1.1,1.2,or1.3) over port 587.”

    I reached out to Mailgun.com and they responded with this:

    “Yes, we do support sending via port 587 with TLS 1.2 for SMTP communication; you just need to make sure you employ the X-Mailgun-Require-TLS header as part of these messages. More information here: https://documentation.mailgun.com/en/latest/user_manual.html?highlight=tls#sending-via-smtp”

    Also after reviewing the Mailgun.com account I see settings for TLS Connection (Opportunistic / Required) and Certificate Verification (Required / Not Required). If I require both will that provide the necessary MIME Header?

    Any details you can provide on this would be very helpful, thank you!

    The page I need help with: [log in to see the link]

Viewing 1 replies (of 1 total)
  • codemonkeys

    (@codemonkeys)

    FYI…

    Setting up your email to use TLS usually isn’t enough to satisfy HIPAA compliance.

    You would need an E2E encryption solution as the data must be protected both in transit and at rest without the ability for a middle man to view the data.

    Here’s some decent information on this type of stuff https://security.stackexchange.com/questions/157292/whats-the-difference-between-end-to-end-and-regular-tls-encryption

    You would also need a BAA in place with both email providers (sending & receiving) or if it’s being handled through your own hosting server you would need a BAA with the hosting provider. In fact, you’ll need a BAA with your hosting provider regardless if any PHI will be passed through the website at all.

    All IT contractors including you should have a BAA in place with the client as well.

Viewing 1 replies (of 1 total)
  • The topic ‘Custom MIME Headers for Mailgun option?’ is closed to new replies.

Tags