[ppierald]

> Finally, we’d like to assure our customers and partners that we take security at Mailgun very seriously.

So very seriously that they don't even use https for their blog...

[a_imho]

Former mailgun customer. Asked them to delete my personal data a couple of weeks ago (I was not able to do it myself... ) because I would rather they don't leak it in a security hiccup. They kindly refused to do so (as I don't believe any tech support can be that incompetent) and kept spamming my inbox instead. While the severity of this incident is not clear, never imagined curses can act on such a short notice.

[DarronWyke]

This is because Mailgun is in the practice of spam. The number of spam campaigns I've seen with Mailgun as the conduit is high, second only to Mailchimp.

[bwag]

To be fair, Mailgun is in the practice of sending email. It just happens to be that email is one of the main conduits of spam.

[DarronWyke]

No, that's just correlation. Email can be spam, but not all email is spam.

[clhammer]

Hi there,

This is Chris from the Mailgun team. I'm sorry that this happened, this shouldn't have been the case. I'd be happy to help rectify this issue, would you be able to send an email to help@mailgun.com with details so I can review?

[trendia]

Come on, Mailgun.

Let's Encrypt is free and takes less than 5 minutes to set up (using certbot).

[jcadam]

Yea, I've been able to forget how painful getting SSL setup and configured used to be since letsencrypt + certbot came along.

Automating that crap in ansible is almost too easy.

[StavrosK]

Wow, the certificate isn't even valid...

[menacingly]

Well, it's for the wrong domain. Because they don't use SSL on their blog.