[rajeemcariazo]

I had a worse experience with mailgun that almost made me lose my job. Our domain was blacklisted for sending spam. I think mailgun's server was hacked at that time because our Api Key was kept securely using the best practices. I dont want to use Sendgrid because of bloated and slow UI but I had no choice.

[jrodom]

If this is a recent occurrence, I'd be happy to have our application security team take a look. To be clear, there hasn't been any kind of breach, but our customers are often targeted in phishing schemes that results in the disclosure of account credentials. We're continually adapting our defenses, but this is responsible for the majority of credential leaks.

[duskwuff]

There's one really easy step you could take that would make a huge dent in those phishing schemes:

Detect and block phishing emails that are forwarded through your service. Right now, I get several messages forwarded per day from "Sam at Mailgun" (actually a variety of external senders) trying to get me to log in to review various (nonexistent) problems with my account.