Updated December 3, 2019 with new key dates.
We wanted to let you know about a few changes we’re making to SMTP sending in the coming weeks to make this endpoint more secure. These changes will only affect sending via SMTP. If you use only the Postmark REST API to send, no further action is required on your part.
The following changes will be made to our supported SMTP TLS configuration:
We understand that this type of change can be disruptive, so we want to provide you with ample time to test and verify that your application will be able to continue sending mail using the updated security settings.
These are the key dates for these changes:
The most significant change, which might affect you, is that we are disabling TLSv1.0 on February 1, 2020. This protocol is old and vulnerable, so we will be rejecting connection requests that use TLSv1.0.
Before the cutover date on February 1, 2020, we recommend that you perform some tests against the following temporary testing endpoint:
future-smtp.postmarkapp.com. This endpoint matches the changes we’ll be making, so if everything works as expected, you’re good to go. Just switch back to using
smtp.postmarkapp.com and no further action will be needed.
If you run into any issues using the temporary endpoint (i.e., your SMTP client is unable to connect), please change your SMTP client configuration to use TLSv1.1 or higher, or upgrade your SMTP client to a version that supports TLSv1.1 or higher. Documentation for SMTP clients will typically provide configuration options, where you can see how to set the connection to use TLSv1.1 or higher. If there is not a version of your SMTP client that supports TLSv1.1, you will need to select a new SMTP client that does support TLSv1.1 or higher in order to continue using Postmark.
If you are unable to get an SMTP client that is compatible with TLSv1.1 or higher working with the new SMTP endpoint, please contact our support team and let us know the following details:
We may be able to provide specific instructions for opting into using newer TLS configurations.
Once again, we are going to disable TLSv1.0 on February 1, 2020. Please perform all testing and make any necessary code changes before this date.
Please let us know if you have any questions about these changes.