Email and application security.
Out of the box, Postmark supports opportunistic TLS for all outbound email, ensuring messages are encrypted in transit to remote mail servers and ISPs who support TLS. Gmail lists us as delivering 100% of our email via TLS. Combining this with full HTTPS and TLS support on our SMTP and API endpoints provides safe passage for messages flowing through Postmark.
We also fully support and encourage use of email standards like DKIM, SPF, and DMARC, giving you control over your domain’s reputation and reducing the risk of email spoofing.
We host our servers in one of the most impressive data centers in the country, a Type 2 SSAE 16 SOC 1 accredited facility. In addition, our systems are regularly tested using both automated systems and manual audits from respected security firms.
We partner with Stripe to manage payments on Postmark. Stripe is certified as a PCI Level 1 Service Provider. Postmark does not have access to customers’ credit card data at all.
Read more about security and reliability