--- title: "Email Security & Compliance | OutboundSMTP" description: "Enterprise email security with TLS 1.2+ encryption, IP access restrictions, data privacy controls, real-time alerts, and compliance with GDPR, HIPAA, CCPA, and PCI DSS." image: "https://outboundsmtp.com/images/og-default.png" canonical: "https://outboundsmtp.com/features/security/" --- # Enterprise Email Security Protect your email infrastructure with encryption, access controls, and compliance built into every layer. [ Try 1000 Free Credits → ](https://insight.iljmp.com/4/smtp-free) Security Features ## Security at every layer ### TLS Encryption All connections require TLS 1.2 or higher. Your email content is encrypted in transit between your application and our servers. ### Authentication SMTP authentication with API keys, per-subaccount credentials, and optional two-factor for portal access. ### IP Access Restrictions Lock down API and SMTP access to specific IP addresses or CIDR ranges. Only authorized networks can send through your account. ### Data Privacy We process email for delivery and do not store message content after delivery. Logs are retained per your account settings. ### Real-Time Alerts Receive alerts for unusual sending patterns, authentication failures, bounce spikes, and account security events. ### Audit Logging Complete audit trail of account changes, API access, and configuration modifications. Export logs for compliance audits. TLS Encryption ## Encryption details | Feature | Details | | ------------------- | --------------------------------------------------------- | | Minimum TLS Version | TLS 1.2 required for all connections | | Cipher Suites | AES-256-GCM, ChaCha20-Poly1305 preferred | | Certificate | SHA-256 signed, auto-renewed | | SMTP Ports | 587 (STARTTLS), 465 (Implicit TLS) | | Opportunistic TLS | Enabled for outbound delivery to recipient servers | | TLS Reporting | TLS-RPT support for monitoring delivery encryption | | MTA-STS | Respected when receiving servers publish MTA-STS policies | Compliance ## Built for regulated industries ### GDPR Data processing agreements, data minimization, right to erasure support, and EU data handling practices. We process email for delivery without unnecessary data retention. ### HIPAA Business Associate Agreements available. TLS encryption, access controls, audit logging, and data handling practices that support HIPAA compliance for healthcare email. ### CCPA Consumer data rights support, data handling transparency, and privacy-first design. We do not sell or share personal data from email processing. ### PCI DSS Secure infrastructure practices aligned with PCI DSS requirements. Encryption, access controls, and audit trails support cardholder data environment compliance. FAQ ## Security questions ### Do you store email content after delivery? No. We process email content for delivery and do not retain message bodies after successful delivery. Delivery metadata (timestamps, status, recipient) is retained per your account log retention settings. ### Can I restrict SMTP access to specific IP addresses? Yes. You can configure IP access restrictions per sub-account. Only connections from authorized IP addresses or CIDR ranges will be accepted. This is configurable via the portal or API. ### Do you offer a Business Associate Agreement for HIPAA? Yes. We provide BAAs for customers who require HIPAA compliance. Contact our team to discuss your healthcare email requirements and to initiate the BAA process. ## Secure email delivery starts here Enterprise security included with every plan. Start with 1,000 free credits. [Try 1000 Free Credits→](https://insight.iljmp.com/4/smtp-free)[Schedule a Demo](/contact-us/) ```json {"@context":"https://schema.org","@type":"Organization","name":"OutboundSMTP","url":"https://outboundsmtp.com","logo":{"@type":"ImageObject","url":"https://outboundsmtp.com/images/outboundsmtp-logo.png"},"description":"Enterprise SMTP relay service by DuoCircle. Dedicated IPs, sub-accounts, full authentication, and reliable email delivery for businesses of all sizes.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://www.facebook.com/duocircle/","https://x.com/duocircle","https://github.com/duocircle"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.7","reviewCount":"15","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/outbound-smtp/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://outboundsmtp.com/contact-us/"},"knowsAbout":["SMTP Relay","Email Delivery","Email Infrastructure","Dedicated IP Addresses","Email Authentication","SPF","DKIM","DMARC","Transactional Email","Outbound Email"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"OutboundSMTP","url":"https://outboundsmtp.com","description":"Enterprise SMTP relay service by DuoCircle. Dedicated IPs, sub-accounts, full authentication, and reliable email delivery for businesses of all sizes.","publisher":{"@type":"Organization","name":"OutboundSMTP","url":"https://outboundsmtp.com","logo":{"@type":"ImageObject","url":"https://outboundsmtp.com/images/outboundsmtp-logo.png"},"description":"Enterprise SMTP relay service by DuoCircle. Dedicated IPs, sub-accounts, full authentication, and reliable email delivery for businesses of all sizes.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}} ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://outboundsmtp.com/"},{"@type":"ListItem","position":2,"name":"Features","item":"https://outboundsmtp.com/features/"},{"@type":"ListItem","position":3,"name":"Security & Compliance","item":"https://outboundsmtp.com/features/security/"}]} ```