Introduction

The Secure E-mail API makes sure your e-mails to clients, users and other audiences are compliant with mandatory GDPR/AVG regulations for businesses. When sending (bulk) business e-mails it is hard to make sure that the e-mail servers of all your addressees have the right standard security configured and that the e-mails arrive at the intended mailboxes. By law, it is not allowed to send sensitive data over unsecured e-mail. The Secure E-mail API solves this problem for you by checking the security of the connection with e-mail servers and only sending your message through to secure servers.


API specification

Test the API on SwaggerHub


Base URL

https://api-prd.kpn.com/network/secumailer/securemail


Conceptual model

Conceptual model


Definitions

Account

In this context, an account is the entity where organizational parameters are held and maintained.

Apex domain

An apex domain is a root domain that does not contain a subdomain. For example, example.com is an apex domain but www.example.com is not, because it contains the subdomain part www.

AVG

The AVG (in Dutch: Algemene verordening gegevensbescherming) is the Dutch name for the GDPR.

DNS

Domain Name Service. A service that translates domain names to IP addresses and vice versa.

DKIM

DomainKeys Identified Mail (DKIM) is an e-mail authentication method designed to detect forged sender addresses in e-mails (e-mail spoofing), a technique often used in phishing and e-mail spam.

DMARC

DMARC (Domain-based Message Authentication, Reporting and Conformance) is an e-mail authentication protocol. It is designed to give e-mail domain owners the ability to protect their domain from unauthorized use.

Domain

This is the domain name, from which you will be sending your secure e-mails.

GDPR

The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individual citizens of the European Union (EU) and the European Economic Area (EEA). It also addresses the export of personal data outside the EU and EEA areas. The GDPR aims primarily to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.

MX

MX (Mail Exchange-record) specifies where the e-mails for your domain should be delivered.

SPF

Sender Policy Framework (SPF) is an e-mail authentication method designed to detect forging sender addresses during the delivery of the e-mail.

TXT

These records are used to store text-based information related to your domain. One of their most common uses is for SPF data. SPF is an attempt to control forged e-mail.


API workflow

API workflow


Prerequirements

  • You must be able to configure the DNS records of your registered domain to route e-mails to the SecuMailer platform.


Features

  • Always deliver e-mail to secure e-mail servers.
  • Supports bulk e-mails.
  • Compliant with GDPR/AVG regulation.


Setting up your third-party accounts

To start e-mailing with the Secure E-mail API, you need to create a SecuMailer account.

Use the API request POST /account to create an account on the SecuMailer platform, providing the domain name and an e-mail address on which you would like to receive notifications. You will receive a notification, for example, when a secure e-mail can't be sent to the addressee.

POST ​/account See on SwaggerHub


^^Request body^^
{
  "domain": "example.com"
}


Configuring your DNS registration

To send secure e-mails, you need to make changes to your DNS registration. You need to create:

  • Two MX records for a subdomain of the apex domain (the default is secure.example.com).
  • A number of TXT records (SPF, DKIM and DMARC) that establish proof of ownership of the domain.

You can retrieve the set of required DNS changes by calling the GET /account endpoint. You need to supply the domain for which you are retrieving the DNS settings as documented by the Swagger file. You will receive the values that you need to implement as DNS changes.

GET ​/account See on SwaggerHub


^^Example of MX and TXT records^^
{
  "domain": "example.com",
  "mx": {
    "value": "10 feedback-smtp.eu-west-1.amazonses.com",
    "hostname": "secumailer.example.com",
    "type": "MX"
  },
  "spf": {
    "value": "v=spf1 include:amazonses.com ~all",
    "hostname": "secumailer.example.com",
    "type": "TXT"
  },
  "dmarc": {
    "value": "v=DMARC1; p=quarantine; rua=mailto:8c831832697b686@rep.dmarcanalyzer.com; ruf=mailto:8c831832697b686@for.dmarcanalyzer.com; pct=0; fo=1",
    "hostname": "secumailer.example.com",
    "type": "TXT"
  },
  "ses": {
    "hostname": "_amazonses.example.com",
    "value": "RsDYehqnkyd6xPZ8i7i5dKawKrOWlveYmN1q6ahL9Gw=",
    "status": "Success",
    "type": "TXT"
  },
    "status": "Success"
}


The values consist of a section named receiving_dns_records and sending_dns_records:

  • The first section shows the MX records. They need to be applied to the host value as documented in the hostname attribute of the response. This will generally be in the form of secure.example.com.

Do not apply these settings to your root domain as this will interfere with your regular e-mail.

  • The second section shows a number of TXT records. These need to be applied to the host as determined in each hostname attribute of a TXT record.

DNS changes take time to process. As soon as your DNS changes are validated correctly, the state attribute in the domain section will change from unverified to valid. When this is the case, you can start sending messages via the /message endpoint.

Take into account that syncing DNS can take up to 24 hours.


How to...

Send secure e-mails

Use the POST /message endpoint to send a secure e-mail. Send the following application/JSON payload in the request.

  • A sender.
  • One or more recipients.
  • A MIME-encoded, escaped e-mail message.

The payload date and Message-ID should be unique.


Return codes

Code Description
200 Success.
201 Created.
202 Accepted.
302 Found. Link in location header.
400 Bad request.
401 Unauthorized.
403 Forbidden.
404 Not found.
405 Method not allowed.
412 Precondition failed.
429 Too many requests.
500 Internal server error.
502 Bad gateway.
503 Service unavailable.

Mopinion feedback