The Secure E-mail API makes sure your e-mails to clients, users and other audiences are compliant with mandatory GDPR/AVG regulations for businesses. When sending (bulk) business e-mails it is hard to make sure that the mail server of all your addressees have the right standard security configured and that the e-mails arrive at the intended mailboxes. By law it is not allowed to send sensitive data over unsecured e-mail. The Secure E-mail API solves this problem for you by checking the security of the connection with mail servers and only sending your message through to secure servers.

Conceptual model

Conceptual model



In this context, an account is the entity where organizational parameters are held and maintained.


The AVG (in Dutch: Algemene verordening gegevensbescherming) is the Dutch name for the GDPR.


Domain Name Service. A service that translates domain names to IP addresses and vice versa.


This is the domain name, from which you will be sending your secure e-mails.


The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individual citizens of the European Union (EU) and the European Economic Area (EEA). It also addresses the export of personal data outside the EU and EEA areas. The GDPR aims primarily to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.

API workflow

Sequence diagram


You must be able to configure the DNS records of your registered domain, to be able to route e-mail to the SecuMailer platform.

Features and constraints


  • Always deliver e-mail to secure mail servers.
  • Bulk e-mail supported.
  • Compliant with GDPR/AVG regulation.


  • You would have to check your e-mail address configured as reseller, to check for e-mails that could not be delivered because of insecure mail servers.
  • DNS changes have to be made for e-mail routing.

Getting started

Setting up your third-party accounts

To start e-mailing with the Secure E-mail API, you need to create a SecuMailer account.

Use the API request /POST account to create an account on the SecuMailer platform, providing the domain name and an e-mail address on which you would like to receive notifications. You will receive a notification for example when a Secure E-mail cannot be sent to the addressee.

Configuring your DNS registration

In order to send secure e-mail, you need to make changes to your DNS registration.

The changes concern the creation of 2 MX records for a subdomain of the apex domain (default is and number of TXT records (SPF, DKIM and DMARC) that also establish proof of ownership of the domain.

You can retrieve the set of required DNS changes by calling the /GET account endpoint. You need to supply the domain for which you are retrieving the DNS settings as documented by the Swagger file. You will receive the values that you need to implement as DNS changes.

The values consist of a section named ‘receiving_dns_records’ and ‘sending_dns_records’. The first section concerns MX records and they need to be applied to the host value as documented in the ‘domain’ --> ‘name’ section of the response. This will generally be in the form of ‘’.

Note: DO NOT apply these settings to your root domain as this will interfere with your regular e-mail.

The second section concerns a number of TXT records. These need to be applied to the host as determined in each ‘name’ attribute of a TXT record. DNS changes take time to process. As soon as your DNS changes have validated correctly the ‘state’ attribute in the ‘domain’ section will change from ‘unverified’ to ‘valid’.

When this is the case you can start sending messages via the /message endpoint.

Use the GET /account endpoint to check if all settings where correctly processed.

Note: Take a into account that syncing DNS can take up to 24 hours.

How to...

Send secure e-mails

Use the POST /message endpoint to send a secure e-mail. Provide an application/json payload with:

  • a sender.
  • one or more recipients.
  • a MIME encoded, escaped e-mail message.

Note: The payload date and Message-ID should be unique.

Return codes

Code   Description
200   Success
201   Created
202   Accepted
302   Found. Link in location header
400   Bad request
401   Unauthorized
403   Forbidden
404   Not found
405   Method not allowed
412   Precondition failed
429   Too many requests
500   Internal server error
502   Bad gateway
503   Service unavailable