Authentication Changes

Mailsac now requires authentication on all API routes and many parts of the website. The API key for your account can be created and viewed from the dashboard. If you are using the website to view emails you will need to create an account and sign in to view the body, images, and headers.

API Authentication

Many API routes required authentication prior to this change. If you are a customer with an existing API key and using it to make your API requests, there are no changes you need to make.

If you were using anonymous access, you will need to create an account and create an API key.

There are three methods for authenticating to the API. HTTP Header, Query String Parameter, and Request JSON Body. To use the HTTP Header create the request header Mailsac-Key and use the value of your API key. To use the query string parameter append the query string parameter _mailsacKey to the query section (after ?) in the url. Example: https://mailsac.com/api/addresses/test@example.com/messages?_mailsacKey=eoj1mn7x5y61w0egs25j6xrv
During a POST or PUT operation a JSON field _mailsacKey can be used.

For a complete list of API Routes check out the API documentation.

Website Authentication

The content of the most recent email received is still available without logging in. Older messages, images, and headers will require an account. You can register for an account for free.

Email Forwarding Changes

Email can be forwarded using websockets, webhooks, slack, and catchall. The way email is forwarded has been changed for consistency. Reserved addresses, which are part of a catchall domain, will now be the inbox email is saved to. Catchall forwarding will still take place on websockets, webhooks, and slack webhooks.

Examples:

  • Websocket post to *@domain.com and private@domain.com
  • Webhook post to *@domain.com and private@domain.com
  • Slack Webhook post to *@domain.com and private@domain.com
  • Save email only to private@domain.com

Improved SMTP Responses and Throttling Changes

SMTP Responses

The robustness of our SMTP server has been improved by providing better response codes.

  • Response code 553 when email is missing a recipient
  • Response code 421 when inbound email is being throttled and the server is unable to accept the message until a later time
  • Response code 554 with meaningful error message describing the cause (blacklisting or internal server error)

Throttling Improvements

Incoming SMTP connections will be queued based on system load. The connection will stay open while waiting for system resources. If the SMTP connection cannot be completed in a reasonable period of time the server will issue a response code of 421. This situation may be encountered while sending a large amount of email from a specific server or to Mailsac hosted email address.

We offer custom domains to get around throttling, in all but the heaviest DDOS scenarios. Also, Enterprise customers can visit mailsac.com/enterprise to view higher performance or dedicated deployments.

API Response Fixes

The status code for reserving an address on the API was returning a 302 in some situations, while the documentation said it was a 200. This has been resolved. This endpoint for reserving an address will also return the address object.

When deleting a private address, the API used to return { "ok": true } with a 200 status code. Now the API will return a 200 a copy of the address object which was deleted.

Official API documentation