Heartbleed Bug

By: Dave Walker
Technical Support Engineer


A vulnerability was discovered recently in OpenSSL.  This vulnerability is known as "Heartbleed." OpenSSL is a tool which is used by many websites for secure communications. The JangoMail team has performed a full review of our systems. JangoMail does not use OpenSSL in its communications, and was not affected by this vulnerability. There is no need to change your password due to this issue in OpenSSL.


As always, of course, we do suggest that you use a secure and unique password for your JangoMail account. You should not share passwords between sites or accounts. Changing your password periodically is a good idea, but not required at this time.


More information about the HeartBleed vulnerability can be found at http://heartbleed.com.

New Security Feature: Restrict account access by IP address

You can now restrict access to your JangoMail email account by IP address. You can specify a range of allowable IP addresses or a single IP address.

To restrict access by IP address, go to Settings --> Security --> IP Addresses. Simply enter in a single IP address or a range of IP addresses and designate whether the restriction should apply to the web interface, the API, or both.

In the above screenshot, the IP address range 64.56.108.99-105 can access the web interface for this account, while the single IP 72.45.45.8 is the only IP address that can access the API for this account.

If there are no IPs entered, as is the default on accounts, then there are NO restrictions on which IP addresses can access your account. As soon as you enter at least one IP range, then that becomes the range from which your account must be accessed.

If a user attempts to login to the web interface from an unauthorized IP address, then the user will see the following message:


If the API is called by a node outside of the authorized IP addresses, then an exception will be thrown, as shown below: