Security | KasaPost

SPF, DKIM, and DMARC are expected for production domains. KasaPost checks alignment before real volume starts.

HTTPS protects the control center. SMTP transport uses TLS where receiving servers support it.

Transactional API keys can be scoped, rotated, revoked, and tied to domain-level sending policy.

Suppression lists, DMARC reports, abuse contacts, and queue visibility help reduce unwanted or risky mail.

Admin access is separated from mailbox use. Strong passwords and two-factor authentication are recommended for all operators.

Formal security docs, public incident history, SSO options, and independent security review are planned as the platform matures.