Keila handles campaign data, subscriber records, and provider API credentials. Hardening should focus on workspace-level access control, secret management, and sending-abuse prevention.
¶ 1) Secure workspace and administrator access
- Restrict admin roles and remove inactive users quickly.
- Disable open registration for private instances.
- Enforce strong authentication and use SSO/MFA via auth proxy where possible.
- Audit who can create/edit sender identities and lists.
¶ 2) Protect provider credentials and webhooks
- Store SMTP/API provider keys in secret storage, not committed configs.
- Rotate provider credentials regularly.
- Validate webhook signatures or shared secrets for event callbacks.
- Restrict webhook endpoints and callback origins through reverse proxy rules.
- Set per-campaign and per-interval send limits.
- Enforce list hygiene and suppression list handling.
- Monitor bounce/complaint spikes for abuse or deliverability incidents.
- Restrict outbound traffic to approved email providers.
- Keila documentation: https://www.keila.io/docs
- Keila source repository: https://github.com/pentacent/keila
Any questions?
Feel free to contact us. Find all contact information on our contact page.