6 comments

[ 3.2 ms ] story [ 28.8 ms ] thread
From support chat:

> We are continuing to mitigate an active DDoS attack that is causing intermittent issues for various aspects of our service. The attack began in the early morning hours on Tuesday, February 21st, and has continued into today. Our engineering teams have implemented additional DDoS protections as well as increased computing resources to absorb and mitigate the attack, and we are working closely with our partners at Google and Rackspace on additional strategies.

> Unfortunately, due to the nature of this issue and the security of our platform, we are unable to provide specific details on the attack or the changes made. Although we can't predict when this attack will subside, our engineering team will continue their mitigation efforts, and we will keep you and our Status Page (https://status.mailgun.com/) updated as more information becomes available.

Other than occasional timeouts, the main impact for my team is event logs are ~24h behind.

I asked if we should expect any security-related impacts, and they haven't taken a stance yet on whether people should worry.

It's probably paranoia from dealing with Heroku last year, but the unwillingness to share more info "due to the nature of this issue and the security of our platform" doesn't sound right for a dos

Their email verification endpoint has been hanging for me; disabled it yesterday. Sending seems to be fine at least.
We're not able to send at all via SMTP. Getting the same response as above. Pretty sure they aren't telling us a lot.
Looks like there was an initial blip in failures around 0:00 UTC on Feb 21st.

Then, consistent failures starting around 9:00 UTC.

Deliverability is intermittent from what I see but the API is consistently breaking.