Authentication overview

ImprovMX provides email forwarding services, allowing users to create aliases and manage incoming email routing without hosting a full mail server. Authentication for ImprovMX is primarily handled through its web-based user interface, which provides a dashboard for managing domains, aliases, and forwarding rules. Access to this interface requires a registered email address and password. ImprovMX also supports Two-Factor Authentication (2FA) as an additional security layer for web logins, enhancing account protection against unauthorized access.

While ImprovMX emphasizes simplicity and ease of setup, its programmatic access capabilities are limited. It does not offer a comprehensive REST API for broad management of domains or aliases. Instead, certain integrations, such as webhooks, may utilize API tokens for authentication when transmitting data or triggering specific actions. This approach focuses on securing access to configuration settings within the user dashboard rather than extensive programmatic control.

Users are responsible for securing their login credentials and any generated API tokens. ImprovMX implements standard security practices to protect user data, including encrypted communication channels via HTTPS for all web interactions and secure storage of credentials. Understanding the available authentication methods and adhering to security best practices is essential for maintaining the integrity and privacy of email forwarding configurations.

Supported authentication methods

ImprovMX supports distinct authentication methods based on the access context:

  1. Web Interface Login: This is the primary method for users to access their ImprovMX dashboard. It involves authenticating with an email address and password. Optional Two-Factor Authentication (2FA) can be enabled to add a second layer of security, typically using a Time-based One-Time Password (TOTP) from an authenticator application.
  2. API Token Authentication: For specific programmatic interactions, such as those involving webhooks, ImprovMX may utilize API tokens. These tokens are unique, long strings of characters that act as credentials, allowing an application or service to authenticate requests without requiring a full username and password. This method is generally used for machine-to-machine communication or integrations where specific, limited actions are performed.
  3. DNS Record Verification: While not a direct authentication method for user access, verifying ownership of a domain through DNS records (such as MX, SPF, and DKIM records) is a crucial step in setting up and securing email forwarding with ImprovMX. This process confirms that the user attempting to configure forwarding has legitimate control over the domain. The Domain Name System (DNS) is a hierarchical and decentralized naming system for computers, services, or other resources connected to the Internet or a private network, and its records are fundamental for email routing as described by the IETF RFC 1034.

The following table summarizes the primary authentication methods:

Method When to use Security Level
Web Interface Login (Email/Password) Accessing the user dashboard for configuration. Standard (Enhanced with 2FA)
API Token Authentication Programmatic access for specific integrations (e.g., webhooks). High (if tokens are securely managed)
DNS Record Verification Establishing domain ownership and configuring email routing. High (foundation for email security)

Getting your credentials

Acquiring and managing credentials for ImprovMX involves different processes depending on the type of credential:

Web Interface Login Credentials (Email and Password)

  1. Account Creation: To obtain login credentials, you must first create an ImprovMX account. This typically involves providing an email address and setting a password.
  2. Password Management: Once an account is created, you can manage your password through the user dashboard. ImprovMX generally enforces strong password policies, requiring a combination of uppercase and lowercase letters, numbers, and special characters.
  3. Two-Factor Authentication (2FA) Setup: For enhanced security, navigate to your account settings within the ImprovMX dashboard. Look for a 'Security' or '2FA' section to enable and configure 2FA. This usually involves scanning a QR code with a TOTP authenticator app (e.g., Google Authenticator, Authy) on your mobile device.

API Tokens

ImprovMX's primary function is email forwarding through DNS configuration, and it does not offer a public, general-purpose API for managing domains and aliases programmatically. Therefore, there isn't a standard process for generating API tokens for broad management tasks as seen with many other services. If specific integrations (e.g., custom webhooks for specific events) require a token, it would typically be generated within the context of that specific feature's configuration within the ImprovMX dashboard. Consult the specific documentation for any integration you are setting up to determine if and how an API token is generated.

DNS Records

DNS records are not credentials in the traditional sense but are critical for authenticating your domain ownership with ImprovMX:

  1. Accessing DNS Settings: Log in to your domain registrar or DNS hosting provider's control panel (e.g., Cloudflare, GoDaddy, Namecheap).
  2. Adding ImprovMX Records: ImprovMX will provide specific MX, SPF, and potentially DKIM records that need to be added or modified in your domain's DNS settings. These records instruct mail servers to route email for your domain through ImprovMX and help prevent email spoofing. For example, MX records specify mail exchange servers for a domain, as defined by RFC 5321.
  3. Verification: After adding the records, ImprovMX will verify them to confirm domain ownership and activate your email forwarding services. This verification process ensures that you control the domain you are configuring.

Authenticated request example

As ImprovMX primarily operates through its web interface and does not currently offer a public, general-purpose REST API for managing aliases or domains, a typical authenticated API request example for configuration changes is not applicable in the same way it would be for a service with a comprehensive API. The programmatic interactions are limited to specific webhook endpoints where an API token might be used for authentication.

For scenario-specific integrations where an API token is provided by ImprovMX (e.g., for custom webhooks), the authentication would likely involve including the token in the request headers. Below is a conceptual example of how an API token might be used:

POST /api/v1/webhook_endpoint HTTP/1.1
Host: api.improvmx.com
Content-Type: application/json
Authorization: Bearer YOUR_IMPROVMX_API_TOKEN

{
  "event": "email_received",
  "from": "[email protected]",
  "to": "[email protected]",
  "subject": "Test email"
}

In this conceptual example:

  • Authorization: Bearer YOUR_IMPROVMX_API_TOKEN: The API token is sent in the Authorization header using the Bearer scheme. The Bearer authentication scheme is defined in RFC 6750, which describes how access tokens can be used to authenticate requests to protected resources.
  • YOUR_IMPROVMX_API_TOKEN: This placeholder would be replaced with the actual API token obtained from your ImprovMX account or specific integration settings.

Always refer to the specific documentation provided by ImprovMX for any integration you are configuring to understand the exact authentication requirements and how to properly format your requests.

Security best practices

To secure your ImprovMX account and email forwarding configurations, consider the following best practices:

  1. Enable Two-Factor Authentication (2FA): Always enable 2FA for your ImprovMX login. This adds a critical layer of security by requiring a second verification step, typically a code from a mobile authenticator app, in addition to your password. This significantly reduces the risk of unauthorized access even if your password is compromised.
  2. Use Strong, Unique Passwords: Create a strong and unique password for your ImprovMX account that is not reused on any other service. A strong password combines uppercase and lowercase letters, numbers, and special characters. Consider using a password manager to generate and store complex passwords securely.
  3. Regularly Review DNS Records: Periodically check your domain's DNS settings (MX, SPF, DKIM) to ensure they are correctly configured for ImprovMX and have not been tampered with. Incorrect or malicious DNS changes could redirect your email or compromise your domain's reputation.
  4. Secure API Tokens: If you use any API tokens for ImprovMX integrations (e.g., webhooks), treat them like passwords. Never hardcode them directly into publicly accessible code repositories. Use environment variables or secure secrets management systems to store and retrieve them. Regenerate tokens if you suspect they have been compromised.
  5. Monitor Account Activity: Regularly review your ImprovMX dashboard for any suspicious or unexpected changes to your email forwarding rules or domain configurations. Many services provide an activity log that can help identify unauthorized actions.
  6. Educate Yourself on Phishing: Be vigilant against phishing attempts that try to trick you into revealing your ImprovMX login credentials. Always verify the sender and the legitimacy of links before clicking or entering your information. ImprovMX will typically communicate through its official channels.
  7. Keep Software Updated: Ensure that your operating system, web browser, and any authenticator apps are kept up to date. Software updates often include critical security patches that protect against known vulnerabilities.
  8. Adhere to Least Privilege: If ImprovMX ever introduces role-based access control or more granular API permissions, ensure that users or applications are granted only the minimum necessary privileges to perform their required tasks.

By implementing these security measures, you can significantly reduce the risk of unauthorized access and maintain the integrity of your email forwarding services with ImprovMX.