1) When logging into an account we support SSL encryption, but we will only enable it automatically for the login page and the billing pages. If you need SSL encryption in other places, you can simply add "https" to any admin area URL. Basically it's the same type of format that services such as Gmail for example use to manage user account access.
3) Outside of list data, credit card information is encrypted and obfuscated, but nothing else is for performance and capability reasons.
4) All of our servers have the root logins removed and use a highly encrypted login that is changed every 30 days. The servers themselves can only be access through 1 ip address which is within our engineering segment. The servers are protected by a Firewall and if 3 failed attempts in a row come from 1 ip address they are then banned to try to login again and we are alerted immediately.
Emercury uses two separate world-class data centers that manage our application, database, and delivery servers 24/7, have redundant power supplies, redundant cooling systems, and redundant networks.
Emercury is not just "a string of Sender servers." We use multiple MTA servers, which are known for their scalability, delivery speed, best practices, and advanced bounceback processing. It's our own proprietary MTA and is well balanced. If one is busy it moves right along to the next. The MTA follows best practice guidelines.
All private information such as account passwords are encrypted. Our own staff can't even view them. If you lose your password, it can't be retrieved - it must be reset. All login pages are 128-bit secure and account data is mirrored and backed up regularly off site.
All large account databases are kept separate and distinct to prevent corruption and overlap. All accounts no matter what size are in a separate database. We don't believe in sharing databases no matter how small they are.
The Emercury.net public website is not hosted in the same subnet as our application and customer database servers. It is hosted at a separate location in order to prevent traffic surges (such as from marketing activities) from affecting our application.
Website Vulnerability Scans
Minor content updates to our public website (such as by the marketing staff) can actually cause unintentional security breaches. That's why we use Trendmicro to constantly scan our public website for vulnerabilities.
Our DC is secured by keycard access, security guard and is monitored with infrared cameras.
Employee Background Checks
All new employees who have access to customer data (such as tech support and our engineers) undergo background criminal history and credit checks prior to employment.