Security is an outcome of clear boundaries.
AccountMaker is designed to reduce attack surface by limiting scope, enforcing domain identity, and aligning authentication with communication.
Our security approach
Domain identity first
Authentication flows and transactional email operate under the same verified domain, making legitimate communication easier to recognize.
Restricted scope
AccountMaker limits functionality to authentication and identity-related communication. This reduces misuse and abuse vectors.
Explicit behavior
Security-relevant actions are intentional, auditable, and bounded. Nothing is hidden behind opaque automation.
Threats we design against
AccountMaker is built with common SaaS security and abuse scenarios in mind.
Phishing and impersonation
Users are tricked by emails or login pages that appear legitimate but are not.
Domain confusion
Authentication and email originate from different domains, weakening trust signals.
Email abuse
Infrastructure intended for identity communication is repurposed for spam or scams.
Silent misconfiguration
Incorrect DNS, email, or auth settings fail quietly and create security gaps.
How AccountMaker reduces risk
Verified domain enforcement
Authentication and email require domain verification. Shared or provider-owned domains are not used for customer-facing flows.
Transactional-only email
Email sending is limited to identity and operational use cases. Marketing and bulk campaigns are not supported.
Inbound email hardening
Inbound messages to identity-related addresses are filtered aggressively, stripped of attachments, and stored as plain content.
Consistent identity surface
Users interact with a single, predictable domain for login and security communication.
What AccountMaker intentionally does not do
No email inbox hosting
We do not provide personal or employee mailboxes.
No marketing or promotional email
The platform cannot be used to send newsletters, advertisements, or outreach campaigns.
No anonymous or unverified sending
Email and auth flows require verified domain ownership.
No opaque automation
Security behavior is explicit and configurable, not hidden behind heuristics.
Who this security model is designed for
For
- SaaS products handling real customer data
- B2B platforms with security-conscious users
- Teams that want predictable, explainable identity behavior
Not for
- Bulk senders or outreach tools
- Anonymous or disposable applications
- Products seeking to obscure identity or ownership
Transparency over promises
AccountMaker avoids vague security claims. Instead, it reduces risk by narrowing scope, enforcing domain identity, and keeping authentication and communication aligned.
- Clear boundaries reduce misuse
- Consistency improves user trust
- Restricted capabilities limit abuse
Security through clarity
AccountMaker focuses on doing fewer things, more predictably, under your domain.