Mailgun

Overview

Mailgun is a developer-focused transactional email API service owned by Sinch (acquired in 2021). It provides email delivery infrastructure through REST APIs and SMTP relay, enabling development teams to send transactional emails — order confirmations, password resets, account notifications, two-factor authentication codes, and similar operational messages — without managing their own mail servers. Mailgun also supports inbound email routing, email address validation, and bulk sending for marketing campaigns, though transactional email is its primary use case.

Unlike advertising or analytics platforms, Mailgun does not embed JavaScript on third-party websites. Its browser-side footprint is limited to tracking mechanisms embedded within outgoing email messages, not scripts loaded on web pages.

What This Script Does

No website scripts: Mailgun does not provide a JavaScript snippet, tracking pixel, or widget for website operators to embed. It is a backend API service accessed via server-side code (Node.js, Python, Ruby, PHP, etc.) or SMTP relay.

Email tracking mechanisms (in sent emails): Mailgun's email tracking features create the only end-user browser interaction with Mailgun infrastructure:

• Open tracking pixel: A 1×1 transparent GIF image is embedded in outgoing HTML emails, hosted on domains such as email.mailgun.net, opens.mailgun.net, or a custom tracking domain configured by the sender (e.g., opens.sender-domain.com). When the email is opened in an HTML-capable client, the image loads and Mailgun records an open event including: the recipient's email address, IP address, email client and version, approximate geolocation, and timestamp.

• Click tracking redirects: Links within emails are rewritten to route through Mailgun's redirect tracking service (e.g., https://clicks.mailgun.net/v2/[token]) before forwarding to the destination URL. When a recipient clicks a tracked link, Mailgun records: the recipient's email address, the destination URL, IP address, user agent, and timestamp. The redirect completes within milliseconds.

• No cookies set: Neither the open tracking pixel load nor the click tracking redirect sets cookies on the recipient's browser. Tracking data is associated with the recipient's email address server-side, not through browser storage.

• MIME parts and headers: Mailgun adds standard email headers (Message-ID, X-Mailgun-*) for tracking and routing purposes within the email protocol itself — these are not visible to end users.

Unsubscribe handling: Mailgun generates unsubscribe links for bulk sending that connect to a Mailgun-hosted unsubscribe confirmation page. This is relevant to email compliance (CAN-SPAM, GDPR email consent) rather than website cookie consent.

Consent & Compliance

Mailgun is categorized as functional.

• ePrivacy Directive (email context): Email open tracking pixels are not "cookies" under the ePrivacy Directive's Article 5(3) definition, which covers reading or writing information on terminal equipment (i.e., the browser's local storage or cookies). However, email tracking is subject to general GDPR privacy obligations regarding transparency and legitimate interest. Many legal analyses treat email open tracking as permissible under legitimate interest where the sender has a pre-existing communication relationship with the recipient.
• GDPR (email tracking): The lawful basis for processing email engagement data (opens, clicks) typically derives from the sender's relationship with the recipient — legitimate interest for business communications, or consent for marketing emails where explicit opt-in was required. The sender (not Mailgun) is the data controller for this processing; Mailgun is the data processor.
• CCPA/CPRA: Email engagement data (open rates, click rates) associated with individual email addresses constitutes personal information under CCPA. It should be disclosed in the sender's privacy policy. Sinch/Mailgun operates as a service provider to the sender.
• Website consent: No website consent mechanism is needed for Mailgun, because it does not load scripts or set cookies on the website.

Should You Block This Without Consent?

No. Mailgun does not deploy scripts, pixels, or cookies on websites. A CMP cannot block Mailgun because there is nothing to block at the browser level on a web page. Email tracking consent, where applicable, is governed by the sender's email marketing consent practices and privacy policy, not by website cookie consent.