diff --git a/mailgun/controllers/main.py b/mailgun/controllers/main.py
index a8a7d9a..d7b4d99 100644
--- a/mailgun/controllers/main.py
+++ b/mailgun/controllers/main.py
@@ -5,6 +5,8 @@ import werkzeug
 import email
 import requests
 import simplejson
+import re
+
 
 class MailMailgun(http.Controller):
 
@@ -12,7 +14,7 @@ class MailMailgun(http.Controller):
     def mailgun_notify(self, **kw):
         # mailgun notification in json format
         message_url = kw.get('message-url')
-        if not message_url.startswith('https://api.mailgun.net/'):
+        if not re.match('^https://[^/]*api.mailgun.net/', message_url):
             # simple security check failed
             raise Exception('wrong message-url')
         request.env['mail.thread'].sudo().mailgun_fetch_message(message_url)
diff --git a/mailgun/models.py b/mailgun/models.py
index 464e685..4479799 100644
--- a/mailgun/models.py
+++ b/mailgun/models.py
@@ -18,7 +18,7 @@ class MailThread(models.AbstractModel):
     @api.model
     def mailgun_fetch_message(self, message_url):
         api_key = self.env['ir.config_parameter'].sudo().get_param('mailgun.apikey')
-        res = requests.get(message_url, headers={'Accept': 'message/rfc2822'}, auth=('api', api_key))
+        res = requests.get(message_url, headers={'Accept': 'message/rfc2822'}, auth=('api', api_key), verify=False)
         self.message_process(False, res.json().get('body-mime'))