Email Whitelisting and Authenticating

Follow

Form notification emails from your website are sent from our email servers and Mandrill by MailChimp. The default mailserver is MailerQ, though if you would like to authenticate our servers, we will put you on Mandrill.

To ensure delivery of your email notifications, please read the following sections regarding Whitelisting and Authenticating.

Whitelisting

If you are using email services with strong spam filters (Reflexion, Postini), we would recommend whitelisting our mailservers as approved senders:

  • prontomarketing.com
  • mandrillapp.com
Whitelisting prontomarketing.com will ensure better compatibility with any email delivery infrastructure changes we make in the future.
 
Authenticating
 
Authentication here means adding our email servers to your domain's trusted list. When you have authenticated our email servers, the recipient of the emails will know that we are allowed to send emails on your behalf.
 
Here is an example message delivered from our mailservers and how it will be delivered and signed:  

pronto-email-example1.jpg 

 
We recommend that you add these two records to your DNS settings which will indicate that Mandrill and Pronto are authorized to send mail on behalf of your domain:
  • If your domain has no SPF record, please add the following TXT (SPF) record for yourdomain.com: 
    v=spf1 a mx include:_spf.prontomarketing.com ~all
  • If your domain already have an exising SPF record, simply add "include:_spf.prontomarketing.com" before the ~all or ?all or -all arguments.
  • TXT (DKIM) record for mandrill._domainkey.yourdomain.com:
    v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrLHiExVd55zd/IQ/J/mRwSRMAocV/hMB3jXwaHH36d9NaVynQFYV8NaWi69c1veUtRzGt7yAioXqLj7Z4TeEUoOLgrKsn8YnckGs9i3B3tVFB+Ch/4mPhXWiNfNdynHWBcPcbJ8kjEQ2U8y78dHZj1YeRXXVvWob2OaKynO8/lQIDAQAB;

 

Once you have added the two records, please let us know via a support ticket and we will switch the mailserver from ours to Mandrill.

If you need a list of IP ranges, you can get the most up-to-date data by running TXT command for spf.mandrillapp.com at sites such as MXToolBox.

Why authentication is important

Email servers are setup in a way that makes it very easy to send an email pretending to be someone else. This is a tactic called "spoofing" and it is often used by spammers. You may have seen this before with scam emails that look like they are coming from your bank. However, there are legitimate reasons to spoof an email address - most commonly with contact form notifications.

Email authentication is a technology that gives the recipient's mail server a way of checking the senders identity and confirm that the sender is actually who they say they are which improves security and deliver-ability.

Have more questions? Submit a request

Comments

  • Avatar
    Rob Gjertsen

    I would suggest also referencing (or link to a similar article) the SPF record additions for clients who make use of your newsletter services.

  • Avatar
    Than Raskul

    Hi Rob,

    Thank you very much for the recommendation, we'll include a link to this forum post for future newsletter tickets :)

    Regards,

    Than

  • Avatar
    Terry Rossi

    While this advice is accurate it isn't the whole story.  The customers will need to add or modify their SPF record to include their production mail server and not just mail generated from forms on thier website.  For example since we use reflexion.net for our outbound mail we need to include their mail servers in our spf and the resultant record is v=spf1 ip4:100.42.120.128/27 ip4:100.42.115.0/27 ip4:69.84.129.224/27 ip4:192.135.189.0/24 include:prontomarketing.com ~all

    It would be better to have no SPF at all then to have one that produces a soft fail all the time.