Email Whitelisting and Authenticating


Form notification emails from your website are sent from our email servers and Mandrill by MailChimp. The default mailserver is our own, though if you would like to authenticate our servers, we will put you on Mandrill.

To ensure delivery of your email notifications, please read the following sections regarding Whitelisting and Authenticating.


If you are using email services with strong spam filters (Reflexion, Postini), we would recommend whitelisting our mailservers as approved senders:

Whitelisting will ensure better compatibility with any email delivery infrastructure changes we make in the future.
Authentication here means adding our email servers to your domain's trusted list. When you have authenticated our email servers, the recipient of the emails will know that we are allowed to send emails on your behalf.
Here is an example message delivered from our mailservers and how it will be delivered and signed:  


We recommend that you add these two records to your DNS settings which will indicate that Mandrill and Pronto are authorized to send mail on behalf of your domain:
  • If your domain has no SPF record, please add the following TXT (SPF) record for 
    v=spf1 a mx ~all
  • If your domain already has an existing SPF record, simply add "" before the ~all, ?all or -all arguments.
  • TXT (DKIM) record for
    v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrLHiExVd55zd/IQ/J/mRwSRMAocV/hMB3jXwaHH36d9NaVynQFYV8NaWi69c1veUtRzGt7yAioXqLj7Z4TeEUoOLgrKsn8YnckGs9i3B3tVFB+Ch/4mPhXWiNfNdynHWBcPcbJ8kjEQ2U8y78dHZj1YeRXXVvWob2OaKynO8/lQIDAQAB;


If you need a list of IP ranges, you can get the most up-to-date data by running TXT command for at sites such as MXToolBox.

Why authentication is important

Email servers are setup in a way that makes it very easy to send an email pretending to be someone else. This is a tactic called "spoofing" and it is often used by spammers. You may have seen this before with scam emails that look like they are coming from your bank. However, there are legitimate reasons to spoof an email address - most commonly with contact form notifications.

Email authentication is a technology that gives the recipient's mail server a way of checking the sender's identity and confirm that the sender is actually who they say they are, which improves security and deliverability.

Have more questions? Submit a request


  • Avatar
    Rob Gjertsen

    I would suggest also referencing (or link to a similar article) the SPF record additions for clients who make use of your newsletter services.

  • Avatar
    Than Raskul

    Hi Rob,

    Thank you very much for the recommendation, we'll include a link to this forum post for future newsletter tickets :)



  • Avatar
    Terry Rossi

    While this advice is accurate it isn't the whole story.  The customers will need to add or modify their SPF record to include their production mail server and not just mail generated from forms on thier website.  For example since we use for our outbound mail we need to include their mail servers in our spf and the resultant record is v=spf1 ip4: ip4: ip4: ip4: ~all

    It would be better to have no SPF at all then to have one that produces a soft fail all the time.