Spam Prevention

Authentication is a way to prove an email isn’t forged. There are a variety of authentication methods, and there’s no best method. SPF and SenderID allow a domain owner to add a file or record on the server that the recipient server cross-checks. These are easy to implement, but some suggest they aren’t as secure. DKIM and DomainKeys embed information within the email, making it harder to forge (but they can also be harder to implement for senders and receivers).

Since there are pros and cons to the various methods, we provide support for all of the above methods.

SPF

If you don’t have an SPF record yet, you’ll need to add one for your domain. At a minimum, the value should be the following if you’re only sending mail through Mandrill for that domain:

v=spf1 include:spf.mandrillapp.com ?all

If you already have a TXT record with SPF information, you’ll need to add Mandrill’s servers to that record by addinginclude:spf.mandrillapp.com in the record (before the last operator, which is usually ?all, ~all, or -all).

DKIM

Add a new TXT record with the name mandrill._domainkey.yourdomain.com (just replace yourdomain.com with the domain you’re setting up).

The value for the record should be one of the options listed below. There are two options because the record contains semicolons. Some DNS providers escape semicolons for you, while others require you to do it when setting up the record.

With semicolons escaped:

v=DKIM1\; k=rsa\;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrLHiExVd55zd/IQ/J/mRwSRMAocV/hMB3jXwaHH36d9NaVynQFYV8NaWi69c1veUtRzGt7yAioXqLj7Z4TeEUoOLgrKsn8YnckGs9i3B3tVFB+Ch/4mPhXWiNfNdynHWBcPcbJ8kjEQ2U8y78dHZj1YeRXXVvWob2OaKynO8/lQIDAQAB\;

With semicolons unescaped:

v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrLHiExVd55zd/IQ/J/mRwSRMAocV/hMB3jXwaHH36d9NaVynQFYV8NaWi69c1veUtRzGt7yAioXqLj7Z4TeEUoOLgrKsn8YnckGs9i3B3tVFB+Ch/4mPhXWiNfNdynHWBcPcbJ8kjEQ2U8y78dHZj1YeRXXVvWob2OaKynO8/lQIDAQAB;