Resolving delivery issues with Mandrill emails - Appsembler

Help & How-to

Your comprehensive knowledge base for Open edX, Tahoe LMS, and Virtual Labs. Dive into in-depth documentation, tutorials, troubleshooting guides, and best practices to help with your integration of Appsembler's products.

Resolving delivery issues with Mandrill emails

NOTE: Mandrill is the service we use to send Open edX-related transactional emails. Sendgrid is what we use for the AMC transactional emails.

Some mailhosts will delay delivery (or possibly reject) emails sent from Mandrill unless they are properly validated using SPF/DKIM records.  This was happening with the instersystems.com mail host.  We fixed this by doing the following:

Add SPF/DKIM records to mailhost’s DNS provider

SPF and DKIM are DNS-based authentication methods for emails.  Mandrill strongly recommends adding these for each domain you use for outgoing mail via Mandrill.  

  • Log in with our Mandrill credentials and navigate to https://mandrillapp.com/settings/sending-domains
  • If your domain does not appear on that page (it should automatically appear if emails have ever been sent through Mandrill using that domain), add it.
  • DKIM – To enable DKIM, create a TXT record for mandrill._domainkey.<strong>yourdomain.com</strong> (just replace yourdomain.com with the domain you’re setting up) with the following value:v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrLHiExVd55zd/IQ/J/mRwSRMAocV/hMB3jXwaHH36d9NaVynQFYV8NaWi69c1veUtRzGt7yAioXqLj7Z4TeEUoOLgrKsn8YnckGs9i3B3tVFB+Ch/4mPhXWiNfNdynHWBcPcbJ8kjEQ2U8y78dHZj1YeRXXVvWob2OaKynO8/lQIDAQAB;<br>
    Some DNS providers require that semicolons be escaped. If your provider requires escaping, use this value instead: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrLHiExVd55zd/IQ/J/mRwSRMAocV/hMB3jXwaHH36d9NaVynQFYV8NaWi69c1veUtRzGt7yAioXqLj7Z4TeEUoOLgrKsn8YnckGs9i3B3tVFB+Ch/4mPhXWiNfNdynHWBcPcbJ8kjEQ2U8y78dHZj1YeRXXVvWob2OaKynO8/lQIDAQAB;

  • SPF – SPF is another DNS-based email authentication mechanism. If you don’t yet have an SPF record, you’ll want to add one for your domain. At a minimum, the value should be the following if you’re only sending mail through Mandrill for that domain:v=spf1 include:spf.mandrillapp.com ?all

    If you already have a TXT record with SPF information, you’ll need to add Mandrill’s servers to that record by adding  include:spf.mandrillapp.com in the record (before the last operator, which is usually ?all~all, or -all).

  • Return to https://mandrillapp.com/settings/sending-domains and click the ‘Test DNS settings’ button for your domain.

  • To test, use the https://mandrillapp.com/compose link to compose a message to a domain you know has been rejecting/delaying your emails. 

(optionally) Whitelist Mandrill’s IP ranges

This is actually not recommended, since it will whitelist email sent by anyone using Mandrill.  But if there are still issues with emails being delayed or rejected by a particular receiving mail server, it should resolve the problems. 

  • Find the current range of IPs in use by Mandrill for outgoing email.  These can change so you will need to review this periodically.  dig TXT spf.mandrillapp.com to get the current range.
  • Add the range to the receiving mail server in question.