BDP primarily uses a bulk email service provider; you can also enter your own mail server details. The provider is Mandrill, owned by Mailchimp. We would highly recommend using Mandrill, as this service is integrated with our servers and will give your mail the best possible chance of reaching its destination.

The email provider can be selected in BDP by going to configuration->configuration->account configuration->Default SMTP Sender. Changing any of these settings requires Admin permissions in BDP.

If no settings are changed, mail will be sent via Mandril by default.

We would recommend using Mandrill for sending emails.

If the SMTP Host is entered, this overrides Mandrill and attempts to use the SMTP server you specify instead; note that BDP can can be set to use SMTP without authentication (it’ll use just IP restrictions instead), so don’t always expect to see credentials entered here.

 

Configuring your domain for Mandrill

The exponential increase in the volume of spam has forced email service providers to apply increasingly strict filtering. To allow Mandrill to send emails on your behalf you MUST implement some settings on your domain, to prevent legitimate emails from being filtered as spam.

Important Note: If your email security services provide Sender Spoof Protection that blocks emails with your organisation’s own domain in the “From” field that are sent from outside your organisation, then this should not be enabled or it should be configured to allow such emails from Mandrill. If the Sender Spoof Protection must be enabled for your organisation then it may be best to relay your emails via SMTP.

 

(1) Verify Domain Ownerhip (Mandrill only)

Domain verification is required to configure a sending domain. To simplest and easiest method to confirm access to your domain will be by email, we will send an email direct from Mandrill and ask that you forward that email onto us. We will do the rest.

 

(2) SPF (Mandrill only)

SPF is a DNS-based email validation mechanism. If you don’t yet have an SPF record, you’ll want to add one for your domain. As a minimum, the setting should implemented as follows:

v=spf1 include:spf.mandrillapp.com ~all

You’ll need to add items to the SPF record for any services that already send mail on your behalf, as well; your IT department or ISP can help you with this.

If you already have an existing SPF record, you’ll need to add Mandrill’s servers to it; just make sure your existing SPF record includes “include:spf.mandrillapp.com” in addition to whatever’s already there.

More information about SPF is available from Mandrill help pages.

 

(3) DKIM (Mandrill only)

DKIM is a DNS-based email authentication mechanism that helps Mandrill more effectively send mail on your behalf, by allowing receivers to verify that we have permission to send your email using digital signatures.

To enable DKIM, create two CNAME records in your organisation’s DNS, as follows:

  1. Record name: mte1._domainkey.yourdomain.com Record value: dkim1.mandrillapp.com
  2. Record name: mte2._domainkey.yourdomain.com Record value: dkim2.mandrillapp.com

Replace “yourdomain.com” in the above examples with your actual domain when creating the records. More information about DKIM is available from Mandrill help pages. Your IT department or IT service provider can assist you with your DNS setup.

 

(4) DMARC (Mandrill only)

 
From February 2024, major email providers will require that sending domains have a DMARC policy for their sending domains; this is a special DNS record that tells receiving mail servers that your mail is protected by SPF and/or DKIM, and what to do with any messages that fail those requirements.
 
To add a simple DMARC policy to your domain, create a TXT record in your DNS with the name _dmarc.yourdomain.com and value “v=DMARC1; p=none“.
 
Replace “yourdomain.com” in the above examples with your actual domain when creating the records. DMARC records can be configured in a number of different ways; the above example will work fine, but you may want to review the official DMARC documentation to make sure that your DMARC record suits your organisation’s email security posture.
 

Relaying Emails by SMTP

This option is often the most effective at ensuring emails are successfully authenticated as coming from your organisation because it routes mail via your own infrastructure. To select this option, simply enter a host under SMTP Host in configuration->configuration->account configuration.

BDP requires the following information:

SMTP Host

SMTP Username

SMTP Password

SMTP Encryption Type (Often TLS)

SMTP Port (usually 587 when using TLS)

Please note that firewall constraints may prevent this setup from working and you may need to ask your network administrator to allow the following source IP address ranges to relay mail via your SMTP host:

194.176.73.128 – 194.176.73.159
217.22.154.201 – 217.22.154.206
217.22.159.225 – 217.22.159.238

Please do NOT just open up access to your SMTP server to anyone; there’s a high chance that your server may be used to send or relay spam if you do.

Tagged: