Discussion in 'Android Devices' started by AndyRoydt, Aug 22, 2017.
I got an email from mandrillapp.com...androidforums. Is this for real?
Mandrill is a transactional emailproduct from the people who brought you MailChimp. Mandrill is designed to help applications or websites that need to send transactional email like password resets, order confirmations, and welcome messages. Technically, though, you can send any legal, non-spam emails through Mandrill.
Yes, we use this Sorry just spotted the thread.
Mandrillapp might be a legitimate app, but it is very disturbing when you put the mouse over "View This Thread" or any other link in the email and you see a link that says https://mandrillapp.com/track/click/...
Needless to say, regardless of reassurances given even by administrators, most security conscious people will NOT click on it, and even the most reckeless people when most antimalware software will flag the email as "This message may be a scam".
I strongly suggest changing at least the email's links to go straight to androidforums.com.
Well, I'm not entirely sure I agree, mandrillapp is used by a large number of forums and other sites sending out newsletters, they sure will miss out on a lot! Security conscious people will hopefully do a little research or ask the administrators - and believe them.
Mandrilapp might be used by *a large number* of forums (although after decades of working in various areas of IT this is the first time I hear of it), but relying on it for sending mail isn't what will set the security conscious on "alert mode".
What is truly troubling is that the links included in the emails point to the Mandrilapp servers, instead of pointing to the forums directly. It is completely unnecessary and the only purpose for doing such a thing is for the Mandrilapp people to do some kind of tracking of who responds to their emails.
It is a standard security practice to never click on a link that is not from someone you know and trust, and absolutely never when the link is different from the location that you are going to.
In the case of Android Forum's emails, instead of going directly to the threat at androidforums.com/threads/... the "View this Thread" link points to mandrilapp.com/track/.../androidforums.com/... which is exactly the kind of link that the best security practices say "never click!!!"
After researching, it is not a problem for me. I just hit delete on the email client, fire up my browser manually and go to androidforums.com where the alerts send me straight to the thread. Clunky, but secure, and does not require the risk of exposing myself to a 3rd parties or believing the "trust me it's safe" words, the same words used by every scammer in the world.
Most people nowadays (technically savvy or not) follow the standard practices, but many of them won't bother looking for alternative ways of making good use of those emails. My suggestion to change the links you include in emails is simply to help you avoid negative perceptions.
Yes, yes the purpose OF mandrillapp and mailchimp (now one in the same) IS for the analytics, a/b testing, newsletters and transnational delivery. Thanks to them, we have had improved delivery AND open/return rate - so I'm not entirely sure I would agree with all your thoughts but - I hear you. I work in information security outside of AF as well, I'm conscious of this stuff as well. It, just like everything else, was just a matter of determining the risk of letting them deliver vs us deliver on our own, and we have chosen to accept this route. I am not worried about us or this company being scammers
But that's cool, you can use your work around and perhaps others who are concerned will see this post and follow your lead, I'm completely good with that!
Btw, neither of us have heard of them in our decades of IT work because the project launched in 2012.