Recently, MailChimp announced that Mandrill is becoming a transactional email add-on to their paid MailChimp accounts instead of a completely separate product. Mandrill was created by MailChimp over four years ago as a transactional email service separate from their standard email service that so many enjoy. After having years of success with their Mandrill service, MailChimp has seen the need to change the scope of their service to focus more on delivering personalized content instead of the other services that Mandrill currently offers. By focusing on delivering customized content MailChimp is doing what they do best.

With this fundamental change in service from Mandrill and MailChimp, current customers need to take action. Current users are encouraged to merge their existing Mandrill account with a MailChimp account. Customers will have until April 27th to complete an account merge. Read Mandrill’s blog on the announcement to learn more. For new users wanting to use the Mandrill service you will be required to create an account through MailChimp. If you are interested in checking out some of the other services out there, review Patheon’s blog Mandrill Alternatives for WordPress and Drupal.

For businesses using 3rd party services like Mandrill or SendGrid to stay connected to their customers, it is important to make sure that their information is secure. These services help you stay connected to your customers but they also have a security threat inherent in the way they operate. That’s because they rely on an Application Program Interface (API), and its accompanying password to secure access between your site and the service provider.

The API key gets shared to many parties in completion of sending email. Whether it’s to configure, change, modify or delete email actions linked to your site, developers or agencies must access your API keys, which are found in the coding of your website. In short, you cannot effectively use your email service without giving out your API key. Requiring a security key for email access is a basic level of security, but when these keys are shared broadly your account is not secure.

Because of this, someone could gain access to your API key and send out any email they wish directly from your account. Your customers would not be able to discern the difference between your real emails and emails sent from someone that hacked your account because they are both sent from an authentic source. This provides a significant risk to your customers and more importantly your brand.

Using an API key alone offers very little security to prevent this sort of breach, but pairing the API key with a modern API key management service can greatly increases security. With the right mechanisms in place you can avoid any potential security breach, and alert you to those breaches that do happen in real-time. This approach dramatically limits the amount of risk that your brand is exposed to.


Lockr is the first hosted API & encryption key management platform for modern content management systems like Drupal and WordPress. Lockr works by providing an affordable solution to properly manage access and API keys for your email campaigns.

Lockr provides a secure environment by removing the API keys from your code or database, encrypting them and storing them safely off your website. With this secure approach, the exposure to potential risk from a compromised site is virtually eliminated. Lockr also knows which environment your site is in, making production keys unavailable for use. Lockr makes key management easy.

Lockr is available to all service levels on Pantheon, and is expanding their service to other hosting providers. If you are a current Pantheon customer or thinking about making a switch to a new hosting company, consider how Lockr can help increase your security online and how it can also reduce your exposure to risk for your brand and customers.


We are offering free development time to integrate the Lockr service with your new email service provider. By choosing to incorporate Lockr, you can have the added peace of mind knowing that your customer data is secure. Send us an email at and we’ll help get you set up.

Leave a Comment