This week we have a couple of features and refinements for increased account security: a new option for two-factor authentication along with new and revised account alerts. We also improved webhooks to handle intermittent errors more gracefully.
SMS Option for Two-Factor Authentication
Last week we added two-factor authentication, using Google Authenticator or YubiKey, as an extra layer of security for logging in to your account. SMS is now available as another two-factor option. You can enable all three options, so you can use SMS as your primary method of two-factor auth or as a backup if you don't have your YubiKey handy.
Enable any of the two-factor auth methods, including SMS, on the Username & Contact Information page of your Mandrill account. After you add your mobile number, we'll send you a code to verify the number. Once it's verified, the next time you log in, you'll be prompted to provide the second factor. For SMS, we'll send a text message with an authorization code to input on the login page.
Currently Mandrill can send SMS notifications to phone numbers in the United States, the United Kingdom, Canada, and some Caribbean islands. And while we doesn't charge for SMS notifications, your wireless provider may have their own charges associated with receiving text messages. More info on setting up multifactor authentication.
New and Revised Alert Types
We've added two new alert types to help you keep tabs on what's happening in your account. First, we've added a User Info Change alert that's enabled by default for all accounts. This alert triggers when sensitive user data changes such as the contact or billing email address, password, or two-factor authorization changes.
Next is the User Logged In alert. This one's pretty straightforward: if someone logs in to your account, we'll send you an alert that tells you someone accessed your account along with the IP address and location. This alert isn't enabled by default but you can configure it on the Alerts page of your Mandrill account.
Finally, we revamped the existing reputation alert (which could notify you of changes in your reputation, up or down, based on a numerical threshold). We got feedback that alert was pretty confusing, vague, and, we had to face it, not helpful. The new alert triggers if your reputation drops to Poor and includes information to help you understand why your reputation has dropped. You'll see a chart of the reputation history for the account to spot any trends, along with some reasons why you may be having problems, like a high bounce rate or high spam complaint rate.
Improved Error Handling for Webhooks
We've modified webhooks to be more resilient to intermittent errors. If a previously-functioning webhook starts failing, we don't want to pile additional load onto it by queueing up more batches, so we stop queuing up additional batches of events until the webhook starts responding successfully. Sometimes, however, a single batch might fail even if the webhook is otherwise fine. To keep a single bad batch from stalling the entire webhook, we've tweaked our backoff logic to only stop sending events once we're confident that the webhook is failing for all new batches.
Even when a webhook is running smoothly, transient errors are a fact of life on the Internet. Mandrill lets you configure an alert to notify you any time a webhook batch fails, and we've improved this alert by making another tweak to our webhook retry logic. This is especially useful if you've hooked our alerts into monitoring, since eliminating alerts that are caused by transient errors help you focus more on the alerts that actually indicate serious problems.