Mandrill

Mandrill

Mandrill is a transactional email delivery service operated by Mailchimp. It provides an API for sending automated emails such as password resets, order confirmations, and notifications. Its browser-side presence is minimal, limited to tracking pixels embedded in delivered emails that report open rates.

Back to Vendor Library

Overview

Mandrill is the transactional email API operated by Mailchimp (Intuit), designed for high-volume sending of automated, triggered emails: password reset notifications, order confirmations, account alerts, and shipping updates. Mandrill provides deliverability infrastructure, template rendering, and sending analytics for application-triggered email flows. Its browser-side presence is limited to open-tracking pixels embedded in delivered emails.

What This Script Does

Mandrill operates server-side (API calls from the application backend to Mandrill's SMTP/API endpoint). Its direct impact on end-user browsers is limited to:

Email tracking pixels:

  • When Mandrill's open tracking feature is enabled, delivered emails contain a 1×1 tracking pixel loaded from mandrillapp.com or a custom tracking domain
  • When the recipient opens the email, their client loads the pixel, which logs the open event (timestamp, IP address, and user agent) in Mandrill's delivery analytics
  • Mandrill records this data for email deliverability analytics accessible to the sending application operator

Click tracking (if enabled):

  • Links in Mandrill emails may be wrapped in tracked redirect URLs
  • When a recipient clicks a link, the request is logged by Mandrill and then redirected to the original destination

No browser-side scripts are embedded on third-party websites by Mandrill. The tracking described above occurs in email clients, not web browsers navigating to your site.

Consent & Compliance

  • Consent Category: Essential
  • GDPR/ePrivacy: Transactional emails (password resets, order confirmations) are essential communications; their delivery is lawful under GDPR Article 6(1)(b). The open-tracking pixel in transactional emails is a gray area — ePrivacy cookie rules apply to browser storage, not email clients, but GDPR still requires a lawful basis for collecting IP and device data via pixel. For transactional emails, this is generally accepted under legitimate interest for delivery analytics.
  • CCPA: IP address and device data from email open tracking is personal information. Mandrill acts as a service provider for transactional email sending.

Should You Block This Without Consent?

No. Mandrill delivers transactional emails essential to site operation (account creation confirmations, password resets, order notifications). There is nothing to block at the website level — Mandrill does not embed scripts on web pages. Review your Mandrill account settings to configure open-tracking behavior that aligns with your privacy commitments for email recipients.

Visit website

Consent Categories

Essential

Also Known As

mandrillmandrill mailchimptransactional email apimandrill smtpmandrill consent

Industries

Computers Electronics and TechnologyProgramming and Developer SoftwareBusiness and Consumer ServicesHeavy Industry and Engineering

Tracked Domains (1)

mandrill.comEssential

Frequently Asked Questions

Is consent required for Mandrill on my website?

No. Mandrill is categorized as essential. It is a transactional email delivery API used for password resets, order confirmations, and system notifications. These are essential communications that do not require cookie consent under GDPR or ePrivacy.

What does Mandrill track in emails?

Mandrill embeds tracking pixels in delivered emails that report open rates and click events back to Mailchimp. These pixels fire when a recipient opens an email, not when they visit your website. Its browser-side presence on websites is minimal to none.

How does ConsentStack handle Mandrill?

ConsentStack classifies Mandrill as essential since it delivers transactional emails critical to site operation. No browser-side Mandrill scripts are blocked regardless of consent state. Email-level open tracking pixels are outside the scope of website consent management tools like ConsentStack.

Related Vendors

Firebase
Firebase
Firebase is Google's mobile and web application development platform offering authentication, real-time database, cloud functions, and analytics. Web SDK scripts initialize Firebase services and may track app events via Firebase Analytics, which is powered by Google Analytics 4. Widely used in single-page apps and PWAs for backend infrastructure and usage tracking.
Google
Google
Google is the dominant provider of web analytics, advertising, and infrastructure tools. Scripts like Google Analytics, Tag Manager, Ads, and reCAPTCHA collect behavioral data, manage tag firing, serve targeted ads, and detect bots. Sets persistent cookies to track users and correlate activity across sites.
Google Tag Manager
Google Tag Manager
Google Tag Manager is a tag management system that lets marketers deploy and update analytics and marketing scripts without code changes. The GTM container script loads synchronously in the page head and injects configured tags, triggers, and variables on behalf of other vendors. No data collection of its own — acts as a loader for other scripts.
Google Fonts
Google Fonts
Google Fonts is a free font hosting service that serves hundreds of typeface families via a global CDN. Stylesheets and font files load from fonts.googleapis.com and fonts.gstatic.com to deliver web fonts to visitors. No advertising or tracking functionality is included.
reCAPTCHA
reCAPTCHA
Google reCAPTCHA is a bot detection and spam prevention service protecting web forms, login pages, and checkout flows. Scripts analyze user behavior, mouse movements, and browser fingerprints to distinguish humans from bots. The invisible reCAPTCHA v3 scores interactions without requiring user challenges.
Sign in with Google
Sign in with Google
Sign in with Google is an OAuth-based authentication service that enables users to log into websites using their Google account credentials. Scripts load the Google Identity Services library, display sign-in buttons, and handle token exchange for secure authentication. Stores session tokens and authentication cookies to maintain login state across page visits.

Manage consent for Mandrill

ConsentStack automatically detects and manages Mandrill trackers so your site stays compliant with global privacy regulations.

Get started