Rails, Mandrill, and Blind Carbon Copy (BCC) Published July 05, 2016

Don't make the same mistake I did.

Recently, I created a application-wide newsletter system for a Rails project that I've been working on. The mailer was supposed to send a single email out to Mandrill with every user's email address in the BCC field. By doing this, I'd hoped to get some nice performance on my end by lumping everything into a single request while simultaneously protecting everyone's private email addresses since BCC is supposed to conceal each person's email address from everyone else.

Unfortunately, Mandrill doesn't work that way.

After sending the email out to Mandrill, I discovered that Mandrill decided to move every address in the BCC field to the TO field, and then send out emails to my users in batches of 10. This resulted in every user's email being shared with 9 other users, without their consent. I try to always take privacy seriously, so this was a disaster on my end. I thought I'd botched the mailer config or something. After some frantic Googling, I eventually found this buried in Mandrill's documentation:

If you send to more than one recipient at a time and want all recipients to see each other recipient's information, use the X-MC-PreserveRecipients header. Recipients will be able to reply-all and see other recipient information if this is set to true. If it's set to false, Mandrill will rewrite the To and Cc headers for your email and only show information about an individual recipient.

What? Why? I don't yet understand why Mandrill requires an extra header to protect recipients' email addresses, but OK...

So if you need to send out a bulk email through Mandrill without compromising the privacy of your users, make sure to include the X-MC-PreserveRecipients header. An example Rails mailer might look something like this:

class NewsletterMailer < ActionMailer::Base
  default "X-MC-PreserveRecipients" => "false"

  def newsletter_email(...)

Mandrill has been great otherwise, but this left a sour taste in my mouth... So anyway, if you care about your users' privacy, don't screw it up like me.