Allow email from Employee Advocacy IP addresses
Employee Advocacy uses Mailchimp's transactional email service called Mandrill.
Mandrill uses a shared IP address pool to help with email deliverability. This can make it difficult when you try to allow email from Employee Advocacy by targeting allowed IP addresses. Instead, your IT team can allow the entire range of Mandrill IP Addresses.
It is possible to allow ALL Mandrill IPs. Though it's not expected to change often (hardly ever in Employee Advocacy's experience),
You can view the current list of Mandrill IPs via the SPF record at any time:
dig TXT spf.mandrillapp.com:
v=spf1 ip4:188.8.131.52/24 ip4:184.108.40.206/22 ip4:220.127.116.11/23 ip4:18.104.22.168/24 ip4:22.214.171.124/23 ip4:126.96.36.199/25 ip4:188.8.131.52/25 ip4:184.108.40.206/23 ip4:220.127.116.11/24 ip4:18.104.22.168/24 ip4:22.214.171.124/23 ip4:126.96.36.199/24 ~all
Each of the IP4s listed is a range that is could be used for sending. These are not individual IPs, but actually IP ranges. That means each listed IP4 (i.e. 188.8.131.52/23) actually contains many hundreds of individual IP addresses.
For example, the IP address 184.108.40.206 is available in the range and can span all IP addresses between
220.127.116.11 - 18.104.22.168
The range 22.214.171.124/23 should correspond to the individual IP 126.96.36.199. These are broken down into two easily recognizable sub ranges:
188.8.131.52 up to 184.108.40.206 -AND- 220.127.116.11 up to 18.104.22.168
You can use a tool like https://tehnoblog.org/ip-tools/ip-address-aggregator/ to see exactly what IPs are included in the IP4 range based on the Mandrill SPF record. If you enter the entire CIDR range (22.214.171.124/23) and click Range, you get this result: https://d.pr/i/DAZvIe
The formatting of these servers would include the last parts of the IP address (in this case 137-25) and the specific mail server that IP corresponds to (in this case atl71).