Bambu using bad trackers !?

Usually I don’t bother with the Email notifications and I check the forum directly.
Today I just clicked on “Visit topic” in the Email to see my threat protection kicking in badly. is the culprit in question and seems to be well known for stealing private data from users.
From their website we get this:
What is Mandrill?

Mandrill is a paid Mailchimp add-on, and allows clients to send one-to-one transactional emails triggered by user actions, like requesting a password or placing an order. They’re powerful touchpoints between you and your customers, so we’ve made it easier to make the most of them.

Unlike a normal re-director Mandrill is ‘flexible’ and can be configured in full by the paying user, in this case Bambu.
What makes using this service so concerning is how it works…
For starters Bambu uses exactly what any scammer would use - crypted links following a link to some unknown website.
While the crypted part works fine without the Mandrill part and lands you on the correct forum page there is no way of knowing HOW you landed there.
With the crypted part also containing user log in details any ‘man in the middle’ can take an advantage here…

Checking Mandrill reveals it is a legit service but also a ton of really bad feedback, especially in terms of user data being stolen and abused.
Can Bambu please explain why such a dubious service is used instead of something users can TRUST ?

Mandrill is part of Mailchimp which is a transactional email service which is used by 1000’s and 10,000’s of companies. So you’re always going to find some bad reviews here and there.

End of day they are just an email marketing/sending service, it’s down to how the company that uses the services treats and manages the emails/data they collect.

Mailchimp is part of the wider INTUIT business which also own’s QuickBooks/TurboTax which is a huge and worldwide known finance accounting and book keeping software used by a huge amount of companies in a heavily audited space. So they are using a well known email service, and not some random unheard of supplier.

And the links in emails will be click tracking, again a standard part of a marketing email service like MailChimp to monitor thing’s like open rates of emails and so on. And pretty much a common occurrence for any forum/website software sending outbound emails via a proper service instead of just using a self hosted SMTP Relay.

1 Like

All I can say is that Malwarebytes and my VPN block their Email links in the Bambu ones for the forum…
And neither of them has any issues with other redirectors used in Emails I get.
Just saying…