Enter your idea

Up to a certain point in time, a successful startup tries to please their customers. After that point, they try to please their shareholders and investors. After that point, they start preparing the company for sale to a billionaire buyer. You know they've reached this point when you start to see their logo on sport-team shirts, as happened with TeamViewer.

This functionality is not a feature or an enhancement, it’s a basic function of any system that purports to be secure in today’s SaaS market.

Based on the amount of time this is taking, I can only surmise that that Xero’s development team are overstretched and being told to concentrate on coding items that increase revenue. Please Xero, keep your existing customer base happy and less likely to migrate to something else. The response of “We are looking into this and have other priorities” is standard corporate rhetoric, the effect of which is to kick the can down the road and get it off of someone’s desk for a while.

If other companies are making money by selling solutions to gaps in your product, it’s an opportunity for you.

"so, everyone with a gmail, outlook etc account would, do what ?
and yes, there are plenty of businesses that use those services."

The solution here is for Xero to offer the correct way to send emails through the customer's domain using established, industry standard methods, so that invoices that are currently getting flagged as spam or outright blocked because of abuse of post.xero.com by scammers, will get through.

If you're running your business with a gmail address, then you just keep sending it the way you are and take the risk. But the option has to be there for people who care about unhindered communication with their customers through Xero.

Sorry, Didn't see the "Optionally" part of the idea. You are right, you can't lower your standards.

"everyone with a gmail, outlook etc account would, do what" - Simply not turn the feature on? We cant lower our standards to the least capable people using the system. If they cant figure out simply not to turn the feature on then maybe they should not be using the system at all

so, everyone with a gmail, outlook etc account would, do what ?
and yes, there are plenty of businesses that use those services.

Anything in business is difficult if you don't know how, that doesnt mean the option should not be open for companies who have even the most basic competent IT person (its not a hard task).

We are a small cyber security company and we see fraud / spam from xero almost weekly.

Regarding "Sending emails from a cloud environment as another domain would require permissions being granted to xero that many network administrators would find difficult to agree to."

I am a consultant CISO. I can tell you this is standard practice. As organisations move to SaaS platforms, this is exactly what network administrators should support, particularly with the correct use of DKIM and DMARC. In fact, it's MORE secure.

@Andrew Syme: No permissions need to be granted to Xero to make this work. Organisations just need to add the relevant records to their DNS (once implemented by Xero). All control remains with the domain (DNS) owner.

This is standard practice across all good Sass apps.

Sending emails from a cloud environment as another domain would require permissions being granted to xero that many network administrators would find difficult to agree to.

I've just found out today that some of my clients automatically block mail from message-service@post.xero.com because of phishing/spoofing attacks. And as a result our invoices and quotes have not been delivered. This suggestion goes bat to 2013. That's TWELVE years ago.

So the idea is accepted. And what? That's it? Xero accept the problem. Thanks. Come on. This is a FUNDAMENTAL requirement in 2025.

I can imagine why this is not implemented yet.... .. a lot of small businesses, solo traders, etc., may not have the technical capability to deal with domain integrations/DMARC/SPF/DKIM and because of that, XERO backs away given the support implications would be too heavy to deal with.

Using our own domain, with SPF/DKIM when sending really needs to be implemented.

We've had months of client's invoices not being received or put into spam without us knowing, only when we chased missing payments did we find this out was the norm. Severly affected our cashflow as you can imagine.

We've given up sending any correspondence through Xero now and had to resort to printing the invoice or statement as a PDF then manually emailing it, then marking it as send in Xero. Made a big difference to our cashflow, but also costs us a few more hours each week in manual work, not helpful.

We face constant issues getting invoice emails seen by our clients. This is not a huge undertaking. Most outfits are used to adding SPF/DKIM records for things like Shopify, Zendesk, and other platforms that have supported this for some time. This is the only platform in our stack that forces email from a domain other than ours. We will HAPPILY beta test this if you decide to implement it.

The requirement is slightly different - people want to connect their domains, not just send from their own email.

Emails sent from the Xero domain are not properly identified and therefore likely to be treated as spam by the large platforms (Google, Microsoft).

It concerns me that Xero doesn't appear to understand the requirement fully, let alone recognise the priority that needs to be given to it.

I guess they are concentrating their "development" efforts on popular sounding (but useless) features like Jax they can use as argument to increase prices by 10% every three months... It's time a competitor enters the market to shake up the duopoly of Quickbooks & Xero... they lost every incentive for innovation. Just milking customers.

It's a joke that every startup dashboard/client portal/B2B app around can support this as table stakes, yet a mature accounting product can't figure it out in 12 years. This should be embarrassing for you.

Hi @Kelly Munro, is there somewhere we, as users, are able to see the ideas that are in progress and on the backlog?

There are a number of critical requirements that I follow which don't appear to have been prioritised and that cause much frustration with users. Maybe if we had visibility of the priorities it would help.

I know from my perspective I would have prioritised, this, the user roles, mass deletion of unused contacts and multiple email addresses for contacts above the AI functionality that has been added.

Clearly it's more important to spend their developer time on features like this "JAX" icon which has appeared, which nobody asked for and I suspect few people want. That way they can say "we've got AI".

Why has this still not been addressed? It is really unprofessional and is a security issue to not have this capability.

This is still desperately needed.