Enter your idea

We are still experiencing a high volume of invoices and quotes not reaching our customers due to their servers automatically marking xero invoices as spam! It is getting really inconvenient particularly when customers accept a quote but the email is not sent to us - they think they have made an order and sometime down the road realise they havent.
We have been looking at quikbooks which doesnt have this issue

The majority of our invoices sent from Xero land in clients' spam folders.

Asking clients to mark @xero.com as a safe sender is not a solution.

Please allow Xero users to specify SMTP details for outgoing mail.

Duty of care liability

Q1 - If a XERO customer loses money through fraud that is attributable to lax security in their financial product, can they seriously defend a negligence claim ?

I assert that XERO should be as accountable as a bank. The money is not in a bank account that XERO has - but if it is fraudulently taken from an account through lax security provided by XERO, there must be a strong argument that they do have a defacto duty of care as the intermediary.

There are public records on XERO website going back 10 years with many customers nearly raging at this security issue and how easy it is to fix. Most of the companies I also engage with have this feature, so it's a no-brainer really.

The world is a nightmare for security with hackers trying to insert them in all parts of the business chain. XERO has passwords (standard) and 2FA (standard) but no SMPT AUTH emails (standard for others).

Maybe a lawyer or two could chip in here as to the liability ramifications if a customer does everything right and unauthenticated (easily phished) emails are the cause of a supply chain attack where someone loses a million dollars.

I recently chased this as high as I could go through XERO staff and were told that "this is not even on a roadmap for developments but we can leave a +1 in the comments section if we like". It's at 102 now, maybe next year it'll get to a number high enough to notice.

Food for thought.

We've used Quickbooks for 20+ years and just switched to Xero. I'm kind of floored that I can't sent invoices through our mail server. This is basic stuff - please make it so that the user can use their own SMTP server (authenticated) for outgoing emails. I sent 5 invoices out today and just found out that 2 were filtered to spam. That's not good.

About 80% of our invoices are paid late. Xero admitted this fact by doing the "Get paid on time" challenge recently. Instead of wasting time on something that will have little effect or no effect at all, perhaps it would be better to analyse the root causes of this issue.

Most of our clients don't take seriously emails that are coming from a different address, some just ignore them thinking it's a scam or some never saw them because they were marked as spam.

So, Xero, perhaps 10 years is enough to keep silent and you can finally start working on tools your clients desperately need.

We recently tested QuickBooks and seriously considering switching to them. I'm not saying they don't have any issues, but their subscription is much cheaper, so we'll get more value for our buck.

This is vital for our client delivery and security.

Indeed. As all invoices for every Xero customer come from the same email address, it only takes someone flagging some *other* company's invoices / statements as 'spam', and they have inadvertently flagged ALL incomng invoices from ALL Xero customers as spam as well.

Note to Xero technical team : I'm aware that there are some technical challenges in implementing this properly, including the need not to generate a tsunami of customer support tickets, but I am an expert in this field, and I have a number of ideas how you can address this issue without it turning into a customer-support desk nightmare.

This is severely needed.

We have some senders that never even get our invoices. The deliverability from the default address is terrible.

Xero just don't get it, do they?

How about we explain it this way:
"From now on Xero, all of *your* monthly service invoices will be sent out not from an @xero.com email address, but from message-service@room101.co.uk (ie a random-looking email address) Would your head of marketing/branding be OK with this? Would your head of credit control be OK with the drop in prompt payments caused by this? Would your head of customer support be OK with the huge increase volume of trouble-tickets this would generate? Would your shareholders be OK with the increase in debtors ledger, bad debts and annual write-downs of uncollectible historical invoices caused by this?

This issue is still of critical importance to time efficiency and the professionalism of our business. Please respond Xero

Here we go again and still XERO REMAINS SILENT!

How much longer before this issue is addressed?
Yet more emails going into spam and replies to ones our clients do receive not getting to us because their systems do not use the reply to address.

As a consequence we frequently see very late responses being received along the lines of this latest one the text of which reads.....

Morning All, I’ve just picked this email up from my Junk Folder in outlook
I think that the original will have been in there also, and I may have inadvertently deleted it along with the invoice – Sorry!
Can you arrange to pay *** asap, I can confirm the order agreed was .....

It is hard enough securing the work in the first place and having to continuously chase clients when invoices, statements sent from message-service@post.xero.com as opposed to our own dedicated email address is very time consuming.

Come on Xero, at least provide us with an indication as to whether you have any intention of addressing this issue please and, if so, the likely timescale.

This needs to be fixed – at the end of month when sending out invoices I can guarantee that at least a couple will not reach their destination. It is not until the following month when contacting late payers that we discover they never received the invoice!

We then have the extra time it takes to download the invoice or send it to ourselves, then resend out from our domain!

This shouldn't be a problem for Xero to fix...please!

Whilst workarounds maybe possible, considering the amount Xero charge for subscriptions they should delay no longer and simply fix this issue. We do not even get alerts when our clients try to reply to the wrong address. This is simply wrong and should have been sorted long ago.

This is a big issue and is stopping some invoices from getting through

Please give us an update

UPDATE - I have solved this with an imperfect method, that works fine. We had a case with XERO that went nowhere as they have NO plan to implement authenticated SMTP mail.

Here's our solution:

In our Micrsoft365 tenant for our domain.com.au I've create a shared mailbox called xero@mydomain.com.au with an alias per customer as customername@mydomain.com.au. I then alter every customer email in XERO from their real email address to the new customername@mydomain.com.au and all invoices generated now come into the Shared Mailbox where a rule bounces a copy to their real email address.

Now they all go out from my fully authenticated 2FA complaint domain even with my server generated footer via CodeTwo. Yep, some admin involved for sure but now I am in control and even get send/receive receipts.

The accounts department love it as now customers can reply with queries also and there is not a noreply@ email. All the invoices are in one spot with time-tracking for an audit if we need. In setup terms this took a day of IT tech time (to get the bulk of current customers on) to implement this, and then each new customer needs to be onboarded into 365 as an alias to the shared mail box then bounced to their real address (15 min setup). We are happy to take this extra time as we ended up with a simple system that really has good 'other' benefits too on top of fully authenticated email originating from our domain name.

Maybe others may also see value in this.

This is a big issue that is stopping lots of businesses from getting paid.

Everyone here is right and not being able to send authenticated mail from your own domain is plain wrong.

Richard F has the right approach - fix it!! I too know all about how this is to be achieved and it'd cost XERO a days consult... so it is not money that is the issue.

I'm thinking this is likely just planned marketing, as every email has XERO on it and it is a strategy to get more customers.

Marketing vs. Security..... hmmmmmmm

I know this feature has been asked for a lot, as I see it all the time on Xero forums. Businesses ought to be able to use Xero to send their invoices out by email Using Their Own Domain Name, and not from an @post.xero.com email address. Now I realise that this is actually a very complicated request, because it needs to be setup just right otherwise poor delivery (ie the percentage of emails which get to people's main inboxes) will be the result. But I already have poor delivery of emailed invoices from Xero - there are multiple customers of mine who have never seen one of my invoices! The invoices are sent out just like those to my other customers, but they never get them. Also, because all Xero customers' emails come from @post.xero.com, it only takes someone to click "Spam" on invoices from one company, and suddenly they have blacklisted invoices from ALL businesses that use Xero.

To be clear, this isn't a complaint, this is an opportunity. I am a DNS and Email Deliverability expert, and I would love to work with your product development team to help you roll out an optional feature where any Xero business can reliably send out their emails from Xero, using their own domain name, and therefore achieve higher deliverability. It will also be easier for them to detect fraudulent fake emailed invoices, which coupled with "BACS Push Payment Fraud" (Google this?) will help you help your customers to avoid being scammed. This kind of Fraud has exploded in the UK in recent years.

Add an option for us to add a company email address to send from within the system using user name/password authentication. This could be from a system such as Microsoft 365. This could be an integration with a company's Microsoft 365 system.

Unfortunately and for some reason only known to the Xero development team the email sender address is still not appearing as coming from my user account name??
The only solution for me is to NEVER trust the email option on Xero. I either email doc to my own company email account and forward on or download the doc to desktop and email from my company email account to guarantee communications aren't lost.