Enter your idea

The desktop version of Sage, Quickbooks or others usually use a MAPI connection or plugin with outlook on the computer to send emails, some can be configured with SMTP, but it’s been years since I’ve used the desktop versions of the software.

@Perry yes, online. I don't know much about the desktop version but I would assume that would mail through the user's mail account directly/use on-prem servers for relay and therefore benefit from the domain authenticity of that set up.

"I recently moved away from QuickBooks which, incidentally, has the same limitation."

Was that QBO? We used Quickbooks Pro Desktop for 20 years and starting probably 10 years ago they implemented this in the desktop version.

@Perry You said:

"The best solution is for Xero to finally deal with this most basic of user requirements. It's an industry standard and DKIM/SPF support is necessary, now. It's simply not that hard to implement."

Absolutely agree.

As a cyber security consultant, a key part of my role is helping businesses, large and small, improve their email security posture. I routinely advise them on identifying phishing attempts, securing their email domains, and implementing SPF, DKIM, and DMARC properly, especially when adopting complex SaaS platforms.

Then we send them an invoice via Xero - and it arrives from a generic mailer. More often than not, we hear that it wasn’t received, was flagged as suspicious, or ended up quarantined by their mail filters. It undermines our credibility. We look like we’re not following our own advice.

This issue is especially relevant to me now. I recently moved away from QuickBooks which, incidentally, has the same limitation. Furthermore, with the loss of my commercial director (who had a more 'old school' way of working), I’ve been focused on streamlining operations and getting the most out of Xero.

So yes, this is a significant matter. Fortunately, I have the technical expertise to implement a workaround in the short term. But I want to... no, I expect to.... see Xero address this with urgency.

@Perry, I can look at implementing SMTP, this won’t be till next week. It should be a relatively simple fix to test.

The web app I’ve written does not rely on outlook, it’s currently configured to use Microsoft 365 as that’s what my business uses.

I would like to see the project working with as many email providers as possible so it benefits the community.

I totally agree that the best solution would be for Xero to configure their SaaS product to be compliant with industry standards.
DKIM and SPF are great, and most SaaS solutions offer this as standard and have done for years.

While this approach is an interesting one (Marc's setup on Github), it assumes you're using Outlook. We are not, and I suspect a lot of people are not. In our case, our mail is handled by our web host, where we have a dedicated server. So even doing it with google support isn't useful in that case.

The best solution is for Xero to finally deal with this most basic of user requirements. It's an industry standard and DKIM/SPF support is necessary, now. It's simply not that hard to implement.

@Marc I've just followed you on GitHub, took a clone of the repo and done a quick scan of the code. Without testing it, looks okay to me on initial pass. I'll review it with my team next few days and have a go at implementing in our MS tenant.

I've got some further ideas to assist with deployment, pre-req checks etc. Will share feedback/contribute via GitHub.

Perhaps the Xero development team could take note....

@Jonathan Fortin
Oh so more people have this issue, they acted as if im the only one
I have raised this issue several times with Xero since launching the new invoicing that our customers are not receiving the invoices.
Long term customers that have always received it. But Xero keeps pushing for a call to waste my time instead of fixing their **** show behind their screen that they created with the changes they made.
I told them several times i am not a beta tester and i refuse to troubleshoot with them over the phone wasting my valuable time while they dont even listen to any users here on the forum, we never asked a new invoicing and the millions of bugs that came with it

Technically it doesn't handle any data as it relies completely on Xero sending a webhook to the webapp (either a website or virtual directory on an existing website), then it communicates with Xero on a very restricted set of claims to get the PDF of the invoice and email it as an attachment along with the link to it on the Xero platform.

It then sends it out via your email (this is the biggest pain point we all have with Xero), it even sends invoice reminders.

I would love feedback from anyone once they have conducted a security audit on it.

@Marc & @Adam

Since Xero doesn’t seem to care about this basic feature, I’m really interested in what you’re doing. We run a marketing agency, and I’m so tired of clients saying they never got the invoice or statement.

Was thinking about automating something through N8N or Zapier but that would be better.

Yeah, we’d need a security audit for this since it’s going to handle sensitive data.

@Adam, I've just sent an email, but its bounced back.

I have pushed the code to a public repo for anyone that would like to use it.
https://github.com/MarcBanyard/XeroMailerWeb

The compiled code is available here
https://github.com/MarcBanyard/XeroMailerWeb/releases/download/v1.0.0/XeroMailerWeb.v1.0.0.zip

I'm happy to help get Google Workspace or Google Enterprise working with it, I didn't implement it as I didn't have an account to test with and don't use it personally.

If you are able to, please contribute to the code on GitHub.

If anyone would like to *********** test the code, it would be amazing if you could share the results with the community as this will help us all which is why I released the code to the public for free.

@Marc Banyard

I'm interested in this project as both a user and contributor. I run a cyber sec business so I have access to resources that may be useful. You can contact me via the following temp email address: metals.pulleys_8y@icloud.com

It is absolutely possible to implement this with Google, either Workspace, or Free. We already do it on a very small scale, where we email scanned documents directly from our Canon photocopier.

All you have to do is create a security key for your Google workspace account, and use it when you configure the pop and IMAP settings in the 3rd party app, in this case, Xero.

Very easy and still secure.

I see your concern about this, I'm releasing the solution and source code free of charge if anyone wants to try it.

I'm a CTO & CISO and have extensive experience in IT Security, Cyber Security and Software Development.

I wanted to write this to solve my issue, but also wrote it knowing I wanted to give it out free of charge to the community to solve their issue as well.

Anyone who would like to talk about it please reach out and I will be more than happy to run through it with you so you can trial it with a test Xero company and a test M365 environment so put your mind at rest.

If there is anyone else out there who has software knowledge, cyber security knowledge or would like to perform *********** and security testing on the source or compiled code, please let me know as I welcome that as it will help all of us in the community.

I've done my bit by writing the software to solve the issue we are all having because Xero are not interested in implementing it.
It would be great to have other Xero users use it to solve their issue as well, it would be even better to get others to look at the code and see if there are any bits that can be improved or developed further.

Finally it would be great if a cyber security company can test it to confirm its all OK as this will help put everyone's minds at rest.

There is absolutely no way anybody should be putting their financial information through a free email app. Anybody could then harvest your invoice details and use it for scams

Since the topic has quite a bit of traction today, would any of you like to try the web app I wrote to solve the issue we are all experiencing?

Its free, so I'm not trying to generate revenue from this like others have!

I wrote it to solve the issue as Xero have no plans of implementing this as its been an outstanding issue for years now!

The process is straightforward. Anyone interested in using it will need to have Microsoft 365 (business, not personal). While I still need to write the web server setup guide, the setup for Xero and M365 is already complete. The setup is simple, and I've reviewed the AI-generated code thoroughly; everything looks fine (I have extensive experience with open-source projects).

I used AI to create the software to test its feasibility and effectiveness. As with all software, there are no guarantees it will be bug-free (please refer to any software's terms and conditions). However, after extensive testing, I am confident enough to release it to the community and I'm using it myself to send out all invoices and automatic reminders.

To give you some background you will need a Hosting Space with .NET Core 8 (.Net 8) for the mini web app to work, this can be a subdomain or as a virtual directory on your main website.

There is no UI to configure settings as its all triggered with API calls from Xero to trigger the system to request the invoice and email it out via your Microsoft 365 App Registration using a Shared or User mailbox.

Lol their priority was years of investing in a new invoicing nobody asked for, postponing it because of sooooo many bugs which are still visible.
But recurring invoicing and billing are still the same........................"priorities"

@Richard Fincher - spot on.

Up to a certain point in time, a successful startup tries to please their customers. After that point, they try to please their shareholders and investors. After that point, they start preparing the company for sale to a billionaire buyer. You know they've reached this point when you start to see their logo on sport-team shirts, as happened with TeamViewer.

This functionality is not a feature or an enhancement, it’s a basic function of any system that purports to be secure in today’s SaaS market.

Based on the amount of time this is taking, I can only surmise that that Xero’s development team are overstretched and being told to concentrate on coding items that increase revenue. Please Xero, keep your existing customer base happy and less likely to migrate to something else. The response of “We are looking into this and have other priorities” is standard corporate rhetoric, the effect of which is to kick the can down the road and get it off of someone’s desk for a while.

If other companies are making money by selling solutions to gaps in your product, it’s an opportunity for you.