Enter your idea

"so, everyone with a gmail, outlook etc account would, do what ?
and yes, there are plenty of businesses that use those services."

The solution here is for Xero to offer the correct way to send emails through the customer's domain using established, industry standard methods, so that invoices that are currently getting flagged as spam or outright blocked because of abuse of post.xero.com by scammers, will get through.

If you're running your business with a gmail address, then you just keep sending it the way you are and take the risk. But the option has to be there for people who care about unhindered communication with their customers through Xero.

Sorry, Didn't see the "Optionally" part of the idea. You are right, you can't lower your standards.

"everyone with a gmail, outlook etc account would, do what" - Simply not turn the feature on? We cant lower our standards to the least capable people using the system. If they cant figure out simply not to turn the feature on then maybe they should not be using the system at all

so, everyone with a gmail, outlook etc account would, do what ?
and yes, there are plenty of businesses that use those services.

Anything in business is difficult if you don't know how, that doesnt mean the option should not be open for companies who have even the most basic competent IT person (its not a hard task).

We are a small cyber security company and we see fraud / spam from xero almost weekly.

Regarding "Sending emails from a cloud environment as another domain would require permissions being granted to xero that many network administrators would find difficult to agree to."

I am a consultant CISO. I can tell you this is standard practice. As organisations move to SaaS platforms, this is exactly what network administrators should support, particularly with the correct use of DKIM and DMARC. In fact, it's MORE secure.

@Andrew Syme: No permissions need to be granted to Xero to make this work. Organisations just need to add the relevant records to their DNS (once implemented by Xero). All control remains with the domain (DNS) owner.

This is standard practice across all good Sass apps.

Sending emails from a cloud environment as another domain would require permissions being granted to xero that many network administrators would find difficult to agree to.

I've just found out today that some of my clients automatically block mail from message-service@post.xero.com because of phishing/spoofing attacks. And as a result our invoices and quotes have not been delivered. This suggestion goes bat to 2013. That's TWELVE years ago.

So the idea is accepted. And what? That's it? Xero accept the problem. Thanks. Come on. This is a FUNDAMENTAL requirement in 2025.

I can imagine why this is not implemented yet.... .. a lot of small businesses, solo traders, etc., may not have the technical capability to deal with domain integrations/DMARC/SPF/DKIM and because of that, XERO backs away given the support implications would be too heavy to deal with.

Using our own domain, with SPF/DKIM when sending really needs to be implemented.

We've had months of client's invoices not being received or put into spam without us knowing, only when we chased missing payments did we find this out was the norm. Severly affected our cashflow as you can imagine.

We've given up sending any correspondence through Xero now and had to resort to printing the invoice or statement as a PDF then manually emailing it, then marking it as send in Xero. Made a big difference to our cashflow, but also costs us a few more hours each week in manual work, not helpful.

We face constant issues getting invoice emails seen by our clients. This is not a huge undertaking. Most outfits are used to adding SPF/DKIM records for things like Shopify, Zendesk, and other platforms that have supported this for some time. This is the only platform in our stack that forces email from a domain other than ours. We will HAPPILY beta test this if you decide to implement it.

The requirement is slightly different - people want to connect their domains, not just send from their own email.

Emails sent from the Xero domain are not properly identified and therefore likely to be treated as spam by the large platforms (Google, Microsoft).

It concerns me that Xero doesn't appear to understand the requirement fully, let alone recognise the priority that needs to be given to it.

I guess they are concentrating their "development" efforts on popular sounding (but useless) features like Jax they can use as argument to increase prices by 10% every three months... It's time a competitor enters the market to shake up the duopoly of Quickbooks & Xero... they lost every incentive for innovation. Just milking customers.

It's a joke that every startup dashboard/client portal/B2B app around can support this as table stakes, yet a mature accounting product can't figure it out in 12 years. This should be embarrassing for you.

Hi @Kelly Munro, is there somewhere we, as users, are able to see the ideas that are in progress and on the backlog?

There are a number of critical requirements that I follow which don't appear to have been prioritised and that cause much frustration with users. Maybe if we had visibility of the priorities it would help.

I know from my perspective I would have prioritised, this, the user roles, mass deletion of unused contacts and multiple email addresses for contacts above the AI functionality that has been added.

Clearly it's more important to spend their developer time on features like this "JAX" icon which has appeared, which nobody asked for and I suspect few people want. That way they can say "we've got AI".

Why has this still not been addressed? It is really unprofessional and is a security issue to not have this capability.

This is still desperately needed.

It's surprising that Xero hasn't integrated this feature into their core code, especially since their message-service@post.xero.com email is currently being exploited to send spam with malicious payloads. The code I developed interacts with Xero's API when invoices are authorised. It requests the PDF, attaches it, and includes a link in the email with text that closely resembles the standard Xero template. The email is then sent using an App Registration in your Microsoft 365 tenant.

The process is straightforward. Anyone interested in using it will need to have Microsoft 365 (business, not personal). While I still need to write the web server setup guide, the setup for Xero and M365 is already complete. The setup is simple, and I've reviewed the AI-generated code thoroughly; everything looks fine (I have extensive experience with open-source projects).

I used AI to create the software to test its feasibility and effectiveness. As with all software, there are no guarantees it will be bug-free (please refer to any software's terms and conditions). However, after extensive testing, I am confident enough to release it to the community.

What can be more important than your users avoid their quotes & invoices being caught up in spam filters?

Would you explain exactly what is more important? All I have ever seen is an almost identical load of fluff about some mythical "Other Stuff" being more important