Enter your idea

You can see how this was shut down and misconstrued in the response from Xero here https://productideas.xero.com/forums/939198-for-small-businesses/suggestions/46571656-enable-dkim-to-reduce-sent-emails-from-being-flagg

How hard can it be to add this. Not hard. They just don't care about their customers

Nobody should have to pay extra for this. Sending invoices via email is a basic feature of the application, and something that should just work out of the box without having to work around it with a paid third party solution.

Thanks for that heads-up. After 5 years of trying, I gave up and now use https://www.xeroemail.com/ which is cheap and works perfectly to send out as our domain name. All invoices get through; we get paid more regularly and it has a very positive impact on cashflow and business growth. Akshay at Kalpvaig who make the connector provides awesome support if ever you need it. Again, thanks for your post and I reckon you nailed it on closing tickets. It's either that necessity or company incompetence/negligence to not close pathways for email fraud.

I've been commenting on this post (and others like it) since we switched to Xero about 3 years ago. This is our #1 priority. We recently had another issue that required some interaction with Xero Support, and I want to make a suggestion to all the people who are affected by this:

Xero does not care what's written on the Xero Ideas posts. When you contact their support people they will say "Great Idea, you should post that as a Xero Idea" -- which is where ideas go to die.

I recently had a problem with bank feeds, and found an effective way to get the problem resolved to my satisfaction: I opened a support thread and every single time I had the problem I was trying to get fixed, I sent them a message on that thread letting them know it was still broken. They kept coming back with boilerplate responses (AI?). They called me on the phone and gave me the same excuses. But I persisted and eventually it got fixed.

The support folks need to close out support tickets, and they are (it seems) mandated to respond. So post your SPF/DKIM request to support. Then keep doing it. Ask them to escalate it after a few days (escalate seems to be a magic word).

Squeaky wheel gets the grease. But if there's a concerted effort it may get greased faster.

FWIW, one of our clients has outright bounced all email coming from post.xero.com - which means the invoice we sent them last night was returned. I got a message from Xero that the invoice couldn't be delivered. I talked to the client's IT people and they will not lift the block on post.xero.com because they get a ton of phishing emails now, using that as the return address.

The current situation is unworkable and Xero needs to provide this simple, industry standard fix.

I've been commenting on this post (and others like it) since we switched to Xero about 3 years ago. This is our #1 priority. We recently had another issue, and I want to make a suggestion to all the people who are affected by this:

Xero does not care what's written on the Xero Ideas posts. When you contact their support people they will say "Great Idea, you should post that as a Xero Idea" -- which is where ideas go to die.

I recently had a problem with bank feeds, and found an effective way to get the problem resolved to my satisfaction: I opened a support thread and every single time I had the problem I was trying to get fixed, I sent them a message on that thread letting them know it was still broken. They kept coming back with boilerplate responses (AI?). They called me on the phone and gave me the same excuses. But I persisted and eventually it got fixed.

The support folks need to close out support tickets, and they are (it seems) mandated to respond. So post your SPF/DKIM request to support. Then keep doing it. Ask them to escalate it after a few days (escalate seems to be a magic word).

Squeaky wheel gets the grease. But if there's a concerted effort it may get greased faster.

FWIW, one of our clients has outright bounced all email coming from post.xero.com - which means the invoice we sent them last night was returned. I got a message from Xero that the invoice couldn't be delivered. I talked to the client's IT people and they will not lift the block on post.xero.com because they get a ton of phishing emails now, using that as the return address.

The current situation is unworkable and Xero needs to provide this simple, industry standard fix.

Really surprised, and concerned, that this hasn't been implemented yet

Just migrating from Kashflow at the moment - Xero better in some ways but this is one of those glaring obvious missing features.

This feature should have been implemented years ago. What is the point of having a quote or invoice system if we can't be 100% sure emails will be delivered?

The current recommendation from support—to ask clients to safelist Xero or allow specific IPs—is not scalable or practical. For larger corporations (e.g., 1,000+ employees), working through their IT departments is often slow or unfeasible. For small businesses, the technical know-how is often lacking.

A more practical solution would be to allow us to use our own sending domain for invoices. This would let us configure DKIM and SPF authentication ourselves, eliminating the need to walk each client through technical email settings.

This approach would also shift deliverability responsibility to us, reducing Xero's support load.

It’s a win-win:

Clients reliably receive invoices.

We have full control and visibility over email deliverability.

Fewer support tickets for Xero.

XERO is a joke and not serious about this, saying the same thing for 6 years. They are simply placating the issue.

Xero's marketing department are saying this: (encl.)

Presently having to phone the recipient of each and every quote / invoice / purchase order to make sure they have received it and that it has not been junked. Having a bounce notification only lets you know that you got the address wrong, not that it arrived and got junked.

I just can't help thinking, if a small third party company can intergrate the email address solution so easily and simply (but at a cost of course) why can't Xero do it? Hello Xero!! Wake up.

This might be one of the worst things about Xero.

This is really important for us as the generic email address the letters come from is often rejected by clients email servers. This is not the first time this has happened, however, this time around there has been significantly more clients affected resulting in more work for us phoning clients who have not paid.

This is causing headaches and significant amount of downtime sorting out. Needs to be addressed ASAP

XPM - need ability to change email address that system emails are sent from e.g Tax payment letters

We have been caught for Terminal Tax letters where gmail has either filed client terminal tax letters to Junk or rejected them completely and now clients have overdue tax payments. This has created a lot of unnessary work for the team, clients phoned etc and the clients are unhappy as they have received penalties and interest.

We’ve successfully integrated with this( https://www.calcvat.uk ), and everything is now working perfectly. The developers were fantastic to work with, and the solution is simple, elegant, and effective. Return mail paths are functioning correctly, and no emails are being sent from the generic Xero addresses anymore. The pricing is reasonable for us, and clients who send hundreds of invoices each month are also integrating this solution. This issue with insecure email had been a frustration for years, and Xero’s lack of response made it even more challenging.

Hope this helps!

Alex

I have successfully implemented DMARC for many organizations. SPF alignment is not necessary if you have DKIM alignment! Your teams can still use a return-path pointing to Xero (to get bounce backs, NDRs, etc), we just need a custom DKIM signature to use a custom From: domain. This is essential to modern verification, you can also make it very clear to organizations that using a custom From: domain relieves your support team of any assistance to email issues.

At the very least let us use a SMTP relay... We NEED a custom From: domain. Xero has already implemented DMARC and BIMI, let us too! This is a necessity that is 5 years overdue.

Email address to send Sales invoices from xero is coming as:
messaging-service@post.xero.com.
My client wants to change it to his email i.e. Custom sending domain security
Please can you add this change, because it is causing confusion to my client's customers.