Xero Mail - Send as @company-name.com not message-service@post.xero.com
Ability to make an email sent from Xero appear as @company-name.com instead of message-service@post.xero.com, when users send an email to their client/customer.
Purpose: To provide more validity when sending communications from Xero out to clients/customers and avoid items ending up in Spam/Junk mail.
Hi team, we appreciate the on-going support and feedback we're receiving on this idea and pleased to be able to share this update. Our product team are actively exploring how we can best solve for the needs raised here, although at this time are unable to provide any set timeframes.
They are very much aware of the appetite from our community on this, and as part of their exploration have reached out some users here as they gather insights.
For the time being we'll shift to In discovery and I'll return as soon as there is more on this to share.
-
Verafire Accounts
commented
I integrated Akshay's Xero Mailer years ago and it's awesome, works perfectly. It 100% solved the issue in XERO that where we could not send from our domain from our own servers. Since then we've had all invoices received and no more late payments. Nice work, great product.
-
akshay Singh
commented
For the past few years, we've been helping Xero users automate and customize their email workflows through XeroEmail.com. Based on customer feedback, we're now moving to ZeroAIMailer.com with a broader focus and more automation features.
Existing features include custom domain/DNS settings for Xero invoices, quotes, and other emails. We've recently added automatic statement emailing and OneDrive integration to keep all generated PDFs organized in one place.
ZeroAIMailer is completely self-service — you can sign up, use the free plan, or start a free trial of any paid package without needing to talk to a sales team.
We'd love to hear your feedback and feature requests as we continue building based on what the Xero community needs.
-
Matt Atherton
commented
@Adam I am sure there are. I was simply sharing another option for anyone on here who might need it. :o)
-
Adam Livesey
commented
@Matt there are other solutions and ones that aren't charging more per month than wat Xero is charging
-
Matt Atherton
commented
@Tim - I appreciate that 100%. My point was that this request is now almost 13 years old, and nothing has been done, so we decided to find an (ultimately better) alternative.
TLDR; Maybe focus on a solution, instead of ******* your head against a wall, where no one is obviously around to see your ongoing frustration.
-
Tim Sneller
commented
@Matt It's great that you were able to develop something, but not everyone has the ability, or the resources to do this. If you are sending large numbers of invoices every day, it might be cost effective, but not for everyone. This is Xero's problem, and they really do not understand the overall impact of the issue.
-
Matt Atherton
commented
We "solved" this issue by not sending invoices via Xero. Once an invoice is set to "Approved", it triggers a Make automation, which updates and associated invoice task in our ClickUp central hub, and that's where the invoice PDF then gets sent out to the client.
Whilst I appreciate this needs another tool to work, it has advantages:
- One central source of information
- A tool using our email address to send, which is properly validated in DNS
- Any client replies and further correspondence creates a clear thread in ClickUp -
Tim Sneller
commented
If our invoices do not get through to customers, because they look like spam, then they will not get paid. If companies do not get paid, then they cease to exist. That means that all the time spent developing AI products is completely wasted.
AI is not very important in the overall scheme of things - GETTING PAID IS ! ! AI might make the system look clever to prospective users, but they will soon find the serious problems when they start using it.
FIX THE iMPORTANT ISSUES FIRST ! ! !
-
Nigel Smith
commented
It seems that this App mentioned below can send follow-up emails, reminders etc, from your own Domain. But it does not seem to say anywhere in its descriptions that it sends the original invoice / purchase order / remittance from your own Domain.
This is what Xero needs to implement... -
Adam Livesey
commented
@Denym Bird
So we have to pay another service provider more than Xero to do what Xero should be doing already....
-
Denym Bird
commented
In the meantime, it could be worth checking out dedicated Xero apps made to solve this problem for sending from your own domain such as https://apps.xero.com/app/paidnice
-
I.T. Solutions Tasmania
commented
Hi Kelly
It is lovely that you are implementing AI features but what's the point when emails from Xero go to junk from us and it is impossible to send from a domain that wont be flagged for spam?
We provide IT Support so our invoices look like phishing when they are legitimate accounts...
Matt -
Gavin Wilkinson
commented
This is the problem in action. Beyond service issues, such phishing is dangerous - and straight through several layers of filtering thanks to Xero's trusted domain.
Ideas for a solution are abundant in this thread. My new idea is for Xero to react constructively to the issues these emails (attached) cause.
-
Gordon Lyon
commented
Xero currently sends all invoices and quotes from messaging-service@post.xero.com. We can send a custom reply-to email address, but sending from our own address would be much better. The reply-to hack "solution" has 3 major problems
1) Email from post.xero.com is way more likely to be spam filtered than if it was coming from our own email address/infrastructure.
2) Many customers see a quote or invoice come in from messaging-service@post.xero.com and so put that in their CRM for sending PO's and remittance advice. Sometimes their systems do this automatically based on the incoming email. I've missed many purchase orders for this reason.
3) It would look way more professional if our invoices and quotes came from our business email domain instead of xero.com. Many recipients don't know who Xero is and are thus less likely to click through and pay an alleged invoice coming from that address.
Until 2023, Xero offered the ability to connect to Google Workspace/Gmail and send from our own domain through that. I never understood why Xero removed this critical capability, but I hope you'll bring it back. You could even make it more generic (allow users to specify SMTP server + auth) so it will work with far more providers than just Google.
-
Dennis Seyersdahl
commented
Andrew,
You do not need to single me out. My intent was simply to make sure the issue was reported to the correct department so it can be addressed through the proper channels. If nothing is done after that, then the responsibility falls on them, not on us when our clients are impacted.
I also think the conversation had started to drift into complaints rather than solutions. As IT professionals, it is important that we help guide issues through the correct process instead of just venting in a forum where the people reading may not be the ones who can actually fix the problem. The only reason I spoke up was because of the ongoing complaints and the comment that the individual ran an IT security company. With over 25 years in the IT field, I have rarely seen situations where IT professionals were unwilling to at least try to move an issue forward in a constructive way.
That is why I contacted Xero directly and shared their response, so we could get the discussion back on track and focused on what can actually be done. I was also personally receiving multiple spam messages related to this issue, which is another reason I felt it was worth addressing.
We should be able to use our own domains, and this type of risk is not unique to Xero. QuickBooks has similar limitations, and we see the same types of attacks there as well, including spoofed domains and look-alike registrations. I had a customer recently where a bad actor registered a domain with a single extra letter added in the middle of the name. The customer’s client did not notice the difference, and the issue was only caught after I reviewed the messages. That situation ended up being reported to ICANN after we confirmed the domain was being used maliciously.
My point is that these are real security concerns, and the correct response is to report them through the proper channels so something can actually be done, not just complain about them in a forum.
If you want to single me out, that is your choice, but I will respond when I feel it is necessary to clarify my position.
-
Andrew Syme
commented
@Dennis et all
Xero does have a security reporting pathway for reporting Phishing attempts / attacks.
Please use it instead of spamming the emails of all 412 people that have supported this Product Idea.
BTW. This is not a FORUM for back and forward discussion. We can all agree that EMAIL security is a world wide issue that is not readily or easily solved.Report the Phising and stop the whinging !!
-
Luke Grayson
commented
100% agree Christopher. I also run an small IT company. Xero know. Xero don't care. Spreading awareness is all you can really do, and that's what you're doing. Thanks!
-
Christopher Dunham
commented
Once again, I dont work for Xero. If a company specializing in finance (Xero) is stupid enough to allow anybody who signs up for an account to send invoices from the same address as legitimate customers then I am going no further than raising it in their forum. Which I did, and this is that forum. hence you are seeing it. I am not going to spend hundreds of hours trying to tell a company how naughty they are for not doing the job properly. Firstly it wont get anywhere as they already know and secondly I am not a charity for rich global enterprises cutting corners on cyber security.
You seem to think Xero dont know about this, the chances of that are 0%. Xero know, and are not interested as they will claim those defrauded should not have paid an invoice from a shared email address.
This gets treated as any other phishing email does. Marked as fraud to teach the junk filters at Microsoft to block it.
-
Tim Sneller
commented
Dennis - I emailed spoofing@xero.com, and got a similar response.
There does seem to be two main issues:-
1. Criminals are setting up Xero for fake companies, and sending out invoices from Xero, in the hope that people will just pay the invoice. This is difficult to stop, unless Xero insists on Companies House Registration details etc when creating an account, but even that can be fudged. Presumably the same thing is happening from Quickbooks and other systems.
Gavin suggested that FREE accounts could possibly have emails sent from a different domain. That might help genuine companies, but the reputation of post.xero.com is probably already irredeemably damaged. The only solution is to enable companies to use their own email server - Something which Xero is apparently very belatedly now looking at.2. There appear to be random emails that are NOT related to invoices etc, which are being received from what APPEARS to be the Xero domain. If the SPF/DMARC verification is somehow being bypassed, then security@xero.com definitely need to know, and have as much evidence as possible. If the originating server info is being spoofed, that is much more difficult to stop. Again though, if our GENUINE invoice are no longer associated with post.xero.com then it won't matter so much.
-
Perry Paolantonio
commented
@Christopher: What people are asking is that if you can definitively prove that scammers are using the Xero platform to send phishing emails, report it to xero and/or a relevant government authority that will put pressure on Xero to fix this issue. The US government doesn't give a rats *** about this, especially now that it's run by scammers. But the UK government seems to, from what I'm gathering from the other comments. If you don't want to deal with it, share the information so others can.
I have not seen what you're describing, though I have received several phishing emails that were clearly NOT sent through Xero, instead they were spoofing post.xero.com so that it looked like it was coming from there. But the emails themselves had links to sites that were not "in.xero.com" -- the domain That Xero invoices use for viewing/paying an invoice online.
If you are seeing actual, legit emails sent BY xero on behalf of scammers, reporting it is not just a good idea, you should feel obligated to. If you feel no sense of duty to report it, then at minimum it's something you should do simply because it affects your use of the platform. Why should you have to pay for or maintain a third party system to send invoices from ...wait for it... invoicing software.
The fact that this is talked about a lot here a lot is meaningless. I think we all know that Xero doesn't pay attention to this suggestions portal, it's here to make us feel like they are. Other channels, such as reporting Xero to an authority that could actually have an effect on their bottom line, may be the only way to get this problem addressed.