Enter your idea

Xero, please listen to your users and implement requests that they ask for.

This has been requested for years and you are ignoring these requests, A couple of companies have jumped in and are offering a paid for service that does what users have been asking the core system to do for years.

I wrote a very simple web app that solves the issue simply using AI, I have tested and I'm offering this to the community at no charge.

Xero please feel free to let me know if you would like to implement the code into your core system, its written in ASP.NET Core 8 C#.

For any other Xero users please feel free to reach out with your contact details and I will be more than happy to share the compiled code and install instructions. You will need a hosting package that supports ASP.NET Core 8 (most providers do), I'm happy to assist with the hosting if needed otherwise you can use your own provider.

For the time being I have only written this to send emails via an App Registration in Microsoft 365, If anyone wants this for Google Enterprise please let me know as it should be a simple change or addition in the code.

@Richard Fincher:

Submit a support request. Every time you have a problem, comment on that thread. They seem to be obligated to reply. You will get unsatisfying answers but if you ask to escalate the problem eventually you seem to get to people who can do something. That has been my experience with other issues.

Squeaky wheel...

This conversation is starting to sound a bit like a car-dealer talking up a car's Bluetooth and Air-con features whilst ignoring the fact that one of the wheels is missing. I think we need to know the name of the responsible individual decision maker here. At present, we're (occasionally) being replied to by a gate-keeper.

"Clients are insisting we block the address (we are their IT), but that will block our own invoices."

Yup. 100% this is the problem Xero is ignoring. They told me I should tell our clients who have blocked Xero emails for the same reason, that they should unblock them. That's not an acceptable solution. I shouldn't have to go to all my clients and ask them to allow phishing emails through because a small percentage of emails from the same address might be our legitimate invoices.

This needs to be addressed ASAP. It's clearly not hard since there are third party services who have figured this out. Come on, Xero. Divert an afternoon's worth of programming time to this. That's all it takes.

A client got the below today from Xero, clearly spam / fraud.

Clients are insisting we block the address (we are their IT), but that will block our own invoices.

From: messaging-service@post.xero.com <messaging-service@post.xero.com> on behalf of T͏e͏s͏l͏a͏ Recruitment Team <messaging-service@post.xero.com>
Sent: 27 June 2025 08:59
To: ***************************************
Subject: Social Media Manager Opportunity at Tesla

If when have to pay for a third-party resolution for these emails to be sent out correctly, will Xero be refunding us the amount since they are unable to accommodate such as simple and popular request?

Microsoft will no longer support Basic Authentication after September 2025. Wordpress websites may no longer rely on PHP for enquiry forms. A plugin like WP SMTP Pro is required for Microsoft 365 email. Domains without the SPF, DKIM and DMARC records setup correctly will already have an unreliable email services.

It is vital that my company has access to this feature as your system limits the number of email contacts.

SMTP has got to be one of the simplest, most widely available solutions in the world. It would take xero 1 day to build and make everyone happy.

Not buying the excuses. This is low hanging fruit, guys.

Off to make.com to hack my own solution. Grr.

You can see how this was shut down and misconstrued in the response from Xero here https://productideas.xero.com/forums/939198-for-small-businesses/suggestions/46571656-enable-dkim-to-reduce-sent-emails-from-being-flagg

How hard can it be to add this. Not hard. They just don't care about their customers

Nobody should have to pay extra for this. Sending invoices via email is a basic feature of the application, and something that should just work out of the box without having to work around it with a paid third party solution.

Thanks for that heads-up. After 5 years of trying, I gave up and now use https://www.xeroemail.com/ which is cheap and works perfectly to send out as our domain name. All invoices get through; we get paid more regularly and it has a very positive impact on cashflow and business growth. Akshay at Kalpvaig who make the connector provides awesome support if ever you need it. Again, thanks for your post and I reckon you nailed it on closing tickets. It's either that necessity or company incompetence/negligence to not close pathways for email fraud.

I've been commenting on this post (and others like it) since we switched to Xero about 3 years ago. This is our #1 priority. We recently had another issue that required some interaction with Xero Support, and I want to make a suggestion to all the people who are affected by this:

Xero does not care what's written on the Xero Ideas posts. When you contact their support people they will say "Great Idea, you should post that as a Xero Idea" -- which is where ideas go to die.

I recently had a problem with bank feeds, and found an effective way to get the problem resolved to my satisfaction: I opened a support thread and every single time I had the problem I was trying to get fixed, I sent them a message on that thread letting them know it was still broken. They kept coming back with boilerplate responses (AI?). They called me on the phone and gave me the same excuses. But I persisted and eventually it got fixed.

The support folks need to close out support tickets, and they are (it seems) mandated to respond. So post your SPF/DKIM request to support. Then keep doing it. Ask them to escalate it after a few days (escalate seems to be a magic word).

Squeaky wheel gets the grease. But if there's a concerted effort it may get greased faster.

FWIW, one of our clients has outright bounced all email coming from post.xero.com - which means the invoice we sent them last night was returned. I got a message from Xero that the invoice couldn't be delivered. I talked to the client's IT people and they will not lift the block on post.xero.com because they get a ton of phishing emails now, using that as the return address.

The current situation is unworkable and Xero needs to provide this simple, industry standard fix.

I've been commenting on this post (and others like it) since we switched to Xero about 3 years ago. This is our #1 priority. We recently had another issue, and I want to make a suggestion to all the people who are affected by this:

Xero does not care what's written on the Xero Ideas posts. When you contact their support people they will say "Great Idea, you should post that as a Xero Idea" -- which is where ideas go to die.

I recently had a problem with bank feeds, and found an effective way to get the problem resolved to my satisfaction: I opened a support thread and every single time I had the problem I was trying to get fixed, I sent them a message on that thread letting them know it was still broken. They kept coming back with boilerplate responses (AI?). They called me on the phone and gave me the same excuses. But I persisted and eventually it got fixed.

The support folks need to close out support tickets, and they are (it seems) mandated to respond. So post your SPF/DKIM request to support. Then keep doing it. Ask them to escalate it after a few days (escalate seems to be a magic word).

Squeaky wheel gets the grease. But if there's a concerted effort it may get greased faster.

FWIW, one of our clients has outright bounced all email coming from post.xero.com - which means the invoice we sent them last night was returned. I got a message from Xero that the invoice couldn't be delivered. I talked to the client's IT people and they will not lift the block on post.xero.com because they get a ton of phishing emails now, using that as the return address.

The current situation is unworkable and Xero needs to provide this simple, industry standard fix.

Really surprised, and concerned, that this hasn't been implemented yet

Just migrating from Kashflow at the moment - Xero better in some ways but this is one of those glaring obvious missing features.

This feature should have been implemented years ago. What is the point of having a quote or invoice system if we can't be 100% sure emails will be delivered?

The current recommendation from support—to ask clients to safelist Xero or allow specific IPs—is not scalable or practical. For larger corporations (e.g., 1,000+ employees), working through their IT departments is often slow or unfeasible. For small businesses, the technical know-how is often lacking.

A more practical solution would be to allow us to use our own sending domain for invoices. This would let us configure DKIM and SPF authentication ourselves, eliminating the need to walk each client through technical email settings.

This approach would also shift deliverability responsibility to us, reducing Xero's support load.

It’s a win-win:

Clients reliably receive invoices.

We have full control and visibility over email deliverability.

Fewer support tickets for Xero.

XERO is a joke and not serious about this, saying the same thing for 6 years. They are simply placating the issue.

Xero's marketing department are saying this: (encl.)