Why is it a bad idea to use a customer email as the from address

Solution 1:

Actually, you're allowed to set the From address to your customer's email, as long as you correctly set the Sender field to your own address. This is what Paypal does used to do!

FROM:   [email protected]
TO:     [email protected]
SENDER: [email protected]

Most email clients will render this as "From [email protected] On Behalf Of [email protected]". There shouldn't be any issues with SPF or DKIM on the customer's domain.

You should also probably set the Reply-to header to your customer's address, so replies go the customer's address rather than yours.

Solution 2:

It is bad practice for several reasons:

  • You are NOT allowed to send a mail from a domain you do not own. As such, it could be conceived as an attempt at impersonation.
  • It's a common enough practice used by spammers and, as such, is frequently tagged by spam filters.
  • It is pretty common for well-maintained domains to use SPF or DKIM to protect their reputation and help other systems identify impersonation and spam. You obviously will not be able to add the DKIM mail header or add your SMTP server into the domain's SPF DNS record and so you mail will be (rightly) considered as forged and rejected.

The proper practice is to use your local domain as sender, possibly using a non-existing address as user name.

Solution 3:


It's a bad practice to use the email address from the form. Instead, use an email address that is specifically used for this mailinglist only.

Long version:

First, there are actually two email addresses used. One is the envelope sender, the other one is the one shown on the From:-line in the email.

The envelope sender is the one used by email servers to issue non-delivery notices. If you're running a mailing list, that address will usually be to a script that can clear out non-working addresses from the mailinglist.

The From: address is the one that will be used when the recipient of the mail clicks on Reply. In this case it should point to someone that can actually answer any question the recipient may reply with (or at least forward to someone who can).

If you use the recipient's own email address as the envelope sender, you may expect that some/many mail servers will reject the mail or tag it as likely being spam - because people don't often send mails to themselves from their own address via an outside server.

If you use the recipient's own email address as the From:-sender, the user will not be able to respond to the messages if they should need to. Putting a link somewhere in the body of the mail message isn't enough; people will still use the Reply-button in their email client and be upset when it doesn't work.

Solution 4:

You've got some great answers talking about the technical issues here. In terms of selling this to your customer it may be helpful to rephrase the question slightly. The customer is probably asking you a variation of "will it work", to which the answer is "yes, you can send email like that".

A better question for them to be considering is "will it "arrive", will our customers see it if it's sent that way". The answer with most modern spam filters, is "no, probably not".

Solution 5:

There are two issues that I can think of, the largest issue is that you will be sending out email which could very possibly be undeliverable, and obviously the return address will also be so which will mean a lot of emails sitting and waiting to time out. The smaller issue might be that some of those emails end up in spam, as the servers are looking for email from certain domains to come from certain machines (per DKIM rules).

I would create the [email protected] address, and decide what to do with the email later.