How do I remove the “Sent on behalf of” header and use only my email address?

When sending your campaigns, you may find that an additional header is added to the top of your outgoing messages. In Outlook the "From" area will show the name of your account with us, the domain name of the mail server that sent the message, the words "sent on behalf of" and your specific From email address. In Gmail there is a similar message, although the wording is slightly different:

Why does this header exist?

We allow all of our clients to enter any email address they like as the "From" sender address for each campaign — however, this also means that the emails you send using our platform will actually be sent from a different domain (one of the marketing servers) then the domain that is listed in your custom From email address.

Although the From address is set to anything you choose, for example, info@mydomain.com, the email message actually originates from a mail server with a domain name of something like acems1.com Outlook and Gmail display a header message to tell recipients that the email was sent with a From address that differs from the address of the actual mail server, because this can sometimes indicate a message has been spoofed or fake. Since we've properly authenticated your emails, there's no need to worry about this negatively affecting your messages. This header doesn't hurt or help your deliverability, it's just an informative message to recipients at Outlook and Gmail.

Some of our customers prefer to remove the Sent on behalf of header because it looks messy or may be confusing. It's very easy to remove the header and there are no negative consequences of doing so.

How do I remove the header?

The "sent on behalf of" text in your message header can be removed by setting up DKIM for your sending domain. This will make the heading of your messages appear cleaner and only your own From email address will be displayed (the name of our mail server will not be displayed). 

IMPORTANT NOTE:  Following the steps in this article to manage your own email authentication require technical expertise in order to avoid any confusion and/or frustration when trying to set this up.  Please seek the assistance of a technical professional.

To setup DKIM, log in as your account's admin usergo to the "My Settings" page on the top right and then click the "Advanced" tab located on the left side menu. Choose "I will manage my own email authentication"

There are several options on this page but you only need to set up DKIM to remove the €sent on behalf of header. Enter your domain name in the corresponding DKIM field.

This will generate records that you can then add to your DNS as TXT records at your registrar or hosting provider (e.g. Godaddy).

Click Save Settings at the bottom of the page when done. Once complete, the sent on behalf of€ text will be removed from all outgoing emails that are sent using the domain you setup. Sometimes it can take a few hours for the DNS records to propagate. If it doesn't appear to be working at first, wait a few hours and retry.

__________________________________________________________________________________

More information about DKIM and email authentication.

When you send an email from the marketing module, the recipient's ISP (such as Gmail, Yahoo, AOL or Outlook), will use a variety of methods to determine if you are permitted to send communications using your 'from' email address. For example, you are not permitted to send an email with the from email address info@example.com unless you own Example.com. If someone sends messages posing as Example.com, ISPs have methods of identifying this as phishing and will block it.

SPF, DKIM, and DMARC are the three established methods used to verify a sender's identity. The marketing module does not require that you do anything to set these up, because we've already covered it for you. However, there are circumstances when it can be beneficial to set these identifiers up on your domain. 


The most common reasons for setting up your own authentication are:

  • To remove the "via" header from Gmail to enforce branding. A positive side effect of setting up DKIM is that this header disappears.
  • If your domain actually has a stronger reputation than our email marketing provider. This is rare because their domain has a long-established reputation of sending good mail, but there are times when senders can benefit from relying more heavily on their own domain reputation.
  • If you want to enforce stricter security on your domain.
Importantly, these methods of authentication should not be thought of as “fixes” for poor delivery. Simply setting up your own DKIM key, SPF, or DMARC will rarely, if ever, boost your delivery. If you have a poor sender reputation, authentication will not reverse or improve your reputation.

Authentication allows good senders to further solidify their reputation and protect their domain from bad senders who may try to hijack their domain.

As such, we make it easy for you to set up authentication, but you are not required to do so. 

DKIM

DKIM is essentially a signature any sender can apply to their email messages. This signature makes clear that the purported sender of the message is actually the sender of the message. Any domain can be used as the signature. For example, a company called Example will sign their messages with the Example.com domain to confirm that the message was actually sent by Example.

This is accomplished by inserting a hidden, cryptographic signature into your email header (ActiveCampaign will do this) and then placing a public key on your website that verifies the authenticity of this signature.

All mail sent from ActiveCampaign will use our email marketing provider's DKIM signature by default. Our email marketing provider's DKIM signature has a very good reputation. This is sufficient for most senders. However, it is easy to set up DKIM for your own domain if you want to.

To setup DKIM, go to your My Settings page and select Advanced from the left side menu. Click on "I will manage my own email authentication." Enter your sending domain into the DKIM field and click "Generate".

After you enter your domain you will receive a record to add to your DNS at dk._domainkey.mydomain.com. Take note that the values you generate here will not save on the page. They are just generated for use in setting up TXT records on your domain host.

You will need to add these TXT records to the DNS of your website. To find specific instructions for your host, we recommend searching Google to add TXT record at _______. Fill in the blank with the name of your host (Godaddy, Hostgator, Cloudfare etc). 

After complete, you can use a tool like mail-tester.com to ensure that DKIM is working.

SPF

SPF records are public records on your website that authorize certain servers to send email with your domain.

We actually handle SPF for all senders, because SPF protocol will check the sending server's domain for SPF, not your own domain.

As such, SPF is out of your hands. You don't need to setup SPF, even if you are using a custom domain.

Why should you set up SPF on your domain?

There is an older, deprecated version of SPF called SenderID where the recipient ISP checks the visible From Address for authentication. The means the from address domain you use to send the message (like @mydomain.com) would be checked for an SPF record that authorizes our email marketing provider to send with this domain.

SenderID is deprecated and the only ISP of note that still checks for SenderID is Microsoft (this includes Outlook.com, Hotmail.com, Live.com, and MSN.com). There is no evidence that this check will influence your deliverability positively or negatively.

There may be other, smaller ISPs that still use some version of SenderID, although they are rare. And, in some cases, it may be necessary to set up SPF/SenderID to ensure the notification emails from your automation deliver.

You can choose to add an SPF record to your domain to ensure your emails will pass a SenderID check. However, this will not have a noticeable effect on deliverability to any major ISP, since the standardized SPF check is handled by ActiveCampaign.

If you want to setup SenderID, go to your My Settings page and select Advanced from the left side menu. Click on I will manage my own email authentication." Enter your sending domain into the SenderID field and click Generate.

If you already have an SPF record, it is important that you don't add a second. Instead of having two SPF records, you should just add include:emsd1.com to the current SPF record, like this:

v=spf1 include:emsd1.com include:_spf.google.com ~all

DMARC

DMARC builds on SPF and DKIM, and tells ISPs like Gmail and Outlook what to do if your emails fail SPF or DKIM. ISPs will look to the DMARC record on your domain to know how they should handle mail that doesn't pass DMARC.

The lack of a DMARC record (which is the default) will tell ISPs to treat mail normally if it doesn't pass DMARC. A stricter DMARC policy will tell ISPs to reject or quarantine mail that doesn't pass a DMARC test.

Most importantly, DMARC is not a method to “boost” your deliverability. It permits you to enhance security for your domain.


By default, all domains will not have a DMARC record in place, and it is not necessary for you to set up a DMARC record for delivery. As such, DMARC is totally optional, and there is no immediate benefit to deliverability to setup DMARC, unless:

  1. Someone is actively spoofing your domain, sending fraudulent mail, and tarnishing your reputation. DMARC would let you identify this malicious activity and shut it down.
  2. You added a DMARC record that is “strict” which will lead ISPs to block mail that doesn't pass a DMARC test. A poorly configured DMARC is basically telling ISPs you want them to block your messages.

There are two options for DMARC, lenient and strict. We recommend setting up a lenient policy because this is the safest for deliverability. To set up a lenient DMARC policy, you should add this TXT record to your domain at _dmarc.mydomain.com:

v=DMARC1; p=none;

If you want to implement stronger security on your domain, you can set up a strict DMARC record that will tell ISPs to reject or quarantine mail that does not pass the DMARC test. To set up a strict DMARC record, we would advise you to visit dmarc.org for recommendations to configure the record properly.

Important: A strict record will require that you have a proper DKIM record setup for your sending domain, or else all your mail from our email marketing provider will fail the DMARC test. Make sure you have set up DKIM for all of your sending domains before setting up a strict DMARC record.