Why Does “Sent on Behalf Of” Appear in My Email Header?
(And how to remove it using DKIM)
If you’re sending email campaigns through BigContacts, you may notice that Outlook or Gmail adds a message like:
“sent on behalf of [your email] via [our mail server]”
This happens when your From address uses your own domain (e.g. info@yourcompany.com), but the actual message is sent from a different domain (like our marketing servers).
It’s harmless—but it can look unpolished or confusing to recipients.
Why this happens
We let you use any From email address when sending campaigns. But the emails are technically sent from our email marketing provider’s servers.
Because the sender's domain doesn’t match the server's domain, Outlook and Gmail add this “on behalf of” message to alert users to possible spoofing.
You don’t need to worry—your emails are authenticated and secure. But if you'd like to remove this header for branding or clarity, you can do so by setting up DKIM.
How to remove the “sent on behalf of” header
You’ll need to set up DKIM (DomainKeys Identified Mail) for your domain. This tells email providers that your domain authorizes our servers to send on their behalf.
DKIM setup requires access to your domain's DNS records. If you're not familiar with DNS settings, we strongly recommend getting help from a technical team member.
To enable DKIM in BigContacts:
1. Log in as your Admin user
2. Go to My Settings > Advanced
3. Select I will manage my own email authentication
4. Enter your sending domain in the DKIM field
5. This will generate a TXT record
6. Add this TXT record to your domain’s DNS settings (e.g. in GoDaddy, Cloudflare, etc.)
7. Save your settings in BigContacts
Once complete and DNS records have propagated, the “sent on behalf of” header will disappear.
Understanding SPF, DKIM, and DMARC
Here’s a simple breakdown of what each does:
| Protocol | What it does | Do you need to set it up? |
|---|---|---|
| SPF | Confirms which servers are allowed to send on your domain’s behalf | Already handled by us; optional for SenderID compatibility |
| DKIM | Adds a cryptographic signature to prove the message really came from your domain | Optional — required only if you want to remove “on behalf of” |
| DMARC | Tells ISPs what to do if SPF or DKIM fails | Optional — for advanced users concerned with spoofing or domain security |
Should you set this up?
You don’t have to set up SPF, DKIM, or DMARC — we’ve taken care of authentication by default. But you might want to manage it yourself if:
-
You want to remove Gmail’s “via” or Outlook’s “on behalf of” message
-
You want tighter security and better brand consistency
-
You already have a strong sender reputation tied to your domain
Note: Setting up DKIM or SPF will not improve deliverability on its own. These tools are not a fix for low engagement or poor sender practices.
Advanced: Strengthen security with DMARC or SenderID
You can also add a DMARC record if you want stricter domain enforcement. For most users, a lenient DMARC policy is enough:
v=DMARC1; p=none;
To enforce SenderID (used mainly by Microsoft domains), you can add our SPF include like this:
v=spf1 include:emsd1.com ~all
Do not add multiple SPF records. If you already have one, modify it to include our domain instead.
Need help?
Still unsure what to set up? We’re happy to help. Reach out to:
-
BigContacts Support: support@bigcontacts.com
-
Email Marketing Provider Support: support@activecampaign.com or support@piesync.com, depending on your setup