We have a web application that is sort of like a CRM app. People can log in and manage their business with other folks. As part of that management, our application may send emails to the people being managed. The wrinkle here is that our customers like the "from" address of those emails to be their own. That way the recipient gets email from someone they know, not from a "do not reply" address at our own domain.
With many mail servers this isn't an issue, however there are a few that are bouncing those emails. Out of curiosity I had a test email sent to me and checked the headers. Here's what google apps added:
Received-SPF: softfail (google.com: best guess record for domain of transitioning client@clientdomain.com does not designate 99.99.184.164 as permitted sender) client-ip=99.99.184.164;
Authentication-Results: mx.google.com; spf=softfail (google.com: best guess record for domain of transitioning client@clientdomain.com does not designate 99.99.184.164 as permitted sender) smtp.mail=client@clientdomain.com
(I replaced the real "from" address with client@clientdomain.com)
So, while the email was delivered to me, I can certainly see why other servers might reject it. Our app isn't ever going to resolve to clientdomain.com.
What are my options here?
1) I could suggest that all "from" addresses be set to the friendly name of the client but user our own "no reply" email address. Then I could get spf and all that wired up.
2) I could suggest that the client configures spf / reverse dns to match my server's IP (this seems like a horrible option…)
What else. What are the best practices for this sort of thing?
Best Answer
One thing you could do, is set the sender's "name" as your client's name, and then set a Reply-To header to go to their e-mail address.
That way it looks like they are receiving an email from "Bob Johnson" they know, and when they click Reply, it will be addressed to bjohnson@clientcompany.com
Though I know companies like Paypal can have emails come from your actual e-mail address, I'm not sure if this is trickery with the headers, or that all e-mail providers "trust" paypal's email servers.