Domain – Why is it a bad idea to use a customer email as the from address

domainemailspam

I've got an application that emails users once they have filled in a form. It uses a no-reply@customerdomain.com as a from address. The customer wants it to use the email from the form as the from address which could be anything. I have been told that this is a bad idea due to spoofing/blacklisting and spam.

I feel really vague about the exact reason about why this is a bad idea particularly as i've got to try to counsel the client out of this. Can someone explain to me why this is a bad idea.

Interestingly the client has used a gmail account as the from address as a demo which not only works fine but has enabled the application to start sending emails (it wouldn't do it before with an email which was no-reply@customerdomain.com). Erm – what is going on. I'm told one thing and the opposite works.

Sorry – i know this is basic but I could find anything on a google search. Largely I think because I'm having trouble even framing the question.

EDIT

Thank you everyone – great answers. Interestingly the server sending the email and the mail box that it is going to are both behind the same firewall so the client says they are unconcerned about spam. Oh well.

Best Answer

It is bad practice for several reasons:

  • You are NOT allowed to send a mail from a domain you do not own. As such, it could be conceived as an attempt at impersonation.
  • It's a common enough practice used by spammers and, as such, is frequently tagged by spam filters.
  • It is pretty common for well-maintained domains to use SPF or DKIM to protect their reputation and help other systems identify impersonation and spam. You obviously will not be able to add the DKIM mail header or add your SMTP server into the domain's SPF DNS record and so you mail will be (rightly) considered as forged and rejected.

The proper practice is to use your local domain as sender, possibly using a non-existing address as user name.

Related Topic