English
Español
Русский (Russian)
日本語 (Japanese)
Forums/Official SendGrid/FAQ: Whitelabel and DNS
How To: Eliminate the On Behalf Of Message
Joe Scharf
posted this on January 12, 2010 14:01
Help, my emails are received with an On Behalf Of message
Some ISPs or mail readers, such as Hotmail or Outlook, will display a message with the Sender header set as “on behalf of” and then the address that is in the Sender header. This is caused by the DomainKeys configuration of your account.
By default, SendGrid signs all e-mail with DomainKeys to improve deliverability with some smaller domains. However, with accounts that do not have whitelabeling, this means that the domain in the From field will not have the proper DNS record to authenticate the e-mail. Because of this, SendGrid inserts a Sender header, and the e-mail can then be properly authenticated.
However, the vast majority of recipient servers now check authenticity using DKIM, which is the evolution of Domain Keys. All emails sent out by SendGrid are signed with DKIM, whether your account is whitelabeled or not. So if you're having this problem, feel free to disable DomainKeys, and it should not have any impact on your deliverability.
Comments
I still get "via sendgrid.info", at least on Gmail even with Domain Keys disabled. Any other suggestions? I'm using the PHP API with SwiftMailer v4.
Same for me.
It looks like the DKIM signature is sent as sendgrid.info no matter what your DomainKeys settings are.
Only seems to be a problem with gmail.
Gmail recently started adding additional authentication information next to the sender's name. This information is keyed off of the DKIM signing domain, and the additional "via" is added when the FROM domain does not match the signing domain specified in the "d=" header. More information can be found here: http://mail.google.com/support/bin/answer.py?hl=en&ctx=mail&...
Note that this Gmail issue is not related to the DomainKeys app that you can enable / disable in your account. DomainKeys has been obsoleted by DKIM, and we recommend all users disable the DomainKeys application in their account. Your email will continue to be signed with DKIM, and ISPs will use this for any reputation considerations.
So what's the answer to removing it then? Does the DKIM get personalized with the white-label service? Is the SPF solution applicable here?
At this time, turning off DKIM or changing the signing domain is not possible. Whitelabel does allow personalizing the DKIM signature and as long as your FROM address domain matches the whitelabeled domain, the Gmail "via" will not be added.
Your last point refers to the matching of the whitelabel domain and the sender address.
if we have sender@example.com and example.com goes to our webserver
to use whitelabel we have been told to create a new CNAME and point to your sendgrid.net domain. So because our domain points to our infrastructure not yours how can we both accommodate whitelabeling and also having our DNS point to our servers?
Erik,
Our whitelabel uses a subdomain off of your root domain (by default we recommend email.example.com) which is CNAMEd to sendgrid.net. This mechanism allows bounce processing and click/open tracking to work without any additional changes.
Excellent Joe,
so what I'm hearing is that we can send email w/ the sender being email@example.com and if that email has inbound links to our site that those links are http://email.example.com/path/page and email.example.com is white-labeled that our customers will not see "on behalf of" in their inboxes.
Is that an accurate depiction of what happens?
Yes in the whitelabel config you create _domainkeys DNS entries for the subdomain and root domain, so authentication will validate for both email.example.com and example.com. Links are rewritten to http://email.example.com/... as you noted above.
Will disabling the Domain Keys negatively affect deliverability to Yahoo? The wiki article http://wiki.sendgrid.com/doku.php?id=domain_keys mentions Yahoo! using the DomainKeys.
Is there any advantage in keeping the Domain Keys enabled with the "Set the domainkeys domain to match the FROM domain" option instead of domain + Sender header?
No. Disabling DomainKeys will not affect deliverability to Yahoo. Yahoo has indicated that DKIM is sufficient for the purposes of replacing DomainKeys.
Added the SPF record and specified a white label subdomain (send.ourcompany.com). Still seeing " via sendgrid.info " in gmail.com. You mention that " Whitelabel does allow personalizing the DKIM signature". However -- I'm not seeing that. When I look at the raw message I see: DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sendgrid.info; h= ...
How do we get d= to be our whitelabel domain and not sendgrid.info?
I'm using the free sendgrid addon with Heroku. I recently noticed the "via sendgrid.info" annotation in gmail, and I'd like to get rid of it too.
How do I disable domainkeys with the Heroku addon? Or do I have to remove the Heroku addon and signup directly with sendgrid.com? In any case, this doesn't seem to have an effect on gmail.
@Peter, what exactly did you put in your SPF record? I found a sendgrid article with an example SPF entry, but it uses "sendgrid.net" (not the IP). The gmail knowledge base article says: "If your messages are sent by a bulk mailing vendor or by third-party affiliates, please publish an SPF record that includes the IPs of the vendor or affiliates which send your messages." I'm curious if that will convince gmail to drop "via".
http://support.sendgrid.com/entries/94481-dns-setting-the-spf-recor...
@Marcel I used the SPF record specified in the article you cited. This should be correct even for the whitelabel scenario, if I understand correctly the receiving mail server performs a reverse DNS lookup on the sending mail server, and will then query the SPF records for the domain in the FROM address of the email to ensure the sending mail server is authorized.
@Joe Can you provide further comment? Right now we're on the bronze package. Is this the issue, do we need a dedicated IP or the silver package to get rid of this message?
As I mentioned, I have specified a whitelabel subdomain in the configuration and created the CNAME. I am seeing something a little weird in the DNS results from our DNS service provider with respect to the domainkey DNS entries, possibly related to the underscore problem. I'm looking at moving to a DNS provider that knows what their doing, but I'd definitely like some confidence this will resolve the issue before I sink a lot of time into it.
I believe you do need the silver or better for whitelabel even though you can set the subdomain in lesser plans. It would be nice to have whitelabel as an add-on option for those who need this feature but aren't quite ready to move up to higher-level plan.
On Friday 8-12-11, we deployed changes to DomainKeys and DKIM. DomainKeys is now disabled for all NEW users and the DKIM app has been added with the option in Settings to have the "d=" signing domain match the domain in the FROM address. See the SendGrid blog for more information
So there's no definitive way to get rid of "via sendgrid.info" in Gmail?
I really don't see a solution here. As far as I could understand, unless I pay 80USD I will still have to keep the "via send grid.info" is that right? I have the free plan and maybe the smallest tier plan is the right one for me after testing, and that does not offer white labeling. So, is there or not -and how- a way for the free plan to remove the annoying (and trust destroyer) message to be removed?
Best of lucks. DPT