Best practices: Sending email on behalf of users

Question

The company I work for provides testing services for the healthcare industry. As part of our services, we need to send email to our clients\' employees. Typically, these are t

Answer 1

You're probably looking for Reply-To. It's an official and widely supported header, unlike On-Behalf-Of, and it's not subject to the same spam checks as From.

If you really wanted to appear as sending on behalf of another user, the "mostly" correct way, by SMTP standards, would be to put your "real" address in Sender: and your client's address (of whom you're sending on behalf) in From:. However, From: is specifically targeted by DMARC, a very strict spam prevention protocol implemented by most major e-mail providers. They won't overlook a From: DMARC failure just because you have a valid Sender: header.

DMARC allows domain owners to specify how SPF and DKIM should be applied to the From: header. A popular policy is to reject e-mail that fails either SPF or DKIM, which means your e-mail won't even be flagged as spam: it will be downright rejected.

Sender: + From: still works, technically. It was originally created with the intention of being used by people in the same organization, such as a secretary or an assistant. This has turned into a hard constraint with the advent of spam prevention mechanisms.