Skip to content
Go to GoCardless homepage
LoginSign up

Changes to email security for Pro merchants

By Paul ConnorNov 20172 min read

We launched GoCardless Pro back in 2014 to give merchants more control over their customer experience, making it possible to guarantee your business name appearing on customers' bank statements, build your own Direct Debit mandate setup flow and have more control over notifications sent to customers.

Direct Debit schemes require that you send customers "advance notice", letting them know when payments will leave their account. Merchants on the Pro package can send these themselves, or have GoCardless send clean, unbranded and compliant notifications on their behalf.

Most of our merchants choose to use GoCardless' built-in notifications, making it quicker to get up and running and avoid worries about compliance.

Until now, if you were on Pro, we've sent these notifications so they appear to come from your email address, as well as displaying your name in the "From" header. We also set the "Reply To" so that replies from your customers with queries or questions go directly to you.

What's changed?

Since we built this functionality three years ago, a lot has changed in the email security landscape, particularly with the growing popularity of DomainKey Identified Mail (known as DKIM) which makes it more difficult to send emails that look like they come from someone else - often called "spoofing".

As more and more merchants have enabled DKIM for their domains, we've found that the deliverability of notifications we send has fallen - that is, more of these emails are going to users' spam folders, or are being ignored completely by mail providers. As a security best practice, it's also best to avoid allowing others to send email from your domain, so you have complete control over what's going out.

Consequently, we've decided to optimise for deliverability and security by stopping spoofing the sender address on notifications as of 30 November 2017.

What does this mean for me?

  • If you're a GoCardless Standard or GoCardless Plus user, nothing will change (if you're not sure what package you're on, head to package selection within GoCardless for a reminder).

  • If you're a GoCardless Pro user and you send your own notifications, nothing will change.

  • If you're a GoCardless Pro user and we send notifications on your behalf, we'll stop sending emails that appear to come from your email address on 30 November, instead sending authorisation request & reminders emails from, and all other emails from However, your business name will still appear in customers' email inboxes and replies will continue to go direct to you.

In the vast majority of mail clients (for example the Mail app on iOS, or Outlook on Windows), emails will look exactly the same as they did before. Here’s an example of how it looks:

Your business name will still show as the sender of the email

It's only when someone explicitly expands the sender name, will they see change of email address

We recommend informing your Customer Support team about this change (and maybe including it in your website FAQs), in case your customers raise queries about it.

In summary, these changes are being made to optimise for deliverability and security and thus improve and enhance your GoCardless experience. If you have any questions please don’t hesitate to contact us at

GoCardless is used by over 55,000 businesses around the world. Learn more about how you can improve payment processing at your business today.

Learn moreSign Up

Interested in automating the way you get paid? GoCardless can help

Contact sales

Contact Us


Contact sales

+44 20 8338 9539


Request support

+44 20 8338 9540

Seen 'GoCardless Ltd' on your bank statement? Learn more

GoCardless Ltd., Sutton Yard, 65 Goswell Road, London, EC1V 7EN, United Kingdom

GoCardless (company registration number 07495895) is authorised by the Financial Conduct Authority under the Payment Services Regulations 2017, registration number 597190, for the provision of payment services. GoCardless SAS (23-25 Avenue Mac-Mahon, Paris, 75017, France), an affiliate of GoCardless Ltd (company registration number 834 422 180, R.C.S. PARIS), is authorised by the ACPR (French Prudential Supervision and Resolution Authority), Bank Code (CIB) 17118, for the provision of payment services.