in Announcements

Changes to email security for Pro merchants

We launched GoCardless Pro back in 2014 to give merchants more control over their customer experience, making it possible to guarantee your business name appearing on customers' bank statements, build your own Direct Debit mandate setup flow and have more control over notifications sent to customers.

Direct Debit schemes require that you send customers "advance notice", letting them know when payments will leave their account. Merchants on the Pro package can send these themselves, or have GoCardless send clean, unbranded and compliant notifications on their behalf.

Most of our merchants choose to use GoCardless' built-in notifications, making it quicker to get up and running and avoid worries about compliance.

Until now, if you were on Pro, we've sent these notifications so they appear to come from your email address, as well as displaying your name in the "From" header. We also set the "Reply To" so that replies from your customers with queries or questions go directly to you.

This is how emails currently look to your customers.

What's changed?

Since we built this functionality three years ago, a lot has changed in the email security landscape, particularly with the growing popularity of DomainKey Identified Mail (known as DKIM) which makes it more difficult to send emails that look like they come from someone else - often called "spoofing".

As more and more merchants have enabled DKIM for their domains, we've found that the deliverability of notifications we send has fallen - that is, more of these emails are going to users' spam folders, or are being ignored completely by mail providers. As a security best practice, it's also best to avoid allowing others to send email from your domain, so you have complete control over what's going out.

Consequently, we've decided to optimise for deliverability and security by stopping spoofing the sender address on notifications as of 30 November 2017.

What does this mean for me?

  • If you're a GoCardless Standard or GoCardless Plus user, nothing will change (if you're not sure what package you're on, head to package selection within GoCardless for a reminder).

  • If you're a GoCardless Pro user and you send your own notifications, nothing will change.

  • If you're a GoCardless Pro user and we send notifications on your behalf, we'll stop sending emails that appear to come from your email address on 30 November, instead sending them from notifications@gocardless.com. However, your business name will still appear in customers' email inboxes and replies will continue to go direct to you.

In the vast majority of mail clients (for example the Mail app on iOS, or Outlook on Windows), emails will look exactly the same as they did before. Here’s an example of how it looks:

In the vast majority of mail clients, emails will look exactly the same as they did before
Your business name will still show as the sender of the email

Only when the user explicitly expands the company name, will they see the email address
It's only when someone explicitly expands the sender name, will they see change of email address

We recommend informing your Customer Support team about this change (and maybe including it in your website FAQs), in case your customers raise queries about it.

In summary, these changes are being made to optimise for deliverability and security and thus improve and enhance your GoCardless experience. If you have any questions please don’t hesitate to contact us at help@gocardless.com.

Questions?
Contact us
By using this site you agree to the use of cookies for analytics, personalised content and ads. Learn more