Why does the 'via' message appear in Gmail?

The 'via' message appears when the domain in the visible 'From' address (RFC 5322.From) does not align with the domain that actually sent the email, typically the Return-Path domain (RFC 5321.From) or the DKIM signing domain. This is common when using third-party email service providers.

What is required to remove the 'via' message?

To remove the 'via' message, you need to ensure proper alignment between your 'From' domain and your SPF and DKIM authenticated domains. This means setting up SPF and DKIM records for your sending domain/subdomain and implementing a DMARC policy that enforces this alignment. Your ESP should provide specific DNS records to facilitate this.

Is it better to send emails from a subdomain or a root domain?

Yes, it is generally recommended to send emails from a subdomain (e.g., mail.yourdomain.com ) rather than your root domain. This helps isolate the reputation of your marketing or transactional emails from your primary domain's reputation, protecting your main website and email services from potential blocklisting issues if your email campaigns run into problems.

How long does it take for the 'via' message to disappear after configuration?

Once SPF, DKIM, and DMARC are correctly set up and aligned, the 'via' message should disappear almost immediately, or within a few hours, as DNS changes propagate. If it persists, double-check your DNS records and DMARC reports for any misconfigurations or authentication failures.

How to remove the 'via' message in Gmail when sending from a subdomain? - Technical - Email deliverability - Knowledge base

When you send emails from a subdomain, you might have noticed a rather annoying 'via' message appearing next to your sender name in Gmail. This little tag, like "sender@yourdomain.com via your-subdomain.com", can look unprofessional and sometimes even raise suspicions with your recipients, potentially impacting how your messages are perceived. It essentially tells the recipient that the email passed through a domain different from the one shown in the 'From' address, even if it's a legitimate sending service.

The good news is that this 'via' message isn't permanent, and with the right email authentication setup, you can remove it. My goal here is to explain why this message appears, especially when using subdomains for sending, and walk you through the steps necessary to achieve full sender alignment and make that 'via' tag disappear for good.

Understanding the 'via' message in Gmail

The 'via' message in

Gmail is an indicator that the domain in the "From" header (what your recipients see) doesn't match the domain that actually sent the email (the technical sending domain). This often happens when you're using a third-party email service provider (ESP) to send emails on behalf of your domain. Even if you're using a subdomain, the issue stems from a lack of alignment between different parts of the email address.

There are primarily two 'From' addresses at play in every email, and their relationship is crucial. The first is the RFC 5322.From address, which is the email address visible to your recipients, like info@yourdomain.com. The second is the RFC 5321.From address, also known as the Return-Path or MailFrom address. This is the technical address used by mail servers for bounces and other delivery notifications. When these two domains do not align, Gmail flags the discrepancy with the 'via' message.

This discrepancy often arises because your email service provider is sending the email through its own domain (e.g., sendgrid.net or amazonses.com) while presenting your domain as the sender. To remove the 'via' tag, you need to ensure that the domains involved in both the visible 'From' address and the technical sending process are aligned. This is where proper email authentication protocols come into play.

RFC 5322.From (Header From)

Visible to recipients: This is the friendly sender address shown in email clients, e.g., marketing@yourcompany.com.
User-facing: Primarily impacts how recipients identify the sender.

RFC 5321.From (Return-Path/MailFrom)

Technical address: Used by mail servers for delivery errors and bounces, often hidden from the recipient. This might be bounces@your-esp.com or a subdomain like bounces.yourcompany.com.
Behind-the-scenes: Crucial for email authentication and bounce processing.

The role of SPF and DKIM in 'via' removal

To effectively remove the 'via' message, you need to configure Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) records for your sending domain, especially your subdomain. These are the foundational email authentication methods that tell receiving mail servers whether an email is legitimate or potentially forged. When these records are properly set up, they help verify that your email is authorized to send on behalf of your domain.

SPF allows you to publish a DNS record listing the mail servers authorized to send email on behalf of your domain. If an email claims to be from your domain but originates from a server not listed in your SPF record, it may be flagged. For subdomains, ensure your SPF record includes all sending IPs from your ESP for that specific subdomain. DKIM, on the other hand, adds a digital signature to your outgoing emails, which receiving servers can verify using a public key published in your DNS. This ensures the email hasn't been tampered with in transit.

For the 'via' message to disappear, it's not enough for SPF and DKIM to simply pass. The key is alignment. This means that the domain in your RFC 5322.From header (what people see) must match the domain used for SPF (the Return-Path domain) and DKIM (the d= domain in the signature). Many email service providers automatically handle the Return-Path (RFC 5321.From) with a subdomain they provide, but you must ensure your primary domain is also covered by their SPF and DKIM authentication. When these align, Gmail is satisfied that the email truly originated from your domain.

DMARC and domain alignment

While SPF and DKIM are crucial, Domain-based Message Authentication, Reporting, and Conformance (DMARC) is the protocol that truly ties everything together to eliminate the 'via' message. DMARC builds upon SPF and DKIM by allowing you to specify what mail receivers should do if an email fails authentication. Crucially, DMARC also introduces the concept of alignment, requiring that the domain in your 'From' header (RFC 5322.From) matches the domain that passed SPF or DKIM checks.

For SPF alignment, the domain in the RFC 5322.From header must match the domain in the RFC 5321.From (Return-Path) address. For DKIM alignment, the domain in the RFC 5322.From header must match the "d=" domain in the DKIM signature. Gmail primarily relies on DMARC alignment to determine whether to display the 'via' tag. If either SPF or DKIM passes with alignment, Gmail typically won't show the 'via' message.

When sending from a subdomain, you might have your main domain yourdomain.com as your RFC 5322.From and a subdomain like mail.yourdomain.com for your Return-Path and DKIM signature. For the 'via' message to be removed, your DMARC record needs to be configured such that the subdomain used for authentication is aligned with your main domain. This often means setting up your ESP to send using a Return-Path and DKIM signature domain that is a properly authenticated subdomain of your 'From' address domain.

An effective DMARC implementation ensures not only that the 'via' message is removed, but also that your emails are protected against spoofing and phishing, which in turn significantly improves your deliverability and sender reputation. This is why tools like DMARC record generators and DMARC monitoring are so valuable.

Practical steps to remove the 'via' message

Example DMARC record

DNS TXT Record for DMARCDNS

v=DMARC1; p=none; rua=mailto:dmarc-reports@yourdomain.com; ruf=mailto:dmarc-forensic@yourdomain.com; sp=none; adkim=r; aspf=r;

This record sets a policy of "none" (monitor only), requests aggregate reports to dmarc-reports@yourdomain.com, and specifies relaxed alignment for SPF and DKIM.

To get rid of the 'via' message when sending from a subdomain, you need to ensure comprehensive email authentication. Here’s a breakdown of the practical steps to take:

Authenticate your domain with your ESP: Your email service provider will give you specific DNS records (SPF and DKIM) to add to your domain's DNS settings. This step is critical as it authorizes your ESP to send emails on your behalf. Make sure to do this for the subdomain you plan to use for sending emails.
Ensure Return-Path alignment: The domain used in your Return-Path (RFC 5321.From) should be aligned with your 'From' address (RFC 5322.From). Many ESPs allow you to set up a custom return path subdomain. If your 'From' address is news@yourdomain.com, your Return-Path should ideally be something like bounces.yourdomain.com.
Implement DMARC for your domain: This is the most effective step. Setting up a DMARC record with proper SPF and DKIM alignment ensures that receivers, including Gmail, recognize your sending legitimacy. Start with a p=none policy to monitor first, then move to quarantine or reject as you gain confidence. You can also monitor your DMARC reports for insights into your email stream. Monitoring your DMARC reports is key for improving your domain reputation.

Properly configuring these authentication protocols for your subdomain ensures that Gmail recognizes your sending domain as authorized, thereby removing the 'via' message and presenting a cleaner, more trustworthy sender identity to your recipients. This can also help you avoid being caught on a spam blacklist or blocklist.

Views from the trenches

Best practices

Always ensure your SPF record includes all authorized sending IP addresses and services for your subdomain.

Regularly check your DMARC reports to identify any authentication failures and promptly address them.

Use a dedicated subdomain for marketing or transactional emails to protect your main domain's reputation.

Implement a strict DMARC policy (p=quarantine or p=reject) once you're confident in your authentication setup.

Common pitfalls

Forgetting to update SPF records when changing email service providers, leading to authentication failures.

Not configuring DMARC, leaving your domain vulnerable to spoofing and the 'via' message.

Ignoring DMARC reports, missing critical insights into email deliverability and potential issues.

Using a general domain for sending, rather than a specific subdomain, which can dilute reputation.

Expert tips

"Focus on ensuring that the domain in your Return-Path (MailFrom) matches the domain in your 'From' header for SPF alignment. This is key for Gmail."

"Even if your ESP doesn't offer custom Return-Path domains, proper DKIM alignment can still remove the 'via' message in Gmail."

"DMARC is the ultimate solution. Once your DMARC record is correctly set up with alignment, the 'via' message should disappear."

"Test your email authentication thoroughly after making DNS changes. Small errors can cause the 'via' message to persist."

Expert view

Expert from Email Geeks says that to remove the 'via' message, the RFC 5321.From (return-path) domain should be the same as the RFC 5322.From domain.

2020-06-24 - Email Geeks

Expert view

Expert from Email Geeks notes that lack of DKIM alignment alone does not cause the 'via' message in Google, as it is primarily return-path related.

2020-06-24 - Email Geeks

Achieving full sender alignment

Removing the 'via' message in Gmail when sending from a subdomain is a clear signal of proper email authentication and a strong sender reputation. It indicates that you have taken the necessary steps to verify your email sending practices through SPF, DKIM, and especially DMARC. This attention to detail not only presents a more professional appearance to your recipients but also significantly improves your email deliverability, ensuring your messages land in the inbox rather than a spam folder or a blocklist.