What is the best method for sending email on behalf of my clients' domains?

Solution 1:

Excellent question. I've just spent several hours researching the same thing.

I had previously deployed numerous websites that use Option C for email forms (mainly out of naivety), but we are experiencing an increasing number of delivery issues. Email providers are gradually tightening up on things. For example Yahoo recently changed their DMARC policy to ask receivers to reject all emails From: [email protected] without a valid DKIM signature. Receiving SMTP servers that follow DMARC (which includes Gmail, and probably Hotmail/Outlook.com and Yahoo) will hard bounce these messages. eBay and Paypal have similar strict policies I believe, in an attempt to reduce phishing. Unfortunately specifying a "Sender" header does not help.

(I wonder how Gmail works around this when sending "From" a Yahoo alias?!)

Option A would be a better option if you know the "From" email does not have a strict DMARC policy (you could possibly confirm this via a simple DNS query).

Despite being the least visually-appealing, Option D is really the safest and is what I will recommend for most of our future projects. It's worth noting that PayPal previously used Option A, but have now switched to Option D.

To gain additional credibility and increased chance of delivery, I would look at implementing SPF and/or DKIM. These and other things are mentioned in Google's Bulk Sender Guidelines which I found helpful.

Solution 2:

I'm not sure what you want. There is no "safe" or "unsafe" way to do what you want.

I would always prefer D). Additionally I would add SPF records. But as I said this is not safer or unsafer than the others (whatever you mean with it).

The Reply-To header does not influence the reputation in any way. It only advices the client to use that address for replies (Duh, maybe this is where the name comes from?!). If the client follows this recommendation is not guaranteed.