You can design the perfect invoice, but if the email carrying it lands in a spam folder, none of that matters. Email deliverability for billing comes down to three standards working together: SPF, DKIM, and DMARC. Understanding what each one does, and how they reinforce each other, is the difference between invoices that reliably reach the inbox and invoices that quietly vanish.
SPF: who is allowed to send for you
Sender Policy Framework is a DNS record that lists which mail servers are authorized to send email on behalf of your domain. When a receiving server gets a message claiming to be from your domain, it checks whether the sending server appears in your SPF record. If it does, the message passes SPF. If it does not, the message looks suspicious.
A typical SPF record is published as a TXT record and uses include mechanisms to authorize the services that send mail for you. One thing to watch: SPF permits only a limited number of DNS lookups, so adding too many services can break the record entirely. Keep it lean and consolidate where you can.
DKIM: proof the message was not altered
DomainKeys Identified Mail adds a cryptographic signature to every message. You publish a public key in DNS, and your sending system signs each email with the matching private key. The receiving server uses the public key to verify the signature, confirming two things: the message genuinely came from your domain, and it was not modified in transit.
For invoices, DKIM matters enormously. It is the technical proof that a payment request is authentic, which is exactly the reassurance that fraud-wary accounts payable teams and spam filters are looking for.
DMARC: the policy that ties it together
DMARC builds on SPF and DKIM by telling receiving servers what to do when a message fails authentication, and by requiring alignment. Alignment means the domain in the visible From address must match the domain validated by SPF or DKIM. Without alignment, a message can technically pass SPF or DKIM while still spoofing your brand.
A DMARC record lets you set a policy of none, quarantine, or reject, and it can request aggregate reports so you can see who is sending mail as your domain. Most teams start at none to monitor, then tighten toward quarantine and eventually reject once they are confident legitimate mail is properly aligned.
SPF and DKIM prove a message is authorized and intact. DMARC makes sure those proofs line up with the brand the customer actually sees.
Why alignment is the part people miss
This is the most common stumbling block. A business sends invoices through a third-party tool, the tool's own domain passes SPF and DKIM, but the visible From address shows the business's domain. DMARC sees a mismatch and the message fails alignment. The fix is to send in a way where authentication is aligned to your domain, not the tool's.
This is precisely why we recommend sending invoices from your own domain. When the From address, SPF, and DKIM all point to the same domain you control, DMARC alignment falls into place and inbox placement improves.
How Just Efficient Billing keeps invoices aligned
At Just Efficient Billing, deliverability was a design goal rather than an afterthought. Invoices are sent from your own domain, optionally through your own SMTP relay, with SPF and DKIM aligned so DMARC passes cleanly. You publish a small set of DNS records once during setup, and from then on every invoice email is authenticated as yours. The exact records and verification steps live in our documentation.
A short checklist before you send at scale
- Publish SPF and confirm it stays within the DNS lookup limit.
- Enable DKIM and verify the signature passes on a real test send.
- Add a DMARC record starting at a monitoring policy, then review the reports.
- Check alignment by confirming your From domain matches the authenticated domain.
- Tighten the DMARC policy toward quarantine or reject once monitoring looks clean.
The bottom line
Deliverability is not glamorous, but for a billing operation it is foundational. Invoices that consistently reach the inbox get paid faster, generate fewer support tickets, and protect your brand from spoofing. Getting SPF, DKIM, and DMARC right is a one-time investment that pays off on every invoice you send afterward.
If you want a hand auditing your current setup or aligning your domain correctly, get in touch and we will help you get every invoice to the inbox.