What the 'via' line in Gmail really means.

You've seen it. A letter from hello@yourbrand.com arrives in Gmail, and Gmail displays the sender as Your Brand <hello@yourbrand.com> via amazonses.com. Or via sendgrid.net, or mailgun.org, or some other third party. The “via” line is small, grey, easy to miss — and it's telling you something specific.

This is a short explainer of what the via line means, why it shows up, what it costs you in open rates, and the specific configuration change that makes it go away.

§ What it technically means.

The via line appears in Gmail (and, with slightly different wording, in Outlook and Apple Mail) when the domain in the From: header doesn't match the domain that authenticated the message via DKIM. The two domains are both legitimate — neither is spoofed — but they disagree, and Gmail surfaces the disagreement to the reader.

The disagreement usually happens for this reason: your email service provider (ESP) signed the outbound message with their DKIM key, not yours. So the letter claims to be from your domain (that's what the recipient reads), but cryptographically it was signed by amazonses.com, or sendgrid.net, or whatever your ESP's default signing domain is. Gmail's display logic is: show both, let the reader decide.

The via line is not a spam signal. It is a trust signal — specifically, a weakened one.

§ Why it hurts open rates.

Research on email engagement suggests the via line reduces open rates in the 2-8% range, depending on the audience. The mechanism isn't mysterious — readers are more likely to trust a letter that appears to come unambiguously from the brand they recognise. Any visible “wait, what's amazonses.com?” is friction.

For transactional mail, the stakes are higher. A password reset from YourBrand via amazonses.com reads, to a non-technical user, as slightly off — as if the reset came from a third party you've never heard of. Some readers will delete it. A few will flag it as phishing. Both outcomes damage your sending reputation.

For marketing mail, the stakes are lower but compounding. Small open-rate drops accumulate across campaigns. If your newsletter to 10,000 subscribers opens 4% less because of the via line, that's 400 fewer reads per issue, every issue, forever.

§ How to fix it.

The fix is to sign outbound mail with your domain's own DKIM key instead of your ESP's default one. In most ESPs this is called “custom authentication” or “branded sending domain” — the specific term varies by vendor, but the mechanism is the same:

1. 01Generate a DKIM key pair for your domain (or let the ESP generate one).
2. 02Publish the public half at {selector}._domainkey.{your-domain} in DNS.
3. 03Configure your ESP to sign outbound with that key instead of its default.
4. 04Verify. The via line disappears within the hour, for all future sends.

This also fixes DMARC alignment (covered in the SPF/DKIM/DMARC piece). When DKIM is signed by your own domain, the d= tag in the DKIM-Signature header matches the From: domain, DMARC's alignment check passes, and your reputation stays tied to your domain rather than leaking via the ESP's.

§ Why per-domain matters for portfolio operators.

If you run three businesses and send all three through the same ESP with the same default DKIM configuration, all three get the via line. Worse: if one of them runs a reputation-damaging campaign, it drags all three down — because the cryptographic signature they share is what mail servers use to identify the sender.

Per-domain DKIM decouples this. Each of your three domains has its own key, its own reputation, its own via-line-free display. A bounce storm on one domain doesn't touch the other two. This is one of the concrete reasons Folio generates a fresh DKIM key pair for every domain you bind, rather than using a shared signer.

§ The five-second test.

Send yourself a letter from each of your sending identities. Open each in Gmail on the web. Look for “via [something]” next to the sender name. If you see it, your outbound is being signed by someone else's DKIM key, not yours. Fix the ESP configuration, or switch to a provider that signs per-domain by default.

It's a five-second check. The open-rate gain from removing it will pay for the afternoon spent fixing the DKIM configuration, on the very next send.