The current "from email" field in the contacts page of email campaign building doesn't have any guard rail. We allow to send from unapproved and unconfigured domains in the from email field. Multiple customers have reported accidently sending with a typo domain because the from field doesn't auto populate configured/approved domains so customers have to type in the from email every time. For example - Today someone can send an email to 100k contacts from xyz@test .com without any scrutiny. This is a big abuse and security risk on our platform. A new prospect(from QCI partnership) we are talking to has one of their requirement to have a secure from email field to sign a deal with us. I have raised this request many times in the past but doesn't seem to have received much attention although it is a priority.
We need to lock the from email field and show a drop down list of only approved and configured domains to select in the from email field. This will prevent accidental and intentional misuse of from email field.
