I have a website with a webform which users can use to contact a company. The webform internally creates an email in PHP using PHPMailer and is sending this email via SMTP to the company.
The company has a customer-management-system which identifies the user by looking at the sender of the email. Which means I couldn't send the email from the form from "form#example.com" to "customer-relations#example.com", but need to send it from "customeremail#customerdomain.com" to "customer-relations#example.com".
This worked for some years now, but since some time, we get the error-message:
"envelope sender not allowed customeremail#customerdomain.com"
for example from emails from #gmail.com. Other domains still work.
I understand that it is not good practice to "fake" the sender of the email to make the identification of the customer-management-system work. The developer of the customer-management-systems are not able to offer a solution yet (no comment on that...), so perhaps there are any ideas here which we could try to make this work?
Related
I want to use PHPMailer configure the contact page for my website. The prroblem I am facing is that for the script to work, the from address has to be set in the local server e.g. if my domain is example.com, the from address has to be name#example.com. When I set it this way, the script works perfectly.
the issue I'm having is that being a contact page, the from address has to be the senders email address this there for means that if a customer contacts me with the email address like name#email.com, the script will throw an error similar to the one below:
SMTP ERROR: DATA END command failed:
550-Your FROM address ( name#email.com , Dev Customer 550-)
must match your authenticated email user ( name#example.com ).
Does anyone have any idea on a way to work around this? Or are there any alternatives? I will appreciate any form of assistance offered. Thank you in advance.
As per Tigger's suggestion, you should never send using the submitter's address as a From address. It's forgery, and will make your messages fail SPF checks, causing you no end of delivery problems either with messages bouncing or consigned to spam folders. It's been actively advocated against for at least a decade anyway, and it's also one of the practices that would cause you to be vulnerable to the security hole in PHPMailer fixed back in December.
Since you've tagged this with PHPMailer, I'll show how to use that to do what you ask:
$mail->setFrom('me#example.com', 'Contact form');
$mail->addReplyTo($_POST['email'], $_POST['name']);
This is exactly what the example contact form script provided with PHPMailer does. It's also worth checking submitted values - addReplyTo will validate the address automatically, so you should check the return value to be sure.
There may be some email clients that do not handle reply-to addresses correctly, but you should not expose yourself to being blacklisted because of the ineptitude of a small number of clients.
I'm running a wiki based on mediawiki 1.21.11. Because I can't prevent users to change their e-mail address, I want to get informed (e.g. by mail) about this change.
My question: is there any possibility to send e. g. a copy of the notification mail or another notification including the old or new e-mail address to a specified recipient when users change their e-mail address?
You can prevent users from changing their email address with an auth plugin, although it seems like a horrible thing to do. You can use some hook to send you notifications - PrefsEmailAudit or UserSetEmail if you don't require confirmations, ConfirmEmailComplete if you do.
I notice that a lot of websites like Facebook and GitHub allow you to reply to an email notification which then posts the reply back to the application using a unique Reply-To address. How does this work on the back-end? I searched a lot but, only found that people were using unique Reply-To addresses. That's understandable but, what do they use to receive these emails? Do these companies set up email servers? I am trying to build this using PHP.
A common method is to set unique message ID's in the outgoing email and then looking at the In-Reply-To header to see which email this was in reply to. That lets you match up your server application's messaging system to emails. For example, if you send an email that represents a help desk ticket with ID 1234, the Message-ID could be something like
ticket-1234#myserver
Then, in email clients that work nicely (I'm looking at you Android), when you hit Reply, the reply has the header In-Reply-To: ticket-1234#mysever. You can go further by adding security tokens to ensure people can't forge messages (e.g. ticket-1234-hf29e9f2gf2e9fh29f#myserver). That security token is generated on the server when you send your first message and is then confirmed in the reply.
This normally works but can cause real headaches when email clients don't behave as they should!
This is how GitLab manages emails by using an identifier in the email address itself and catching it when the user replies. Although it is not relevant to any scripting language like PHP and uses server configs, this is what backend servers do to support reply by email functionality.
You have to set up a mail server to receive mail answers.
SIEVE filters on a IMAP server could be use to make some actions when a certain filter is detected.
But you can't only use PHP to make that type of system.
I have a web app which needs to send emails to clients 'From' staff email addresses. What's the best way to prevent my messages from being flagged as spam?
For instance, if I own charles#gmail.com, I'd like to be able to send mail "From" that address with PHP in my App, without getting the "This message may not have been sent by...." message.
Right now I'm just using the mail() function within PHP, with Headers for the From, Return Path, and X-Mailer variables.
I'm generally pretty confused by everything I've read so far about SPF and DKIM, so I appreciate any advice. Thanks.
This is a very lengthy subject with lots of things to consider.
The most important rule is to not use HTML and to send only correct mails that people want, and that the recipients do not flag as spam theirselves.
For instance, if I own
charles#gmail.com, I'd like to be able
to send mail "From" that address with
PHP in my App, without getting the
"This message may not have been sent
by...." message.
If you own a gmail address you could just sent the messages via gmail's SMTP service, but keep in mind that gmail has a 500 email sent limit. Below is a topic describing how to use gmail's SMTP server with the popular PHPMailer.
Right now I'm just using the mail()
function within PHP, with Headers for
the From, Return Path, and X-Mailer
variables.
Outsourcing this is probably the way to go using for example:
http://sendgrid.com/
We also offer a Free Plan with 200
Email Credits per day.
To read pricing visit http://sendgrid.com/pricing.html
http://elasticemail.com/
No monthly committments, no minimums,
no limits. Just pay for what you use
at $0.001 / email or less.
http://aws.amazon.com/ses/
Email messages are charged at $0.10
per thousand.
http://aws.amazon.com/ses/pricing/
http://www.cloudsmtp.com/
http://postmarkapp.com/
Just to name a few which are very cheap to use without any hassle/setup.
If instead of using the mail() function, you use an SMTP mailer such as the PEAR mailer package then you can send the mail using google's own SMTP servers. This will require you to provide the correct credentials to the google account you wish to send from. This should avoid the issue you are having.
One of the first things you need to ensure is that the email "From:..." really is from your server e.g your_mailings#yourcompany.com and it must exist and be a valid email on the server where the script works. You should try setting the sendmail user at the top of your script (assumes Linux server):
ini_set('sendmail_from', 'your_email#your_server.com');
Then you add a "Reply-To:" header and use your staff addresses perhaps and recipients will at least seem to have got an email that can be replied to. Without that you probably won't even get as far as being spam, you will get blocked on the way there.
This thread shows some of that and note the comments on PHPMailer - it is a good way to handle mailing and I have found it more successful than simple mail();
PHP mail form isn't working
I am using phpmailer to send email. I need to know how to hide or mask sender email address
You can specify any sender email address anyway, since SMTP by itself does not place any requirements on sender email addresses.
If the actual SMTP server you use places restrictions on email addresses (e.g. corporate servers which do not allow sender emails outside of the company domain) there's no way around that, unless of course you can influence the mail server configuration.
Update:
You say in a comment that you want to use gmail to send email where the sender's address is not a gmail address. There is no way to do that.
This is a rare situation you have here... if you do not have a mail server you can still tell PHPMailer to send from a different address just set the From attribute of the PHPMailer object to the address you want. But Wait! if your server doesn't exists, the client can't verify the account and then your mail will more likely be deleted (moved to spam in the more benevolent scenario). If you are trying to mimic third party mail, I'll help you no futher.
Note: Your mail server may be valid but clients are still unable to verify it, and thus you are getting mails delivered to spam or deleted. Check "Must Read" to below to have some inside on how to solve this.
On the other hand, if you already have a mail server, then tell PHPMailer you want to use it, set the Host and Port attributes to your domain name and port respectively. The same if you want to use an account form a different server, remember to set the attributes Username and Password correctly, you may also need to set SMTPAuth = true; and SMTPSecure = 'ssl'; depending on the server. [Note: Username and From may differ]
Now, if you want to use an account from Gmail, you could easily set an alias in Gmail to send as another account [Go to Settings-> Accounts And Import -> Send mail as -> (click) Send Mail From Another Address], that can be the case if you have a mail server but you cannot afford to have it online, you will need to start your server so you can receive the confirmation code Gmail generates to verify your account. Check recommended read for PHP side configuration details.
Lastly if for some rare circunstancies you can't tell PHPMailer to use your mail server, but you do in fact have one, and that one is able to recieve the mail... you can use AddReplyTo('me#example.com', 'My Name'); Most clients will understand that any reply to the message must be (unless explicitly defined by the user) directed to "me#example.com" in this case.
Disclaimer: I take no responsibility of any harm result of the use of the method I mention here, such as (but not limited to) your mail account getting banned.
Must read:
Coding Horror on sending mail via code
Recommended read: PHPMailer Tutorial (old version)
No need (neither a good way) to hide or mask whatsoever.
I assume you already know how to use the class you are talking about.
You probably have some variable for sending email, like
var $From = "someguy#whatever.com";
you can type whatever you want into that email address. Gmail dont care what email things is sent from.
And no, this dosent sound very legit.
One more thing: Gmail requires a gmail account to relay mails. Its no problem, it wont be visible.
You want to "show the company email address as sender" but you "didn't (sic) have any email server"?
Can anyone actually send you email at your company email address? If so, use that server which is hosting your email to send out from.
If you don't really have a company email address, then I suggest you get a gmail address like companyname#gmail.com and just send from that. Otherwise the email will appear as spam to a great many of your recipients.
Now, if the people you are about to send an email to actually signed up to be on your mailing list then you can use a third party application like Constant Contact to do your broadcasts from.
If they haven't, then I suggest you not send an email at all.
in mail headers you can have both a Sender: and a From: header which in most mail clients is displayed as either just the From or in some cases Sender on behalf of From, using this way is a nice and clean way to be able to send From a different mail address then the actual Sender mail server
This is highly illegal.
var $From = "someguy#whatever.com";
Is the only option your have for trying to hide email address. But no matter what your email will be inscribed with IP. Someone who knows what they are doing will still be able to trace the email back to the source.