I've always included -f flag in my php applications because I thought it is important as the documentation told us:
The user that the webserver runs as should be added as a trusted user
to the sendmail configuration to prevent a 'X-Warning' header from
being added to the message when the envelope sender (-f) is set using
this method. For sendmail users, this file is /etc/mail/trusted-users.
So it looks like it is used to prevent spoofing - by verifying who I am. Then I did a experiment. It turns out, if I do not include -f, there will still be no X-Warning when I send mails. In fact, the sender doesn't even need to be myself. For example, I tried Obama#whitehouse.org as sender, and I received the email with no warning. I even tried using Obama#whitehouse.org to send out a few hundreds of emails to multiple email accounts, and they didn't get flagged as spam.
So, my question is, what does -f flag really do (since it seems to me that without it, emails will send through just fine)?
The -f flag is used to specify the envelope sender address. You should use the -f flag to set this address so that it matches the FROM address in the headers of the message, otherwise some spam filters will be more likely to treat the message as spam due to the fact that the two do not match.
You can do something like the following to set both, so that they match:
$to = "to#to.com";
$from = "from#from.com";
$subject = "subject";
$message = "this is the message body";
$headers = "From: $from";
$ok = #mail($to, $subject, $message, $headers, "-f " . $from);
Related
This question already has answers here:
PHP mail function doesn't complete sending of e-mail
(31 answers)
Closed 6 years ago.
I'm using a basic script on a 1&1 hosted server:
$recipient = "email#domain.com";
$sender_name = $_POST['name'];
$sender_email = $_POST['email'];
$subject = $_POST['subject'];
$message = $_POST['message'];
$headers = "MIME-Version: 1.0"."\r\n";
$headers .= "Content-type:text/html; charset=UTF-8"."\r\n";
$headers .= "From: {$sender_name} <{$sender_email}>"."\r\n";
$headers .= "Reply-to: {$sender_name} <{$sender_email}>"."\r\n";
mail($recipient, $subject, $message, $headers);
..but for some reason am not receiving any emails, nor any errors as per PHP mail() function not sending email instructs.
I thought this may be a server issue but 1&1 states that it is fully supported. I've also sent emails from this server/hosting before using just a recipient, subject and body and so I'm rather unsure as to why it is not working now!
UPDATE
Sending without headers, i.e.:
mail($recipient, $subject, $message);
..does work, so it would appear to be an issue with using the headers?
There may be many reasons, for example you should study what SPF is.
The $sender_email can't be any address, for example you can't put a gmail address and send emails claiming to be that sender, without any authentication, you aren't allowed to send email on behalf on that address, because I could for example send emails putting your address in the from, pretenting to be you when I'm not (I tried to use simple words)
You should use in the From something ending in #yourdomain.com, and set up SPF to allow your server's IP to send emails for that domain. OR otherwise send emails through SMTP (with PHPmailer, for example, it's very easy)
Errors in header does affect the mail delivery. if you send email with wrong headers, for example, let's say the email of the user is user#email.com and his name is "user user", and you send the email to user#email.com it might cause the email to go in spam or not accepted at all if it doesn't match on server.
Gmail, for one, has a name associated with every email id. if you put a wrong name with the email, there's a chance the email might not show up in inbox or sometimes even spams.
"But in the link I attached the example given uses a 'from' header set by a form input?"
if you want your users to be able to send email to you, best idea would be to use your own email address as the sender email. E.g. if your website is at website.com, configure an email like "contact#website.com" and configure your script to use this as From header, you can send it to your own email at the same domain(website.com) or any other email which you authorize. You can add the users's actual details in the mail. that'll ensure the successful delivery of the email always.
When I send a mail with PHP the destinatary gets a header like this one:
noreply#justwalk.it **via** de p3nlhg147.shr.prod.phx3.secureserver.net
I want to remove the "via" part. Most automated mails from websites don't have the "via" so it's certainly possible to remove it.
How do they do it?
Yes, you can get rid the "via" part. Here's the details:
1) SPF and DKIM
Firstly, you would need to set an SPF record for the domain you are sending emails from and enable DKIM as well. These are primarily for identifying your messages against spam.
2) "From: anything#yourdomain.com"
Secondly, make sure you are setting the “From: ” header to be an email address on the domain you are sending messages from. Don’t pretend to be someone else. Use “From: someone#abc.com” if you are sending the messages from abc.com, rather than anything else, such as blah#def.com, or yours#gmail.com, or whatever. If you want the recipient to reply to your Gmail email instead of your domain email, use the “Reply-To: ” header. “From: ” must always be the domain email that you are sending the email from.
3) "Return-Path: return#yourdomain.com"
Thirdly and most importantly, set the “Return-Path: ” header to be the same domain as that of the “From: ” header. Use the 5th parameter of the mail() function for this:
mail('recipient#example.com', 'Subject', "Message Body", $headers, '-freturn#yourdomain.com')
So the Return-Path of this message would be “return#yourdomain.com” (the email address immediately following the -f switch). The $headers parameter should contain all the necessary message headers. Make sure “From: ” is something#yourdomain.com.
After these steps and measures, Gmail should now completely trust your messages from yourdomain.com. The ‘via‘ field of your messages should be gone and the ‘mailed-by‘ field as well as the ‘signed-by‘ field should be correctly showing up as yourdomain.com.
Hope it helps!
I also fetched the same problem. But I have overcome the problem by using the following code:
mail('maaaa#abcd.com', 'the subject', 'the message', null,'-faaa#abc.com');
Make sure that last parameter is -f with the email address.
You can add the
$headers = "MIME-Version: 1.0\r\n";
$headers .= "Content-type: text/html; charset=iso-8859-1\r\n";<br />
mail('maaaa#abc.com', 'the subject', 'the message body in html format', $headers,'-faaaa#abc.com');
for the html message body in email.
This is probably added by your MTA and you didn't say which MTA you are using.
I'd recommend sending the mails not by PHP's mail() function but via SMTP, possibly even with SMTP-Auth, using something like PHPMailer.
#Mujibur is also right, But I used. But Didn't missed Headers too.
mail($to, $subject, $message, $headers, '-f'.$from_email_address);
And its successful to me, Let's check it from your side.
See what Google says about this here: http://support.google.com/mail/bin/answer.py?hl=en&ctx=mail&answer=1311182
All the best!
I am looking to create one email (example#domain.com) to forward to all email addresses in a database.
People can email to example#domain.com, and then that email would get blasted to a list of predefined email addresses. It would need to include support for attachments.
I realize this is not secure at all and leaves this email address open to anybody to use, but this is what our organization wishes to do.
What would be the best way to do this on a PHP server?
Thanks.
This can be achieved in PHP Server as you have to go in depth of following things:
Email Piping
Email Headers
MIME Email attachments
Mailing List Management
While emailing to a lot of people in the way you mentioned is not a good idea...
You can use PHP's "mail" function:
$to = "user1#domain.com, user2#domain.com"; //(Comma separated list of emails)
$from = "noreply#domain.com";
$subject = "Hello";
$message = "Hello there!";
$headers = "From: ". $from . "\r\n".
"Reply-To: ".$from . "\r\n";
//send it
mail($to, $subject, $message, $headers);
while($row = mysql_fetch_array($emails))
{
$addresses[] = $row['address'];
}
$to = implode(", ", $addresses);
And then send mail using mail function ... mail($to, $subject, $message, $headers);
The way you have worded your query is a bit confusing but it seems you have a hosting server that is going to receive emails to a domain email. You then want to have those emails autoforwarded to a list of recipients. It looks like you want to investigate (given you mention sendmail) linux mail services and autoforwarding. You may be looking at postfix and possibly using procmailrc to trap and redirect incoming mail on your server.
I have done this with procmailrc before but it really depends on what service is handling the incoming mail.
There is no problem calling a CLI PHP script as suggested by #George to then read your recipients from the database and do the sending.
While Arthur's answer made sense and most likely would work, I ended up finding that my host had the feature I was looking for buried deep inside it. For those who were wondering, it is called discussion lists.
I want to send out a link for user to verify their account after they register. But when I use www.singapore.com at the $message I am able to receive the email, but when I change it back to www.singapore.com.sg I can't receive it. I wonder is it because of the link or there is some error in my codes? Please help me.
$domain ='www.singapore.com';
$id = mysql_insert_id();
$to = 'myemail#gmail.com';
$subject = "E-mail Verification";
$message = 'Click on the link to verify your account: http://'.$domain.'/rates/activation.php?id='.$id.' ';
$headers = "From: <Singapore> \r\n";
mail($to,$subject,$message,$headers, '-f enquiry#singapore.com.sg');
Do you need the -f envelope option? If memory serves, any address put in there needs to be already added as a trusted user in the sendmail configuration.
I found this on the PHP mail docs:
The user that the webserver runs as should be added as a trusted user
to the sendmail configuration to prevent a 'X-Warning' header from
being added to the message when the envelope sender (-f) is set using
this method. For sendmail users, this file is /etc/mail/trusted-users.
Are you simply trying to set the reply to and from addresses? If so, use the $header for that and don't bother with the additional parameters.
$headers = “From: enquiry#singapore.com.sg” . “\r\n” . “Reply-To: enquiry#singapore.com.sg”;
Something is wrong with your code. Change it to this
$message = 'Click on the link to verify your account: http://'.$domain.'/rates/activation.php?id='.$id;
It has extra quotes at the last.
Hope that helps.. :)
I have the following code which works on some servers and does not work on others:
$Name = "myname"; //senders name
$email_sender = "myemail.dia#gmail.com"; //senders e-mail adress
$recipient = $email; //recipient
$mail_body = "The text for the mail..."; //mail body
$subject = "Subject for reviever"; //subject
$header = "From: ". $Name . " <" . $email_sender . ">\r\n";
$status = mail($recipient, $subject, $mail_body, $header);
print('ENVOI '. $status);
The $status variable is true but I don't see any email.
$status being true doesn't mean the mail was RECEIVED by your recipient. It just means the mail function successfully delivered the mail to the LOCAL delivery agent. After that it's out of PHP's hands.
The process looks something like this:
PHP script calls mail()
mail() delivers message to the local mail server (sendmail, postfix, exim, etc..)
mail(), having successfully completed 'delivery' of the email, returns TRUE
local mail server connect's to recipient's mail server, delivers mail
recipient's mail server does whatever it has to to get the email into the recipient's inbox.
Since mail() is returning true, that means that at least your sending code is correct enough to not cause things to blow up at that stage. That leaves delivery problems between your and the recipients' mail servers:
a) Perhaps the recipient is using greylisting (in which case the mail SHOULD eventually show up). Maybe your server gives up before the greylist timeout period expires, so the retry attempt(s) is never made.
b) your mail server is blacklisted. Your server, and/or some other potential spam source is in the same netblock have been added to one or more anti-spam RBL lists the recipient subscribes to.
c) Perhaps the remote server is very prickly about header correctness and your server's a bit too relaxed about one or more headers.
At least these problems SHOULD be visible in your own mail server's maillog (generally /var/log/maillog on most Unix-ish systems). Try sending a test mail while watching the log to see how the message procedes through the system. Also check the server's outgoing mail queue (mailq command, usually). Maybe the missing messages are stuck in there.
And then there's the bigger problems:
d) the remote mail server is accepting the message, but silently tossing it because it's flagged as spam or as infected. This you can't detect from your own mail logs, as this is done purely on the recipient end. All you'll see is the "250 OK" success message.
For this you'll need the recipient's help in diagnosing the problem.
This may or may not be related but you have a pretty simple header, I would replace your header variable with something like what's below and see if that changes anything for you.
$headers = 'From: ' .$email_sender. "\r\n" .
'Reply-To: ' .$email_sender. "\r\n" .
'X-Mailer: PHP/' . phpversion();
Make sure you smtp setting are correct on the servers in question.