In a simple contact form, the HTML form triggers a Php script :
<form method="post" action="email.php">.....</form>
This email.php sends me an email :
<?php
$mess=$_POST['name']. "\r\n" .$_POST['site']. "\r\n" .$_POST['email']. "\r\n" .$_POST['meta']. "\r\n" .$_POST['message'];
mail('myemail#gmail.com', 'Subject', $mess);
?>
The HTML is using jQuery validate plugin, but nothing like this on the Php side.
A Security expert told me how insanely unsecure this php script was.
What can I do to enhance security ?
My guess is that your "security expert" saw you using raw $_POST data and using the mail() function, and he freaked out, but didn't stop to actually check how bad things were.
He has a point in that using $_POST without doing any validation on it is almost always a recipe for being hacked, but in fact in this particular case I don't think it's too bad, because you are the only recipient (so it's not going to be used for spam, which is the main thing to worry about in these cases), and because the body is plain text (so a hacker can't send you any nasty scripts or attachments).
Without any validation, you could get some really weird emails as a result of hackers trying to find a way around your defences, but not too much else.
PHP's mail() function is a well-known soft target for hackers because there is an awful lot of insecure code out there that uses it. However the real danger with mail() tends to be if you use the headers parameter (ie to set things like the sender address, etc), which you haven't used. Since you're not using headers, the risks are a lot lower, and mainly limited to making it easy for someone to mailbomb you.
If you are still worried about the security of the mail() function, the best solution is to use a library like phpMailer instead.
To be honest, my advice whenever anyone wants to use PHP's mail() function is always to use phpMailer or Swiftmailer instead. And it's not even just about security; even for simple cases, they can make your code a lot easier to read and maintain.
One big flaw is that an attacker could trivially fill your inbox with malicious or junk messages which, besides being very annoying, would likely cause Google to put your domain on their spam list.
They could do this by writing a short script to call that PHP function with some arbitrary data, and loop through it for however long they want.
This is an alternative way of solving what you asking for. And I hope this can be useful for other askers, as I see similar questions coming op consecutively.
If you intend to make professional application and focus on your core business, then I suggest you use some secured email portals with API from like mailgun, mandrill or others. Both service offer a dash board where you can see e-mail status of how many emails are sent and delivery status, and a lot of other statistics. It is FREE for small usage. It is worth it using it, because you will solve some of following issues:
You do not need to think about maintaining security of your smtp server
Or even correct configuring your smtp
Solving block and black IP addresses
Server attack
Spam problem
And name the more
Both solutions provide API for PHP or other platforms.
Note: I have been my self used my own smtp server few years back, and you know all the time I put to fixing and maintaining the smtp server is not worth it, because I could spent that time doing better stuff and leave e-mail service part for professionals.
I'm confused about how mail works in PHP and CakePHP.
1.) What is the difference between sending an email either using the PHP mail function / CakePHP email helper or SMPTP as shown here: http://book.cakephp.org/1.3/en/view/1290/Sending-A-Message-Using-SMTP as the outcome looks the same?
2.) To specify who the email is coming from, you pass in the email in the header, but you can put whatever you want, so what is stopping you from just putting in anything? like yourbank.com? mail('you#gmail.com', "Subject", "Message", "From: <dave#yourbank.com>"); I just tried it and it worked fine and I couldn't find out anyway in Gmail to see if it didn't come from dave at yourbank.com...
Hopefully I can get some light on these two questions. Thanks.
1). CakePHP has a bunch of helpers & functionality implemented to make life easier when developing applications. As you've discovered, Cake has mail functionality. I suggest reading this whole page http://book.cakephp.org/2.0/en/core-utility-libraries/email.html (It's 2.0 not 1.3, so please not there have been some big alterations between the two versions). The article covers in depth on why you may configure something in a particular manner.
CakePHP is using the default mail function with PHP. It's just allow you to incorporate views into the content and configure the outgoing mail in a much easier manner.
2) As for putting in potentially any email address within the From Header.... this can potentially fall under the category of Email Spoofing, essentially sending an email when it's not authorized from the source (From Header). Again this links back to configuring specific mail servers.
By default mail clients and generally setup to prevent spam and junk, this is done by taking a large amount of steps. Some may be..
Keyword checking, (Checking the contents of an email for any
keywords classified as spam).
Header checking, <--- This is the one that answers your
question.
Essentially... headers are examined and checked to see if the server that the mail was sent from has the authority to use the given from address.
As I don't have enough technical knowledge, i'll throw a few pages your way which discuss setting up records against your DNS/Domain so emails are validated correctly and not put within spam folders.
http://www.ipswitch.com/support/imail/guide/imailgsv8.1/Appendix%20A%20dns4.html
http://help.postageapp.com/kb/application-features/dkim-and-spf-setup-and-validation
How to properly set up DNS SPF records?
I hope my jumbled ramblings make some sort of sense.
Question 1: PHP mail function uses your own server's built in email functionality to send email. If you use SMTP, you're connecting to another server (eg. Google's mail servers) and using that server to send the email.
CakePHP's email component can use either PHP mail, or SMTP, depending on how you configure it.
The outcome is basically the same in many respects. Which way is best for you will depend on your set up, the volume of email you're sending, whether your own server has any restrictions with regards to sending mail, etc. If you Google "PHP mail versus SMTP" or similar, then you'll get some info to help you decide which is best for you.
If you're not sending much email, eg. if you're just wanting to send the results of an enquiry form that gets submitted a few times each day, then just use PHP mail and don't worry about it.
Question 2: Although email programs put various measures in place to make sure mail is legitimate, basically nothing stops fake emails completely. You can send Fake email. Check out this site: http://deadfake.com/Send.aspx and in particular, their FAQ section: http://deadfake.com/FAQ.aspx
Spam filters do their best to catch fake emails, but ultimately it's up to the end user to keep their wits about them, especially with banking emails!
Let me explain what I mean in my title. Let's say, that for example I'm creating a small e-commerce system for one web shop/catalog. There's a possibility for customers to choose, do they wish to receive newsletters or not. If they do, then logically thinking the newsletters should be send immediately as the newsletter is formed and ready.
Of course it can be done simple by fetching all specified user e-mails from database and using for cycle to send mail via mail function in loop, but problem is that I was told, that this is bad practice. The simple and not cheap way would be purchasing internet service for sending newsletters, but what for the php programmer is needed, then?
So I ask you humble comrades, what from your point of view might be a solution?
NB! You probably won't believe me, but it is not for spamming.
UPD: I might have explained myself wrong, but I would like to hear a solution not only about the correct way to send mail, but also about the correct delivery. Since not every mail send is always delivered.
Of course there are some reasons, which are unpredictable. For example someplace along the way something broke and mail was lost (if such thing is possible), but there are also other reasons which are influenced maybe from server or elsewhere. Maybe there is need to talk with hoster about it?
There is no reason why you couldn't write it in PHP, although I would not make it a part of a webrequest / HTTP process. I've successfully implemented for give or take 500,000 subscribers per mailing (depending on local data available, as this was a location-specific project). It was an in-house project, so unfortunately no code/package for you, but some pointers I came across:
Setting up delivery
Started out with phpmailer itself, to take care of formatting, encoding of contents and headers, adding of attachments etc. That portion of it works well, and I wouldn't want to write that from scratch.
The 'sending' of an email itself is just setting some flag in a database whether / how / what should be sent to (a portion of) the subscribers.
After this flag is set, it will automatically be picked up by a cronjob, no more webserver involved.
I started out with a heavily polluted database with millions of email addresses, of which a lot were obvious not valid, so first thing was to validate all email addresses for format, then for host:
filter_var($email, FILTER_VALIDATE_EMAIL); over the subscribers (and storing the result obviously) got rid of the first few hundred thousand invalid emails.
Splitting out the host (and storing the host name) from the emails, and validating that (does it have an MX or at least an A record in DNS, but keep in mind: you can send email to an IP-address foo#[255.255.255.255], so do keep those valid)) got rid of a good portion more. The emailaddresses here are not permanently disabled, but with a status flag that indicates they're disabled because of the domain name / ip.
Scripts were changed to require valid emailaddresses on subscription / before insertion, this nonsense of 'you aint gonna get it#anywhere' subscription-pollution in the database was just ridiculous.
Now I ended up with a list of email addresses that had the potential of being valid. There are in essence 3 ways to detect invalid addresses (keep in mind, the all can be temporary):
They are denied immediately by the server.
The earlier determined server just doesn't listen to traffic.
They are bounced long after you thought you delivered them.
Strange thing, the bounces, which every emailserver seems to have another format forand were a hell to parse at first, ended up actually pretty easy to capture using VERP. Rather then parsing whole emails, a dedicated email address (let's call it mailer#example.com) was configured to rather then deliver to mailbox, to pipe it through a command, and if we sent email to user#server.tld, the Return-Path was set for mailer+user=server.tld#example.com. Easily parsed on receipt, and after how many bounces (mailbox could not exist, mailbox may be full (yes, still!), etc.) you declare an emailaddress unusable is up to you.
Now, the direct denial by the server. Probably we could have gone with properly configuring some MTA and/or writing plugins for those, but as the emails were time-sensitive, and we had to have absolute configurable control per mailing over last usable delivery time (after which the email was not longer of interest to the user), throttling per receiving server, and generally everything, it would take about the same time writing a mailer in PHP which we knew better, that used the SMTP protocol directly to socket 25 on receiving servers. With a minimum amount of effort the possibility of another transport then the default choices in PHPMailer was built-in. The SMTP protocol is actually quite simple, but there are some caveats:
A lot of receiving server apply Grey Listing: most spambots will not really care if a specific mail arrives, they just churn them out. So, if an unknown / not yet trusted sender send mail, it will be temporarily rejected. Catch that (usually code 451), and place the email in the queue for later retry.
A mailserver, especially of the larger ISP's and free services (gmail, hotmail/msn/live, etc.) will not stand for a torrent of mail without fighting back: after the first couple of hundred / thousand, they start rejecting you. More about that later.
Getting speed
Now, we had a delivery system that worked, but it needed to be fast. Sending a 10,000 emails in an hour is all fine if you only have 10,000 addresses to send to, but the minimum we required was about 200,000 per hour. Start of it was a dedicated server (which can actually be pretty low powered, no matter what you do, most of time taken in delivery of email is in the network, not on your server).
Caching of IP's: remember all those IP's we requested from hostnames in email addresses? We stored those obviously, and looking up their IP's again and again causes considerable lag. However, IPs may change: a DNS record there, another MX at another place... the data gets stale fast. Most of the time the server isn't actually sending anything (subscription newslettters come in bursts obviously), a low-priority cronjob is running checking all hostnames with a stale IP (we chose older then 1 day as being stale) for an IP address, including those which previously had none (new domains get registered all the time, so why shouldn't a domain become available the day after someone already enthusiastically subscribed with his/her brand new email address? Or server problems with some domain are solved, etc.). Actually sending the emails now required no more domain lookups.
Reuse of the SMTP connection: setting up a connection to a server takes relatively a large portion of the time to deliver an email when you're talking directly to port 25. You don't have to setup a new connection for every email, you can just send the next over the same connection. A bit of trail-and-error has resulted in setting the default here to about 50 emails per connection (assuming you have that many or more for the domain). However, on failure of an emailaddress closing and reopening the connection for a retry sometimes helped. All in all, this really helped to speed things along.
Some obvious one, so obvious I almost forgot to mention it: it would be a waste to have to create the body of the email on the spot: if it's a general mail, have the body ready (I altered PHPMailer somewhat to be able to use a cached email), possibly days before (if you know you're going to send a mail on Friday, and your server is idling, why not prepare them on Wednesday already? If it's personalized, you could still prepare it beforehand given enough time, if not, at least have the non-personalized portions waiting to go.
Multiple processes. Did I mention much of the time it takes to deliver email is spend on the network? One mailing process is not nearly getting the most from your emailserver, barely noticable load and the mails are trickling out. Play around with a number of processes mailing different portions of the queue to see what's right for your server/connection, but remember 2 very important things:
Different processes make you very vulnerable to race conditions: be freaking absolutely sure you have a fullproof system that will never send the same mail twice (thrice, of even more). Not only does it seriously annoy users, your spamrating goes up a notch.
Keep domains together where possible: randomly picking from the queue you will lose the advantage of keeping an open connection to the server receiving email for the domain.
Avoiding rejects
You're going to send a lot of mail. That's exactly what spammers do. However, you don't want to be seen as a spammer (after all, you aren't, are you)? There are a number of mechanisms in place which will thoroughly increase your trustworthiness to receiving servers:
Have a proper reverse DNS: processes checking the DNS belonging to the IP that is sending the email like it very much if the second level domains match: are you sending mail on behalf of example.com? Make sure your server's reverse DNS is something like somename.example.com.
Publish SPF records for your domain: explicitly indicate the machine used to send your bulk email is allowed & expected to send mail with that From / Return-Path headers.
remember rejects: servers don't like it to tell you again and again that different email addresses don't exist. Either automated mechanisms, and even human admins, blocked our server while we worked through all non-validated email addresses that did (no longer) exist. We didn't employ a double opt-in until later, so the database was polluted with typos, people switching IPs and thereby email address, prank email addresses and so on. Be sure to capture those invalids, and given enough or sever enough failures, unsubscribe them. They're doing you no good, they're hogging resources, and if they really want you mail and the mailbox becomes available later, they'll just have to resubscribe.
DKIM is another mechanism that may increase your trustworthiness, but as we haven't implemented it (yet), I cannot tell you much about that.
MX records: some servers still like it if your sending server is also the receiving server for the domain. As it was at the time, we had only 1 MX, and as the mailing server was still not that very busy, we dubbed it the fallback MX server for the domain. The normal MX server was not the server sending the subscriptions, as it is very irritating to be temporarily blocked by a server you're trying to send an important email to (clients etc.) because you already sent a load of less important mail. It does have the highest preference as receiving MX, but in the event it would fail we had the nice bonus that our subscription sending server would still be fallback for delivery, so in crisis we could still get to it, preventing awkward bounces to customers trying to reach us.
Tell them about you. Seriously. A lot of major players in free email addresses like live.com offer you the opportunity to sign up in some way, or have some point of contact to go to for help & support if your emails get rejected. I you have a legitimate reason to send so many emails, and it is believable you have that many subscribers, chances are they seriously up the number of emails you can send to their server per hour. A meager 1,000 may become somewhere in the ten-thousands or even higher if you are persuasive and honest enough. There may be contracts, requirements you have to fulfill, and promises you must make (and keep) to be allowed this. ISP's are a brand apart, and every other player is different. Don't bother calling them usually, because 99% of the time the only numbers you can find will only have people willing to troubleshoot your internet connection, which understand (or are allowed) little else. An abuse# email address is a good place to start, but see if you can delve up a more to-the-point email address up from somewhere. Be precise, honest and complete: roughly how many subscribers of you have an emailaddress with that ISP, how often are you trying to mail them, what are the errors or denials you receive, how is the subscribe & unscubscribe process like, and what is the service you actually provide to their customers. Also, be nice: how vital sending those mails may be to your business, panicking about it and claiming terrible losses does not concern them. A polite statement of facts and wishes, and asking whether they can help rather then demanding a solution goes a very long way.
Throttling: as much as you tried, some server will accept only a certain amount of mail per hour and/or day from you. Learn those numbers (we're logging successes & failures anyway), set them to a reasonable default for the normal domains, set them to agreed upon limits for bigger players.
Avoiding being tagged as spam
First rule: don't spam!
Second rule: ever! Not a 'once off', not a 'they haven't subscribed but this may be the deal of a lifetime to them', not with the best intentions, people have had to ask for your emails.
Obviously set up a correct double opt-in subscription mechanism.
PHPMailer does set proper headers on its own,
Set up an easy unsubscribe mechanism, by web (include a link to it in every mail), possibly also email and customerservice if you have it. Make sure the customerservice can unsubscribe people directly.
As said earlier: unsubscribe (excessive) fails & bounces.
Avoid spammy 'deal of a lifetime' wordings.
Use url's in your emails sparingly.
Avoid adding links to domains outside your control, unless you are absolutely sure you can trust them not to spam, if even then...
Provide value to the user: being tagged as spam by user-interaction in google/yahoo/live webmail clients seriously hurts future successes (on a site note: if you sign up for it, live/msn/hotmail will forward all mail to you send by your domain which is tagged as spam by users. Learn to love it, and as always: unsubscribe them, they clearly don't want your mall and are hurting your spam rating).
Monitor blacklists for your IP. If you appear on one of those, it's bye bye, so immidiate action in both clearing your name and determining the case is required.
Measuring success rate
With the whole process under your control, you are reasonably sure the email ended up somewhere (although it could be the MX's bitbucket or a spam folder), or you have logged a failure & the reason why. That takes care of the 'actually delivered' numbers.
Some people will try to convince you to add links to online images to your emails (either real or the famous 1x1 transparent gif) to measure how many people actually read your email. As a high percentage blocks those images, these numbers are shaky at best, and our believe is we just shouldn't bother with them, their numbers are utterly unreliable.
Your best bet for measuring actual success rate are a lot easier if you want the users to do something. Add parameters to links in the mail, so you can measure how many users arrive at the site you linked, whether they performed desired actions (watched a video, left a comment, purchased goods).
All in all, with all the logging, the user-interface, configurable settings per domain / email / user etc. It took us about 1,5 man-month to build & iron out the quirks. That may be quite an investment compared to outsourcing the emails, it may be not, it all depends on the volume & business itself.
Now, let the flaming begin that I was a fool to write an MTA in PHP, I for one thoroughly enjoyed it (which is one reason I wrote this huge amount of text), and the extremely versatile logging & settings capabilities, per-host alerts based on failure percentage etc. are making live oh so easy ;)
Using something like Swiftmailer, PHPmailer or Zend_mail are much better alternatives to using the simple mail() function as it can be easily marked as spam. There are simply too many issues with mailing that need to be considered - most of these are solved by using pre-existing libraries.
Just a few problems that need to be addressed when sending mass emails manually:
Using incorrect headers.
Processing bounced messages
Timing out of script due to an influx of emails.
Edit:
Probably not the answer you're looking for. But, I would strongly suggest you invest in something like Campaign Monitor or Mail Chimp. Since this process is not for educational purposes, but commercial, I would strongly suggest the above services.
I got your question, but before replying, let's me go to usual considerations. First, I strongly recommend using a service like Mail Chimp. It's kinda free for small jobs, and has many cool features, like tracking back how many emails were open, how many were clicked, how many failed on deliver... Think about make a favor to yourself and don't reinvent the wheel.
Now, for getting to know purpose, let's go to the reply to your question.
First thing to have in mind is to enforce your list to be a good one. How to do that? Well, for a good list, I mean a valid email addresses list. Simple put a newsletter form on your page, with just one field (maybe a captcha, but I don't think it is necessary).
Save all input to a database table, with a field "isValid" set as false by default, and any kind of unique hash. Then you send a confirmation email, with a link (with the hash generated) for confimation which when clicked will make the "isValid" flag true, and a link for cancelation (ALWAYS send this cancelation link within all your emails).
This is what stores and serious sites do. Anything that force your customers/visitors to receive is a bad moral practice (ie, spam).
Second thing, use a good hosting service. Too cheap services usually are used by spammers, and major email services blacklist everything coming from those addresses.
I know, you should be asking yourself if I get your question wrong. No, I don't, technical stuff comes now.
Why is a bad practice put a mail function inside a for loop? Simple. Because function mail do several operations everytime it is called. PHP, will open a connection to mail server, send data to be parsed, ask for sending, register mail server status, close connection, bubble up status to finish the mail function you called and clean up the memory mess.
This connection overhead is the problem people state as bad practice from programming point of view. Using a SMTP/IMAP solution is better because it optimizes this process.
A little bit down on tech stuff I see your questions about delivery. Well, as I said, you have some ways to ensure you emails list is good enough. But what if another exception occurs, like having a blackout + no-break failures on customer server?
Well, PHP keeps the status of "asking mail server to send, mail server sent". If the mail server sent your message, PHP will return true. Period.
If client was unable to receive, or reject, you should check email headers and email status. These are on email server. Once again, these informations can be accessed with SMTP/POP/IMAP extensions, not with mail function.
If you wanna go further, read IMAP docs, search for email classes (phpclasses.org, pear and pecl are best places to look into).
Extra tip: RFCs can be useful, as you can understand better what email servers really talks to each other.
Extra tip 2: Access you gmail or ymail and check for your sent/received messages for their "full version" and read its headers. You can learn a lot with them.
Via SMTP Authentication: http://www.cyberciti.biz/tips/howto-php-send-email-via-smtp-authentication.html
Just use PHP Mail and study IMF and how to build custom headers you can attach the fourth parameter, exmaple follows
<?php
// multiple recipients
$to = 'aidan#example.com' . ', '; // note the comma
$to .= 'wez#example.com';
// subject
$subject = 'Birthday Reminders for August';
// message
$message = '
<html>
...
</html>
';
// To send HTML mail, the Content-type header must be set
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
// Additional headers
$headers .= 'To: Mary <mary#example.com>, Kelly <kelly#example.com>' . "\r\n";
$headers .= 'From: Birthday Reminder <birthday#example.com>' . "\r\n";
$headers .= 'Cc: birthdayarchive#example.com' . "\r\n";
$headers .= 'Bcc: birthdaycheck#example.com' . "\r\n";
// Mail it
mail($to, $subject, $message, $headers);
?>
Source: http://php.net/manual/en/function.mail.php
create a mail queue subsystem which might include tables such as mail_queue, mail_status, mail_attachments, mail_recipients and mail_templates etc...
You might consider PHPMailer
http://phpmailer.worxware.com/index.php?pg=exampleasendmail
You can add multiple recipients and a special callback function for handling the returning messages for every single mail sent. (for an example visit the link)
I Don't think that catching a "mail delivery failed" error mail is possible via php except that you are using PHPMailer via SMTP and once in a while watch for any returning message form any recipient in from your outgoing email collection.
I have a classifieds website, and on each classifieds page, there is a form for tipping a friend where you just enter the persons email-adress and the tip will then be sent. The form is submitted to tip.php where all "magic" happens with checking and sanitizing etc etc...
Lastly I use php:s mail() function to send the email from tip.php...
Now, I wouldn't want spam-bots and automated robots etc to send mail and blacklist my server.
What should I do?
One method which I would rather NOT use is logging IP:adresses of senders in a table (MySql) and then allow only x emails per sender.
As I said, the above solution is nothing I would prefer, there must be an easier way.
Is there any method you know of?
Is there any application to install maybe, on a linux server which does the job?
Thanks
I would say that the most used method would be captcha. This will ensure that the one that sends the email is a man, but everything can be cracked. So I would recommend to find a really good one, just type captcha into google and you are good to go. Also you can use another method/thing to make it more viable, e.g. some question that can be answered a simple mathematical problem, etc.
I think you should do something in the form which makes it difficult for robots to submit rubbish into it.
Either a piece of Javascript which robots don't run (Hint: The usually don't) or if you MUST, a captcha.
You should definitely monitor the use of this facility, as well as monitoring outbound messages, message queues, and watch for bounced mail though.
Quite a lot of web spam seems to come from humans who are paid to submit rubbish into peoples' forms, which is difficult to block.
You can of course, also use something like Akismet - an API where you can ask them to spam-scan form input; I'm sure its licence terms are very reasonable and if spam is a real problem, paying for it will be acceptable to management (using Akismet is much cheaper than paying expensive developers to write and maintain an in-house anti-spam system)
Unless its a paid for service or you can restrict the recipients to a pre-approved list and can establish the bona fides of the users I would strongly recommend you don't do this. However...
Do have a look at spamassassin - but remember that one of its most important metrics is the Bayesian filtering engine - which needs to be trained using heuristics (but you can run spamassassin for your incoming mail and copy the database to your webserver).
Do make sure that you only allow authenticated customers (with an authenticated email) to use the facility, and limit the rate at which they can send messages (and the number of recipients) using a dead-man's lever.
C.
I am using php and mysql.
I am going to send 10k++ (ten thousands plus) emails to update my subscribers, and this is the first time I am going to send them. I will use php mail function, basically here is what I will do:
First get the data from database:
Select name, email FROM data
After that, using while loop to send the data:
while($r = mysql_fetch_assoc($exe)){
...
if($mail){
echo "success<br>";
} else {
echo "failed<br>";
}
}
echo "Sent all";
I include the if.. else statement, to ensure that each email is sent successfully. Is there anything I need to take care of? Will I have any problems when SENDING TO 10K++ users?
Is there a limit of numbers of emails that you are going to sent?
Please be aware of this note from the mail documentation:
Note: It is worth noting that the mail() function is not suitable for larger volumes of email in a loop. This function opens and closes an SMTP socket for each email, which is not very efficient.
For the sending of large amounts of email, see the » PEAR::Mail, and » PEAR::Mail_Queue packages.
No limit to the emails number, but there is the time limit of the PHP script. See the max_execution_time set in your php.ini, typically it's 20 or 30 seconds. If you don't know that, use phpinfo() to find it out.
Moreover, you should take some steps to prevent users from getting too much emails. You should mark them as sent, so they don't receive double posts if you accidentally start the script twice.
Other than that, you should note that php's mail function is inherently not optimized at all. You could try some libraries, like phpmimemessage or any other, which will allow you do to some caching, for example, among many other features.
You should build a queue of emails sent/failed, so you can try to resend failed attempts and avoid re-sending emails if something should go wrong.
Do not create a loop that tries to send 10k emails via mail()
Also, the most likely limit you'll hit will be that of the mail server of your ISP or host.
You may also want to look at setting up a "real" mailing list tool, such as mailman, or at least using alias groups (if possible).
Also, see the related questions on serverfault: https://serverfault.com/questions/67154/sending-an-email-to-about-10k-users-not-spam, where PHPlist is mentioned, along with others. And here - https://serverfault.com/questions/68357/whats-the-best-way-to-send-bulk-email.
You can use pear::Mail_Queue http://pear.php.net/package/Mail_Queue/
It will really do a good job.