I have suspicious message-id header of email sent by php to gmail account:
Message-Id: <5100054f.a489440a.5d93.6a70SMTPIN_ADDED_MISSING#mx.google.com>
Could you please tell does it have this strange format and what SMTPIN_ADDED_MISSING means here? Examples I saw in the internet had format something like this containing sending domain but my message id doesn't contain it for some reason:
38D1C1FD-3C35-4568-925C-FC46CAC0DE8A#sendinghost.com
I don't think I set this header in Zend_Mail. What generates this headers? Do you see any issues with this header?
A proper outbound email client should be generating the Message-ID header when the email is sent. Google is being 'nice' and generating it for you when the message passes through its email system, but most won't, and most spam filters will take this missing header as an indication that the message is more likely to be spam. Any malformed or missing headers will add to the "spam score".
It is not difficult to generate, all that is required is that it is unique per-message:
$message-id = time() .'-' . md5($sender . $recipient) . '#' $_SERVER['SERVER_NAME'];
Or
$message-id = time() .'-' . md5($sender . $recipient) . '#yourdomain.com';
Gives:
1358961017-677533f745f613447d06de25e7fa4d32#yourdomain.com
Google SMTP generates it if missing. This header must be set by the first SMTP server. So you do not generate it - google does. It is used to prevent multiple delivery and to link related messages together.
It is not required to set message id header, but it's like a good practice for most (but not all, only configured) smtp to add (may be fix) this header. So to avoid generation of this header by others you can generate it by yourself.
This one works for me (I also added a 'Date' line to the header because it was a spam issue to me as well). Based on this peace of code.
Here's my PHP array approach (using Pear's Mail and Mime libraries):
$headers = array(
'From' => $from,
'Subject' => $subject,
'To' => $to,
'Cc' => '',
'Date' => date('r'),
'Message-ID' => sprintf("<%s.%s#%s>",
base_convert(microtime(), 10, 36),
base_convert(bin2hex(openssl_random_pseudo_bytes(8)), 16, 36),
'yourdomain.com')
);
Note that using $_SERVER['SERVER_NAME'] instead of literally 'yourdomain.com' won't work in php cli as commented out by Oleg on another answer.
I am using same MessageId to track the exchanged messages.
I fix the MessageId with:
$mail->MessageID =sprintf('<%s#%s>', $myMessageID, 'myserver');
tl;dr; Do not use port 25 when sending email instead use port 587
When I was sending outbound email from my custom created golang email client using port 25 to my local postfix server with destination email address either gmail or google gsuite adddress I was seeing
Message ID <5be55db9.1c69fb81.d0444.d894SMTPIN_ADDED_MISSING#mx.google.com>
as viewed from destination email adddress in gmail Show Original ... However since I am using full TLS certs in both my golang email client and local postfix server, when I replace using port 25 with the secure port 587 in my outbound email client (postfix was already using TLS certs) then I get the proper
Message ID <20181109163255.F164D8E9588#mail.myexample.com>
NOTE - at no time am I defining an email header message-id infact the golang repo I'm using does not have an api call to define that header
You missed the '<' and '>' brackets.
Related
I am using PHPMailer6.2.0 and I am having issues setting the return path.
I have added the custom header via PHPmailer function addCustomHeader()
$mail->addCustomHeader("Return-Path", $fromemail);
and for debugging I have printed out the header content in \PHPMailer\PHPMailer.php function mailSend($header, $body) on line 1794;
var_export($header);
die();
this prints out the header content before it will be sent and it verifies that the custom header return-path is set correctly, however in action, when i receive an email to my outlook, the header return path callbacks to the domains default email user#domain.com. Perhaps this is not the last place before the email is sent and it gets lost later on?
I am using DirectAdmin as my server manager
Stop right there! Senders should not set a return-path header. That header is added by the receiver, and what goes into it is dependent on the SMTP envelope sender, the address that's used in the SMTP MAIL FROM command that delivered the message. Setting this header as a sender is a straightforward contravention of the RFCs. So what should you do instead? Set the envelope sender, and in PHPMailer you do that like this:
$mail->Sender = $fromemail;
Even when you do this, whether the server your'e sending through will accept it is a different matter. For example gmail will not allow you to use anything other than your account username address or predefined aliases, not arbitrary addresses.
Have you seen the comment above in mailSend function?
The sender gets turned into a return-path header by the receiver!
<?php
$params = null;
//This sets the SMTP envelope sender which gets turned into a return-path header by the receiver
//A space after `-f` is optional, but there is a long history of its presence
//causing problems, so we don't use one
//Exim docs: http://www.exim.org/exim-html-current/doc/html/spec_html/ch-the_exim_command_line.html
//Sendmail docs: http://www.sendmail.org/~ca/email/man/sendmail.html
//Qmail docs: http://www.qmail.org/man/man8/qmail-inject.html
//Example problem: https://www.drupal.org/node/1057954
// CVE-2016-10033, CVE-2016-10045: Don't pass -f if characters will be escaped.
if (!empty($this->Sender) && static::validateAddress($this->Sender) && self::isShellSafe($this->Sender)) {
$params = sprintf('-f%s', $this->Sender);
}
I do not think you should set the return-path header by yourself. I believe PHPMailer uses the sender to handle this automatically. But correct me if i am wrong.
When I send an email using phpmailer to gmail, and I look the email source, I see the following next to the "from" field:
"Using PHPMailer 6.1.7 (https://github.com/PHPMailer/PHPMailer)"
For security reasons I'd prefer to remove that if it's possible, but I don't know if this is Gmail being smart or phpmailer appending it to every email message I send.
How can I remove it?
Thanks
This appears in the X-Mailer header. As per the docs, you can remove this header altogether by setting it to a space, like this:
$mail->XMailer = ' ';
If it's appearing somewhere else, I'll need to see the rest of your code and the headers of a message you've received in gmail.
I am sending an e-mail from my php code when certain events occur (i.e., someone posts a reply to a message on my message board). I used this simple code:
mail (me#aol.com, 'Someone Just Posted a Reply.', 'Check the message board, because someone just posted a reply.');
The code executes and I do receive an e-mail. The problem is that when I get the e-mail, the "from" line in the e-mail gives away my cpanel login for my GoDaddy hosting account. I cannot seem to find anything on GoDaddy's site that explains how to disguise this or change this to just reflect the name of my website rather than give away my login to all users every time I send a push notification.
You have to use the headers in the PHP's mail() function's additional_headers parameters to add more stuff, but this may possibly cause deliverability issues.
This is typically used to add extra headers (From, Cc, and Bcc). Multiple extra headers should be separated with a CRLF (\r\n). If outside data are used to compose this header, the data should be sanitized so that no unwanted headers could be injected.
With above being said, your updated code should look something like:
<?php
$headers = array(
'From' => 'webmaster#example.com', // Add your from address.
'Reply-To' => 'webmaster#example.com', // Add your reply to address.
'X-Mailer' => 'PHP/' . phpversion() // Optional stuff.
);
mail(
"me#aol.com",
"Someone Just Posted a Reply.",
"Check the message board, because someone just posted a reply.",
$headers // This way
);
Note: Make sure the above code is written in a single line. 😇
I am using Swift Mailer to check for bounced messages. I have created one separate account for bounce messages, however when I set the return path, it does not allow the bounce message send to that account. Is it normal or is it a code error?
$verp = 'bounces-' . str_replace('#', '=', $row['ReplyTo']) . '#gmail.com';
$message = Swift_Message::newInstance()
->setSubject($row['Subject'])
->setFrom(array($row['ReplyTo'] => $row['FromName']))
->setReturnPath($verp)
->setBody($html, 'text/html')
->addPart($txt, 'text/plain');
I am now using VERP, it seems that it is to locate a delivery error? But not for sending the message to a bounce mail account?
Yes, that is normal. When sending email through Gmail's SMTP servers, it will force the return-path to be the account you are sending from.
Your only solution is to search for a provider which allows you to set the return-path.
It's not a gmail issue, it's a requirement of the SMTP specification, as defined in RFC 5321 section 4.4:
A message-originating SMTP system SHOULD NOT send a message that already contains a Return-path header field.
It also says that while SMTP systems should not inspect message content at all (i.e. they don't look at headers), a gateway from some other context to SMTP SHOULD remove any return-path header. In short, if you're adding a return-path header yourself, you're doing it wrong.
The return-path header you see in a received message is created by the receiver, not the sender, and is derived from the SMTP MAIL FROM command used to deliver the message. This address need not to have anything in common with the From address header within the message, and designates where the message should be sent to in the event of a delivery failure, i.e. exactly what you want the VERP address for.
I don't know about SwiftMailer, but in PHPMailer you can set the SMTP envelope sender value by setting the Sender property, and a receiver will convert that into a return-path message header on reception.
For some reason the php mail() function is not working properly on a site I am building. I tried to troubleshoot the issue down to its simplest form, and came up with this file:
<?php
mail('myEmail#gmail.com', 'the subject', 'the message', 'From: webmaster#example.com', '-fwebmaster#example.com');
?>
when myEmail is a Gmail account, I never receive the message. However when I use a non-gmail account, I do receive the message. I am at a loss and have tried everything to figure this out. I am starting to think it is an obscure host/server issue. You can see the server specs here: http://aopmfg.com/php.php
Any ideas?
EDIT - let me also add that this was all working fine a few weeks ago, the last time I tested it. No significant code changes since then at all.
EDIT 2 - After reading a similar post I tried adding From and Reply-To headers... still no luck. New code:
<?
$headers = 'From: <some#email.com>' . "\r\n" .
'Reply-To: <some#email.com>';
mail('<myEmail#gmail.com>', 'the subject', 'the message', $headers,
'-fwebmaster#example.com');
?>
It turns out that Google blocked my server because another site on the same server was hacked and used for spam.
To test and ensure that it was a problem with the server, I created a simple PHP file that would send an email to my email address on page refresh. It worked when I sent to my exchange-based email address, but not to any Google-related accounts.
Code:
$headers = 'From: <test#test.com>' . "\r\n" .
'Reply-To: <test#test.com>';
mail('<myEmail#gmail.com>', 'the subject', 'the message', $headers,
'-fwebmaster#example.com');
?>
Thanks for the help all.
Try putting <> around the From and Reply to addresses. I had that same problem with work emails.
I had a similar problem with gmail. However my subject title was "See if you have won". When I changed this to something less marketing/spammy, it came through. So it's not always the PHP code who is causing this, but it can be the subject title as well which is blacklisted.
I was having the same problem. But when I checked my C:\xampp\mailoutput folder, the mail sent was received in this folder. Now please check and do the needful. It was sent in my testing local server. If it is sent on the real server, that may be on your hosting server and you have to check through site hoster
I have found that adding SPF and DKIM records to DNS solved the problem. I can use the phpmail() function to send to a list of Gmail subscribers.
The domain in the email used in the -f option in the php.ini sendmail parameter or in the mail() extra parameters field, needs to have a valid SPF record for the domain.
You should also use a domain key or DKIM. The trick here is that the domain key/DKIM is case sensitive!
After updating the records the mails get delivered to Gmail, Yahoo and AOL addresses.
Read the source here. Comments by ABOMB
https://www.php.net/manual/en/function.mail.php#107321
I had the same problem. I was using a BCC email address to record the messages sent. This is an advantage as if gmail or hotmail blocked the mail then the BCC was also blocked.
I created an SPF record and that did not help on its own though is probably a good idea.
What did seem to help me was putting the email addresses in <> and adding a reply to entry in the header.
$headers = 'From: <test#test.com>' . "\r\n" .
'BCC: <fred#test.com>' . "\r\n" .
'Reply-To: <test#test.com>';
mail('<myEmail#gmail.com>', 'the subject', 'the message', $headers);
gmail canceled the less secure app option .
so now you need to generate a powerfull gmail password that gives who use this password to enter your account without any problem . follow my steps .
1.First go to your google account management and go to security.
2.Make sure your 2-step verification are enabled To your phone or whatever.
3.Then go to search in the gmail manager then search for : app passwords.
4. Select other in the select app dropdown menu, and named whatever you like.
5 then click generate, google will give you a password. make sure you copy it and save it somewhere else.
instead using your real google account password in PHPMailer or laragon etc.. setting, use the password you just generate.
The problem is the BCC option, remove the BCC or -f email, and that's all.