I've git a problem with an registration script of my login.
This script handles the registration information of the user and saves them.
Additional an email is send to this person, in order to verify his emailaddress.
The problem is that this email is markes as a phishing email by thunderbird.
//send verify email
$sender = "test#example.de";
$empfaenger = $email;
$betreff = "Welcome";
$mailtext = "Thank you for your registration.
Please go to this site and enter your
activationcode in order to verify your email-address";
mail($empfaenger, $betreff, $mailtext, "From: $sender\n" . "Content-Type:
text/html; charset=iso-8859-1\n")
If I delete the link
<a> href=\"http://validatingsite.de\">this site</a>
the email is not marked and everything is okay.
Anybody an idea how to solve my problem?
Do I add the link correctly in the email?
That's Thunderbird behaving as designed: https://support.mozillamessaging.com/en-US/kb/thunderbirds-scam-detection#w_thunderbirds-automatic-scam-filtering
Note the first bullet in their list of items that will trip the phishing detection: links with numerical server names (http://127.0.0.1/)
Related
This question already has answers here:
PHP mail function doesn't complete sending of e-mail
(31 answers)
Closed 6 years ago.
I'm using a basic script on a 1&1 hosted server:
$recipient = "email#domain.com";
$sender_name = $_POST['name'];
$sender_email = $_POST['email'];
$subject = $_POST['subject'];
$message = $_POST['message'];
$headers = "MIME-Version: 1.0"."\r\n";
$headers .= "Content-type:text/html; charset=UTF-8"."\r\n";
$headers .= "From: {$sender_name} <{$sender_email}>"."\r\n";
$headers .= "Reply-to: {$sender_name} <{$sender_email}>"."\r\n";
mail($recipient, $subject, $message, $headers);
..but for some reason am not receiving any emails, nor any errors as per PHP mail() function not sending email instructs.
I thought this may be a server issue but 1&1 states that it is fully supported. I've also sent emails from this server/hosting before using just a recipient, subject and body and so I'm rather unsure as to why it is not working now!
UPDATE
Sending without headers, i.e.:
mail($recipient, $subject, $message);
..does work, so it would appear to be an issue with using the headers?
There may be many reasons, for example you should study what SPF is.
The $sender_email can't be any address, for example you can't put a gmail address and send emails claiming to be that sender, without any authentication, you aren't allowed to send email on behalf on that address, because I could for example send emails putting your address in the from, pretenting to be you when I'm not (I tried to use simple words)
You should use in the From something ending in #yourdomain.com, and set up SPF to allow your server's IP to send emails for that domain. OR otherwise send emails through SMTP (with PHPmailer, for example, it's very easy)
Errors in header does affect the mail delivery. if you send email with wrong headers, for example, let's say the email of the user is user#email.com and his name is "user user", and you send the email to user#email.com it might cause the email to go in spam or not accepted at all if it doesn't match on server.
Gmail, for one, has a name associated with every email id. if you put a wrong name with the email, there's a chance the email might not show up in inbox or sometimes even spams.
"But in the link I attached the example given uses a 'from' header set by a form input?"
if you want your users to be able to send email to you, best idea would be to use your own email address as the sender email. E.g. if your website is at website.com, configure an email like "contact#website.com" and configure your script to use this as From header, you can send it to your own email at the same domain(website.com) or any other email which you authorize. You can add the users's actual details in the mail. that'll ensure the successful delivery of the email always.
The question in the title is one of the three i have. So let's give more details about them.
1st How to send email to oneself ?
I have a contact form in my website, from which users can send emails to me. I'm using the mail function of PHP to do so. I was wondering how to send email to my own email address, which will more likely be for example : myname#mydomainname.com
Is this even a good idea ? Or maybe storing incoming emails in a sql table contact is better ?
2nd How to answer emails received ?
Now that i received emails according to question 1, how do i respond ? i mean from which email address (or account) ? and i don't know if i am right, but it seems that my main email address has to stay unknown for users to avoid spamming or direct contacting instead of using contact form. So the hidden part of the question is how to keep my email address hidden when sending emails. I know in php i can add the : Reply-To: myname <noreply#mydomainname.com> to the header.
But in this particular case, i'll be responding from the real account and not php.
3rd how to hide my email when sending links to reset password / welcome mails (php) ?
I feel this question should've came before 2nd one. And you may notice that i answered myself with the noreply header tip. however i'm not sure of my own answer since i haven't tried it yet. My actual code should look like this :
$headers = array();
$headers[] = "MIME-Version: 1.0";
$headers[] = "Content-type: text/plain; charset=iso-8859-1";
$headers[] = "To: ".$username." <".$email.">";
$headers[] = "From: domainname <somename#domainname.com>";
$headers[] = "Reply-To: domainname <noreply#domainname.com>";
$headers[] = "X-Mailer: PHP/".phpversion();
mail($to, $subject, $message, implode("\r\n", $headers));
Is it sufficient to keep my email address hidden from the recipient ?
thank's in advance.
To send email address from using domain, update $headers[] = "From: your_domain_name<somename#your_domain_name.com>"; If you you want to track you can store the mail information in a table. Otherwise there is no need to store it.
Answering email dynamically is not possible. If you want you can store the email that is sent and then create a page containing the email content with a button to give you the option to add a reply. On clicking the button, system will use php mail() to send it to the particular email id.
user can view the email id that the email is sent from, If you don't want to show your name, you can use 'noreply#domain.com' or admin#domain.com' such name.
I have a contact form where you specify the contact Information along with your email id. Once the form is sent it comes to my Inbox. The mail specifies the Information supplied by the user. I would like the sender of the contact form to receive a read receipt once I open the email.
This is what I have done so far
$name=$_POST['name'];
$email_address = $_POST['email'];
$subject='Contact Form Replies';
$phone=$_POST['phone'];
$message=$_POST['msg'];
$body = "You have received a new message. ".
" Here are the details:\n Name: $name \n ".
"Email: $email_address\n Phone Number: $phone \n Message: $message \n ";
$headers = 'From: ' .$email_address. ''.
$headers .= 'X-Confirm-Reading-To: '.$email_address. '';
mail('xyz#gmail.com', $subject, $body,$headers))
?>
Now as per this code the mail gets successfully delivered to my Inbox. But once I open the mail, the read receipt does not go to the sender. Kindly advice on how I can overcome this Issue
Most email (web) clients disable any ability for the sender to check if an email is opened. They disable JavaScript, disable external sources so this is only possible with a own email server where users all use the same software such as outlook to have a reliable result.
However one possible way is to add an HTML image linking to image.php?receit=1234 and let that load up a php script that returns a tracking pixel. Now you know the email is opened and the user clicked the button to show all images.
I have a php forum which has 50 users and i am wondering how i can exchange emails between members without revealing their real gmail email addresses.The forum works this way.A user 'A' opens a contact form and writes and email and sends it to user 'B'.The email sent is received by user 'B' but does not reveal the real email address of user 'A'.When user 'B' replies,user 'B's' email is not attached anywhere in the email.
Are their existing solutions for this kind of thing.
Have a look at the PHP mail() function.
$to = 'send_to#gmail.com';
$subject = 'Some message subject';
$message = 'Oi, what\'s up?';
$headers = "From: Bob < some_other_email#gmail.com>\r\n";
mail($to, $subject, $message, $headers);
When a user subscribes to my newsletter via their email address, using php, how would I send them an 'Activation Link' via email to confirm it is their email address and not a fake one.
so at the moment I have
PHP:
<?php
$to = "recipient#example.com";
$subject = "Hi!";
$body = "Hi,\n\nHow are you?";
if (mail($to, $subject, $body)) {
echo "<p>Message successfully sent!</p>";
} else {
echo "<p>Message delivery failed...</p>";
}
?>
I guess i would change the $body to this:
$body = "Please click the link to activate your email \n
http://www.activationlink.com?";
How would I make it so that if a user clicked that link it would add their details to the Mysql database recognising they are a legitimate subscriber?
Any help or suggestions appreciated. Thanks
Quick google search result
http://www.learnphponline.com/scripts/email-activation-for-php-forms
basically you need to create a subscriber table and have a boolean flag call verified, of coz store the email address in that table
ok i would try to suggest you some thing which happens while signup on most of sites today.
what happens is that when you enter your user name and password it says
"An email is sent to your location.....(something like this)" what we do is that before sending email we save that username and password in the DB but make there status inactive.
So when users click the link and they get the relevent site, all needed then is to verify the code and change status.
So some what similar you have to add the email to your DB and then send some email. In that case it will be easy for you handle your current problem.
Use the http://en.wikipedia.org/wiki/Message_authentication_code (MAC) approach. You should have a secret key. Use the key and user's email to generate SHA1 hash. Then produce an activation link which includes user's email and the hash. After you receive a click from the link, you do the same - use the same secret key, take the email from the link, generate hash and compare it with provided in the link. If it does match, then it means the e-mail address is confirmed.
Also, together with email you could include some more info (e.g. timestamp to make links expire-able), all info could be authenticated with the MAC approach.
You don't need store any information in a database, as in answer from #Tommy.